Index Patterns
editIndex Patterns
editTo use Kibana, you have to tell it about the Elasticsearch indices that you want to explore by configuring one or more index patterns. You can also:
- Create scripted fields that are computed on the fly from your data. You can browse and visualize scripted fields, but you cannot search them.
- Set advanced options such as the number of rows to show in a table and how many of the most popular fields to show. Use caution when modifying advanced options, as it’s possible to set values that are incompatible with one another.
- Configure Kibana for a production environment
Creating an Index Pattern to Connect to Elasticsearch
editAn index pattern identifies one or more Elasticsearch indices that you want to explore with Kibana. Kibana looks for
index names that match the specified pattern.
An asterisk (*) in the pattern matches zero or more characters. For example, the pattern myindex-*
matches all
indices whose names start with myindex-
, such as myindex-1
and myindex-2
.
An index pattern can also simply be the name of a single index.
To create an index pattern to connect to Elasticsearch:
- Go to the Settings > Indices tab.
-
Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana guesses that you’re working with log data being fed into Elasticsearch by Logstash.
When you switch between top-level tabs, Kibana remembers where you were. For example, if you view a particular index pattern from the Settings tab, switch to the Discover tab, and then go back to the Settings tab, Kibana displays the index pattern you last looked at. To get to the create pattern form, click the Add button in the Index Patterns list.
- If your index contains a timestamp field that you want to use to perform time-based comparisons, select the Index contains time-based events option and select the index field that contains the timestamp. Kibana reads the index mapping to list all of the fields that contain a timestamp.
- Click Create to add the index pattern.
- To designate the new pattern as the default pattern to load when you view the Discover tab, click the favorite button.
Setting the Default Index Pattern
editThe default index pattern is loaded automatically when you view the Discover tab. Kibana displays a star to the left of the name of the default pattern in the Index Patterns list on the Settings > Indices tab. The first pattern you create is automatically designated as the default pattern.
To set a different pattern as the default index pattern:
- Go to the Settings > Indices tab.
- Select the pattern you want to set as the default in the Index Patterns list.
- Click the pattern’s Favorite button.
You can also manually set the default index pattern in Advanced > Settings.
Reloading the Index Fields List
editWhen you add an index mapping, Kibana automatically scans the indices that match the pattern to display a list of the index fields. You can reload the index fields list to pick up any newly-added fields.
Reloading the index fields list also resets Kibana’s popularity counters for the fields. The popularity counters keep track of the fields you’ve used most often within Kibana and are used to sort fields within lists.
To reload the index fields list:
- Go to the Settings > Indices tab.
- Select an index pattern from the Index Patterns list.
- Click the pattern’s Reload button.
Deleting an Index Pattern
editDeleting an index pattern removes the pattern from the list of Saved Objects in Kibana. You will not be able to recover field formatters, scripted fields, source filters, and field popularity data associated with the index pattern.
Deleting an index pattern breaks all visualizations, saved searches, and other saved objects that reference the pattern. Deleting a pattern does not remove any indices or data documents from Elasticsearch.
To delete an index pattern:
- Go to the Settings > Indices tab.
- Select the pattern you want to remove in the Index Patterns list.
- Click the pattern’s Delete button.
- Confirm that you want to remove the index pattern.