maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/docs/management/index-patterns.asciidoc
Kaarina Tungseth c84532aade
[DOCS] Dashboard-first docs refresh (#76194) 
* [DOCS] Dashboard-first refresh

* Fixes broken links and partinto error

* Fixes images in panel table

* Fixes broken links

* Fixes broken drilldowns link

* Fixes images and table

* Removed un needed files and added edit content

* Update docs/getting-started/tutorial-visualizing.asciidoc

Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>

* Review comments

* Review comments

* Removed blocks

* Typo fix

* Update docs/getting-started/tutorial-sample-data.asciidoc

Co-authored-by: Wylie Conlon <wylieconlon@gmail.com>

* Update docs/getting-started/tutorial-discovering.asciidoc

Co-authored-by: Wylie Conlon <wylieconlon@gmail.com>

* Update docs/getting-started/tutorial-sample-data.asciidoc

Co-authored-by: Wylie Conlon <wylieconlon@gmail.com>

* Update docs/getting-started/tutorial-visualizing.asciidoc

Co-authored-by: Wylie Conlon <wylieconlon@gmail.com>

* Update docs/user/dashboard/edit-dashboards.asciidoc

Co-authored-by: Wylie Conlon <wylieconlon@gmail.com>

* Update docs/user/dashboard/dashboard.asciidoc

Co-authored-by: Wylie Conlon <wylieconlon@gmail.com>

* Update docs/user/dashboard/dashboard.asciidoc

Co-authored-by: Wylie Conlon <wylieconlon@gmail.com>

* Update docs/user/dashboard/aggregation-reference.asciidoc

Co-authored-by: Wylie Conlon <wylieconlon@gmail.com>

* Review comments

Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
Co-authored-by: Wylie Conlon <wylieconlon@gmail.com>
2020-09-03 16:34:25 -05:00

101 lines
4.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[[index-patterns]]
== Create an index pattern
To explore and visualize data in {kib}, you must create an index pattern.
An index pattern tells {kib} which {es} indices contain the data that
you want to work with.
Once you create an index pattern, you're ready to:
* Interactively explore your data in <<discover, Discover>>.
* Analyze your data in charts, tables, gauges, tag clouds, and more in <<dashboard, Dashboard>>.
* Show off your data in a <<canvas, Canvas>> workpad.
* If your data includes geo data, visualize it with <<maps, Maps>>.
[float]
[[index-patterns-read-only-access]]
=== [xpack]#Read-only access#
If you have insufficient privileges to create or save index patterns, a read-only
indicator appears in Kibana. The buttons to create new index patterns or save
existing index patterns are not visible. For more information, see <<xpack-security-authorization>>.
[role="screenshot"]
image::images/management-index-read-only-badge.png[Example of Index Pattern Management's read only access indicator in Kibana's header]
[float]
[[settings-create-pattern]]
=== Create an index pattern
When you don't have an index pattern, {kib} prompts you to create one. Or, you can open the menu,
then go to *Stack Management > {kib} > Index Patterns* to go directly to the *Index Patterns* UI.
[role="screenshot"]
image:management/index-patterns/images/rollup-index-pattern.png["Menu with rollup index pattern"]
[float]
==== Standard index pattern
Just start typing in the *Index pattern* field, and {kib} looks for
the names of {es} indices that match your input. Make sure that the name of the
index pattern is unique.
[role="screenshot"]
image:management/index-patterns/images/create-index-pattern.png["Create index pattern"]
Your index pattern can match multiple {es} indices.
Use a comma to separate the names, with no space after the comma. The notation for
wildcards (`*`) and the ability to "exclude" (`-`) also apply
(for example, `test*,-test3`).
If {kib} detects an index with a timestamp, youre asked to choose a field to
filter your data by time. If you dont specify a field, you wont be able
to use the time filter.
[float]
[[rollup-index-pattern]]
==== Rollup index pattern
If a rollup index is detected in the cluster, clicking *Create index pattern*
includes an item for creating a rollup index pattern.
You can match an index pattern to only rolled up data, or mix both rolled
up and raw data to explore and visualize all data together.
An index pattern can match
only one rollup index. When matching multiple indices,
use a comma to separate the names, with no space after the comma.
For specific fields, the data in a rollup index includes only summarized metrics.
From the original raw data, you are unable to search any other field.
[float]
[[management-cross-cluster-search]]
==== {ccs-cap} index pattern
If your {es} clusters are configured for {ref}/modules-cross-cluster-search.html[{ccs}], you can create
index patterns to search across the clusters of your choosing. Using the
same syntax that you'd use in a raw {ccs} request in {es}, create your
index pattern with the convention `<cluster-names>:<pattern>`.
For example, to query {ls} indices across two {es} clusters
that you set up for {ccs}, which are named `cluster_one` and `cluster_two`,
you would use `cluster_one:logstash-*,cluster_two:logstash-*` as your index pattern.
You can use wildcards in your cluster names
to match any number of clusters, so if you want to search {ls} indices across
clusters named `cluster_foo`, `cluster_bar`, and so on, you would use `cluster_*:logstash-*`
as your index pattern.
To query across all {es} clusters that have been configured for {ccs},
use a standalone wildcard for your cluster name in your index
pattern: `*:logstash-*`.
Once an index pattern is configured using the {ccs} syntax, all searches and
aggregations using that index pattern in {kib} take advantage of {ccs}.
[float]
[[reload-fields]]
=== Manage your index pattern
To drill down into the fields and associated data types in an index pattern,
click its name in the *Index patterns* overview page.
For more information, refer to <<managing-fields, Index Patterns and Fields>>.
Reference in a new issue View git blame Copy permalink