Define your index patterns
editDefine your index patterns
editIndex patterns tell Kibana which Elasticsearch indices you want to explore. An index pattern can match the name of a single index, or include a wildcard (*) to match multiple indices.
For example, Logstash typically creates a
series of indices in the format logstash-YYYY.MMM.DD
. To explore all
of the log data from May 2018, you could specify the index pattern
logstash-2018.05*
.
Create your first index pattern
editFirst you’ll create index patterns for the Shakespeare data set, which has an
index named shakespeare,
and the accounts data set, which has an index named
bank
. These data sets don’t contain time series data.
- Open the menu, then go to Stack Management > Kibana > Index Patterns.
- If this is your first index pattern, the Create index pattern page opens. Otherwise, click Create index pattern.
-
In the Index pattern field, enter
shakes*
. - Click Next step.
-
Select the Time Filter field name, then click Create index pattern.
You’re presented a table of all fields and associated data types in the index.
-
Return to the Index patterns page and create a second index pattern named
ba*
.
Create an index pattern for the time series data
editCreate an index pattern for the Logstash index, which contains the time series data.
-
Define an index pattern named
logstash*
. - Click Next step.
- From the Time Filter field name dropdown, select @timestamp.
- Click Create index pattern.
When you define an index pattern, the indices that match that pattern must
exist in Elasticsearch and they must contain data. To check which indices are
available, open the menu, then go to Dev Tools > Console and enter GET _cat/indices
. Alternately, use
curl -XGET "http://localhost:9200/_cat/indices"
.