maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/docs/management/managing-indices.asciidoc
Kaarina Tungseth 896b9cddbc
[DOCS] Updates for navigation redesign (#68709) 
* [DOCS] Updates for navigation redesign

* Getting started

* Set up text

* Discover

* Dashboard, Graph, ML, Maps, APM, SIEM, Dev tools

* Dev Tools, Stack Monitoring, Management

* Management

* Final changes

* [DOCS] Updates for navigation redesign

* [DOCS] Updates CCR monitoring screenshots

* updates SIEM screenshot and Cases overview text

* Added Brandon's APM image

* [DOCS] Refines CCR shard screenshot

* Removed merge conflict image file

Co-authored-by: lcawl <lcawley@elastic.co>
Co-authored-by: Ben Skelker <ben.skelker@elastic.co>
2020-06-12 09:39:36 -05:00

199 lines
7.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[role="xpack"]
[[managing-indices]]
== Index Management
*Index Management* enables you to view index settings,
mappings, and statistics and perform index-level operations.
These include refreshing, flushing, clearing the cache, force merging segments,
freezing indices, and more. Practicing good index management helps ensure
that your data is stored in the most cost-effective way possible.
*Index Management* also helps you create index templates. A template reduces
the amount of bookkeeping when working with indices. Instead of manually
setting up your indices, you can create them automatically from a template,
ensuring that your settings, mappings, and aliases are consistently defined.
To manage your indices, open the menu, then go to *Stack Management > {es} > Index Management*.
[role="screenshot"]
image::images/management_index_labels.png[Index Management UI]
If security is enabled,
you must have the `monitor` cluster privilege and the `view_index_metadata`
and `manage` index privileges to view the data.
For index templates, you must have the `manage_index_templates` cluster privilege.
See {ref}/security-privileges.html[Security privileges] for more
information.
Before using this feature, you should be familiar with index management
operations. Refer to the {ref}/indices.html[index management APIs]
and the {ref}/indices-templates.html[index template APIs].
[float]
=== View and edit indices
When you open *Index Management*, youre presented an overview of your configured indices.
Badges indicate if an index is {ref}/frozen-indices.html[frozen],
a {ref}/ccr-put-follow.html[follower index],
or a {ref}/rollup-get-rollup-index-caps.html[rollup index].
Clicking a badge narrows the list to only indices of that type.
You can also filter your indices using the search bar.
You can drill down into each index to investigate the index
{ref}/index-modules.html#index-modules-settings[settings], {ref}/mapping.html[mapping], and statistics.
From this view, you can also edit the index settings.
[role="screenshot"]
image::images/management_index_details.png[Index Management UI]
[float]
=== Perform index-level operations
Use the *Manage* menu to perform index-level operations. This menu
is available in the index details view, or when you select the checkbox of one or more
indices on the overview page. The menu includes the following actions:
* *Close index*. Blocks the index from read/write operations.
A closed index exists in the cluster, but doesn't consume resources
other than disk space. If you reopen a closed index, it goes through the
normal recovery process.
* *Force merge index*. Reduces the number of segments in your shard by
merging smaller files and clearing deleted ones. Only force merge a read-only index.
* *Refresh index*. Writes the operations in the indexing buffer to the
filesystem cache. This action is automatically performed once per second. Forcing a manual
refresh is useful during testing, but should not be routinely done in
production because it has a performance impact.
* *Clear index cache*. Clears all caches associated with the index.
* *Flush index*. Frees memory by syncing the filesystem cache to disk and
clearing the cache. Once the sync is complete, the internal transaction log is reset.
* *Freeze index*. Makes the index read-only and reduces its memory footprint
by moving shards to disk. Frozen indices remain
searchable, but queries take longer.
* *Delete index*. Permanently removes the index and all of its documents.
* *Add lifecycle policy*. Specifies a policy for managing the lifecycle of the
index.
[float]
[[manage-index-templates]]
=== Manage index templates
An index template defines {ref}/index-modules.html#index-modules-settings[settings],
{ref}/mapping.html[mappings], and {ref}/indices-add-alias.html[aliases]
that you can automatically apply when creating a new index. {es} applies a
template to a new index based on an index pattern that matches the index name.
The *Index Templates* view lists your templates and enables you to examine, edit, clone, and
delete them. Changes you make to an index template
do not affect existing indices.
[role="screenshot"]
image::images/management-index-templates.png[Index templates]
If you don't have any templates, you can create one using the *Create template* wizard.
Index templates are applied during index creation,
so you must create the
template before you create the indices.
[float]
==== Example: Create an index template
In this example, youll create an index template for randomly generated log files.
Open the *Create template* wizard, and enter `logs_template` in the *Name*
field. Set *Index pattern* to `logstash*` so the template matches any index
with that index pattern. The merge order and version are both optional,
and you'll leave them blank in this example.
[role="screenshot"]
image::images/management_index_create_wizard.png[Create wizard]
The second step in the *Create template* wizard allows you to define index settings.
These settings are optional, and this example skips this step.
The logs data set requires a
mapping to label the latitude and longitude pairs as geographic locations
by applying the geo_point type. In the third step of the wizard, define this mapping
under the *Mapped fields* tab as follows:
[role="screenshot"]
image::images/management-index-templates-mappings.png[Mapped fields page]
Alternatively, you can click the *Load JSON* link and define the mapping as JSON:
[source,js]
----------------------------------
{
"properties": {
"geo": {
"properties": {
"coordinates": {
"type": "geo_point"
}
}
}
}
}
----------------------------------
You can create additional mapping configurations in the *Dynamic templates* and
*Advanced options* tabs. No additional mappings are required for this example.
In the fourth step, define an alias named `logstash`.
[source,js]
----------------------------------
{
"logstash": {}
}
----------------------------------
A summary of the template is in step 5. If everything looks right, click *Create template*.
At this point, youre ready to use the {es} index API to load the logs data.
In the {kib} *Console*, index two documents:
[source,js]
----------------------------------
POST /logstash-2019.05.18/_doc
{
"@timestamp": "2019-05-18T15:57:27.541Z",
"ip": "225.44.217.191",
"extension": "jpg",
"response": "200",
"geo": {
"coordinates": {
"lat": 38.53146222,
"lon": -121.7864906
}
},
"url": "https://media-for-the-masses.theacademyofperformingartsandscience.org/uploads/charles-fullerton.jpg"
}
POST /logstash-2019.05.20/_doc
{
"@timestamp": "2019-05-20T03:44:20.844Z",
"ip": "198.247.165.49",
"extension": "php",
"response": "200",
"geo": {
"coordinates": {
"lat": 37.13189556,
"lon": -76.4929875
}
},
"memory": 241720,
"url": "https://theacademyofperformingartsandscience.org/people/type:astronauts/name:laurel-b-clark/profile"
}
----------------------------------
The mappings and alias are configured automatically based on the template. To verify, you
can view one of the newly created indices using the {ref}/indices-get-index.html#indices-get-index[index API].
Reference in a new issue View git blame Copy permalink