This commit adds a quickstart tutorial for Kibana 4 to the documentation.

docs/access.asciidoc

@@ -1,13 +1,12 @@
 [[access]]
 == Accessing Kibana
 
-Kibana is a web application that you access through port 5601. All you need to 
-do is point your web browser at the machine where Kibana is running and 
-specify the port number. For example, `localhost:5601` or `http://YOURDOMAIN.com:5601`.
+Kibana is a web application that you access through port 5601. All you need to do is point your web browser at the 
+machine where Kibana is running and specify the port number. For example, `localhost:5601` or 
+`http://YOURDOMAIN.com:5601`.
 
-When you access Kibana, the Discover page loads by default with the default index
-pattern selected. The time filter is set to the last 15 minutes and the search 
-query is set to match-all (\*).
+When you access Kibana, the Discover page loads by default with the default index pattern selected. The time filter is 
+set to the last 15 minutes and the search query is set to match-all (\*).
 
 If you don't see any documents, try setting the time filter to a wider time range.
-If you still don't see any results, it's possible that you don't *have* any documents.
+If you still don't see any results, it's possible that you don't *have* any documents.

docs/area.asciidoc

@@ -65,4 +65,4 @@ Checkboxes are available to enable and disable the following behaviors:
 *Show Tooltip*:: Check this box to enable the display of tooltips.
 *Show Legend*:: Check this box to enable the display of a legend next to the chart.
 *Scale Y-Axis to Data Bounds*:: The default Y axis bounds are zero and the maximum value returned in the data. Check 
-this box to change both upper and lower bounds to match the values returned in the data.
+this box to change both upper and lower bounds to match the values returned in the data.

docs/dashboard.asciidoc

@@ -8,7 +8,7 @@ dashboard to share or reload at a later time.
 image:images/NYCTA-Dashboard.jpg[Example dashboard]
 
 [float]
-[[getting-started]]
+[[dashboard-getting-started]]
 === Getting Started
 
 You need at least one saved <<visualize, visualization>> to use a dashboard.

docs/datatable.asciidoc

@@ -67,4 +67,4 @@ Checkboxes are available to enable and disable the following behaviors:
 *Show metrics for every bucket/level*:: Check this box to display the intermediate results for each bucket aggregation.
 *Show partial rows*:: Check this box to display a row even when there is no result.
 
-NOTE: Enabling these behaviors may have a substantial effect on performance.
+NOTE: Enabling these behaviors may have a substantial effect on performance.

docs/discover.asciidoc

@@ -1,13 +1,18 @@
 [[discover]]
 == Discover
-You can interactively explore your data from the Discover page. You have access to every document in every index that matches the selected index pattern. You can submit search queries, filter the search results, and view document data. You can also see the number of documents that match the search query and get field value statistics. If a time field is configured for the selected index pattern, the distribution of documents over time is displayed in a histogram at the top of the page. 
+You can interactively explore your data from the Discover page. You have access to every document in every index that 
+matches the selected index pattern. You can submit search queries, filter the search results, and view document data. 
+You can also see the number of documents that match the search query and get field value statistics. If a time field is 
+configured for the selected index pattern, the distribution of documents over time is displayed in a histogram at the 
+top of the page. 
 
 image:images/Discover-Start-Annotated.jpg[Discover Page]
 
 [float]
 [[set-time-filter]]
 === Setting the Time Filter
-The Time Filter restricts the search results to a specific time period. You can set a time filter if your index contains time-based events and a time-field is configured for the selected index pattern.
+The Time Filter restricts the search results to a specific time period. You can set a time filter if your index 
+contains time-based events and a time-field is configured for the selected index pattern.
 
 By default the time filter is set to the last 15 minutes. You can use the Time Picker to change the time filter
 or select a specific time interval or time range in the histogram at the top of the page.
@@ -18,13 +23,15 @@ To set a time filter with the Time Picker:
 . To set a quick filter, simply click one of the shortcut links.
 . To specify a relative Time Filter, click *Relative* and enter the relative start time. You can specify
 the relative start time as any number of seconds, minutes, hours, days, months, or years ago.
-. To specify an absolute Time Filter, click *Absolute* and enter the start date in the *From* field and the end date in the *To* field.
+. To specify an absolute Time Filter, click *Absolute* and enter the start date in the *From* field and the end date in 
+the *To* field.
 . Click the caret at the bottom of the Time Picker to hide it. 
 
 To set a Time Filter from the histogram, do one of the following:
 
 * Click the bar that represents the time interval you want to zoom in on.
-* Click and drag to view a specific timespan. You must start the selection with the cursor over the background of the chart--the cursor changes to a plus sign when you hover over a valid start point. 
+* Click and drag to view a specific timespan. You must start the selection with the cursor over the background of the 
+chart--the cursor changes to a plus sign when you hover over a valid start point. 
 
 You can use the browser Back button to undo your changes. 
 
@@ -32,26 +39,38 @@ You can use the browser Back button to undo your changes.
 [[search]]
 === Searching Your Data
 You can search the indices that match the current index pattern by submitting a search from the Discover page.
-You can enter simple query strings, use the Lucene https://lucene.apache.org/core/2_9_4/queryparsersyntax.html[query syntax], or use the full JSON-based http://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html[Elasticsearch Query DSL]. 
+You can enter simple query strings, use the Lucene https://lucene.apache.org/core/2_9_4/queryparsersyntax.html[query 
+syntax], or use the full JSON-based 
+http://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl.html[Elasticsearch Query DSL]. 
 
 When you submit a search, the histogram, Documents table, and Fields list are updated to reflect 
 the search results. The total number of hits (matching documents) is shown in the upper right corner of the
-histogram. The Documents table shows the first five hundred hits. By default, the hits are listed in reverse chronological order, with the newest documents shown first. You can reverse the sort order by by clicking on the Time column header. You can also sort the table using the values in any indexed field. For more information, see <<sorting, Sorting the Documents Table>>.
+histogram. The Documents table shows the first five hundred hits. By default, the hits are listed in reverse 
+chronological order, with the newest documents shown first. You can reverse the sort order by by clicking on the Time 
+column header. You can also sort the table using the values in any indexed field. For more information, see <<sorting, 
+Sorting the Documents Table>>.
 
 To search your data:
 
 . Enter a query string in the Search field: 
 +
-* To perform a free text search, simply enter a text string. For example, if you're searching web server logs, you could enter `safari` to search all fields for the term `safari`.
+* To perform a free text search, simply enter a text string. For example, if you're searching web server logs, you 
+could enter `safari` to search all fields for the term `safari`.
 +
-* To search for a value in a specific field, you prefix the value with the name of the field. For example, you could enter `status:200` to limit the results to entries that contain the value `200` in the `status` field.
+* To search for a value in a specific field, you prefix the value with the name of the field. For example, you could 
+enter `status:200` to limit the results to entries that contain the value `200` in the `status` field.
 +
-* To search for a range of values, you can use the bracketed range syntax, `[START_VALUE TO END_VALUE]`. For example, to find entries that have 4xx status codes, you could enter `status:[400 TO 499]`.
+* To search for a range of values, you can use the bracketed range syntax, `[START_VALUE TO END_VALUE]`. For example, 
+to find entries that have 4xx status codes, you could enter `status:[400 TO 499]`.
 +
 * To specify more complex search criteria, you can use the Boolean operators `AND`, `OR`, and `NOT`. For example,
-to find entries that have 4xx status codes and have an extension of `php` or `html`, you could enter `status:[400 TO 499] AND (extension:php OR extension:html)`.
+to find entries that have 4xx status codes and have an extension of `php` or `html`, you could enter `status:[400 TO 
+499] AND (extension:php OR extension:html)`.
 +
-NOTE: These examples use the Lucene query syntax. You can also submit queries using the Elasticsearch Query DSL. For examples, see http://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#query-string-syntax[query string syntax] in the Elasticsearch Reference.
+NOTE: These examples use the Lucene query syntax. You can also submit queries using the Elasticsearch Query DSL. For 
+examples, see 
+http://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#query-string-syntax[query string syntax] 
+in the Elasticsearch Reference.
 +
 . Press *Enter* or click the *Search* button to submit your search query.
 
@@ -82,7 +101,8 @@ To load a saved search:
 button] in the Discover toolbar.
 . Select the search you want to load.
 
-If the saved search is associated with a different index pattern than is currently selected, loading the saved search also changes the selected index pattern.
+If the saved search is associated with a different index pattern than is currently selected, loading the saved search 
+also changes the selected index pattern.
 
 [float]
 [[select-pattern]]
@@ -111,48 +131,71 @@ Filter] in the upper right corner of the menu bar.
 [float]
 [[field-filter]]
 === Filtering by Field
-You can filter the search results to display only those documents that contain a particular value in a field. You can also create negative filters that exclude documents that contain the specified field value.
+You can filter the search results to display only those documents that contain a particular value in a field. You can 
+also create negative filters that exclude documents that contain the specified field value.
 
-You can add filters from the Fields list or from the Documents table. When you add a filter, it is displayed in the filter bar below the search query. From the filter bar, you can enable or disable a filter, invert the filter (change it from a positive filter to a negative filter and vice-versa), toggle the filter on or off, or remove it entirely.
+You can add filters from the Fields list or from the Documents table. When you add a filter, it is displayed in the 
+filter bar below the search query. From the filter bar, you can enable or disable a filter, invert the filter (change 
+it from a positive filter to a negative filter and vice-versa), toggle the filter on or off, or remove it entirely.
 
 To add a filter from the Fields list:
 
-. Click the name of the field you want to filter on. This displays the top five values for that field. To the right of each value, there are two magnifying glass buttons--one for adding a regular (positive) filter, and 
+. Click the name of the field you want to filter on. This displays the top five values for that field. To the right of 
+each value, there are two magnifying glass buttons--one for adding a regular (positive) filter, and 
 one for adding a negative filter. 
-. To add a positive filter, click the *Positive Filter* button image:images/PositiveFilter.jpg[Positive Filter Button]. This filters out documents that don't contain that value in the field.
-. To add a negative filter, click the *Negative Filter* button image:images/NegativeFilter.jpg[Negative Filter Button]. This excludes documents that contain that value in the field. 
+. To add a positive filter, click the *Positive Filter* button image:images/PositiveFilter.jpg[Positive Filter Button]. 
+This filters out documents that don't contain that value in the field.
+. To add a negative filter, click the *Negative Filter* button image:images/NegativeFilter.jpg[Negative Filter Button]. 
+This excludes documents that contain that value in the field. 
 
 To add a filter from the Documents table:
 
-. Expand a document in the Documents table by clicking the *Expand* button image:images/ExpandButton.jpg[Expand Button] to the left of the document's entry in the first column (the first column is usually Time). To the right of each field name, there are two magnifying glass buttons--one for adding a regular (positive) filter, and one for adding a negative filter. 
-. To add a positive filter  based on the document's value in a field, click the *Positive Filter* button image:images/PositiveFilter.jpg[Positive Filter Button]. This filters out documents that don't contain the specified value in that field.
-. To add a negative filter based on the document's value in a field, click the *Negative Filter* button image:images/NegativeFilter.jpg[Negative Filter Button]. This excludes documents that contain the specified value in that field. 
+. Expand a document in the Documents table by clicking the *Expand* button image:images/ExpandButton.jpg[Expand Button] 
+to the left of the document's entry in the first column (the first column is usually Time). To the right of each field 
+name, there are two magnifying glass buttons--one for adding a regular (positive) filter, and one for adding a negative filter. 
+. To add a positive filter  based on the document's value in a field, click the 
+*Positive Filter* button image:images/PositiveFilter.jpg[Positive Filter Button]. This filters out documents that don't 
+contain the specified value in that field.
+. To add a negative filter based on the document's value in a field, click the 
+*Negative Filter* button image:images/NegativeFilter.jpg[Negative Filter Button]. This excludes documents that contain 
+the specified value in that field. 
 
 [float]
 [[document-data]]
 === Viewing Document Data
-When you submit a search query, the 500 most recent documents that match the query are listed in the Documents table. You can configure the number of documents shown in the table by setting the `discover:sampleSize` property in <<advanced-options,Advanced Settings>>. By default, the table shows the localized version of the time field specified in the selected index pattern and the document `_source`. You can <<adding-columns, add fields to the Documents table>> from the Fields list. You can <<sorting, sort the listed documents>> by any indexed field that's included in the table.
+When you submit a search query, the 500 most recent documents that match the query are listed in the Documents table. 
+You can configure the number of documents shown in the table by setting the `discover:sampleSize` property in 
+<<advanced-options,Advanced Settings>>. By default, the table shows the localized version of the time field specified 
+in the selected index pattern and the document `_source`. You can <<adding-columns, add fields to the Documents table>> 
+from the Fields list. You can <<sorting, sort the listed documents>> by any indexed field that's included in the table.
 
 To view a document's field data:
 
-. Click the *Expand* button image:images/ExpandButton.jpg[Expand Button] to the left of the document's entry in the first column (the first column is usually Time). Kibana reads the document data from Elasticsearch and displays the document fields in a table. The table contains a row for each field that contains the name of the field, add filter buttons, and the field value.
+. Click the *Expand* button image:images/ExpandButton.jpg[Expand Button] to the left of the document's entry in the 
+first column (the first column is usually Time). Kibana reads the document data from Elasticsearch and displays the 
+document fields in a table. The table contains a row for each field that contains the name of the field, add filter 
+buttons, and the field value.
 . To view the original JSON document (pretty-printed), click the *JSON* tab.
-. To view the document data as a separate page, click the link. You can bookmark and share this link to provide direct access to a particular document.
+. To view the document data as a separate page, click the link. You can bookmark and share this link to provide direct 
+access to a particular document.
 . To collapse the document details, click the *Collapse* button image:images/CollapseButton.jpg[Collapse Button].
 
 [float]
 [[sorting]]
 ==== Sorting the Document List
-You can sort the documents in the Documents table by the values in any indexed field. If a time field is configured for the selected index pattern, by default the documents are sorted in reverse chronological order.
+You can sort the documents in the Documents table by the values in any indexed field. If a time field is configured for 
+the selected index pattern, by default the documents are sorted in reverse chronological order.
 
 To change the sort order:
 
-* Click the name of the field you want to sort by. The fields you can use for sorting have a sort button to the right of the field name. Clicking the field name a second time reverses the sort order.
+* Click the name of the field you want to sort by. The fields you can use for sorting have a sort button to the right 
+of the field name. Clicking the field name a second time reverses the sort order.
 
 [float]
 [[adding-columns]]
 ==== Adding Field Columns to the Documents Table
-By default, the Documents table shows the localized version of the time field specified in the selected index pattern and the document `_source`. You can add fields to the table from the Fields list.
+By default, the Documents table shows the localized version of the time field specified in the selected index pattern 
+and the document `_source`. You can add fields to the table from the Fields list.
 
 To add field columns to the Documents table:
 
@@ -171,21 +214,22 @@ image:images/Discover-MoveColumn.jpg[Move Column]
 ==== Removing Field Columns from the Documents Table
 To remove field columns from the Documents table:
 
-. Mouse over the field you want to remove in the *Selected Fields* section of the Fields list and click its *remove* button image:images/RemoveFieldButton.jpg[Remove Field Button].
+. Mouse over the field you want to remove in the *Selected Fields* section of the Fields list and click its *remove* 
+button image:images/RemoveFieldButton.jpg[Remove Field Button].
 . Repeat until you've removed all the fields you want to drop from the Documents table.
 
 [float]
 [[viewing-field-stats]]
 === Viewing Field Data Statistics
-From the field list, you can see how many documents in the Documents table contain a particular field, what the top 5 values are, and what percentage of documents contain each value. 
+From the field list, you can see how many documents in the Documents table contain a particular field, what the top 5 
+values are, and what percentage of documents contain each value. 
 
 To view field data statistics:
 
-* Click the name of a field in the Fields list. The field can be anywhere in the Fields list--Selected Fields,  Popular Fields, or the list of other fields. 
+* Click the name of a field in the Fields list. The field can be anywhere in the Fields list--Selected Fields,  Popular 
+Fields, or the list of other fields. 
 
 image:images/Discover-FieldStats.jpg[Field Statistics]
 
 
 TIP: To create a visualization based on the field, click the *Visualize* button below the field statistics.
-
-

docs/getting-started.asciidoc

@@ -0,0 +1,224 @@
+[[getting-started]]
+== Getting Started with Kibana
+
+Now that you have Kibana <<setup,installed>>, you can step through this tutorial to get fast hands-on experience with 
+key Kibana functionality. By the end of this tutorial, you will have:
+
+* Loaded a sample data set into your Elasticsearch installation
+* Defined at least one index pattern
+* Used the <<discover, Discover>> functionality to explore your data
+* Set up some <<visualize,_visualizations_>> to graphically represent your data
+* Assembled visualizations into a <<dashboard,Dashboard>>
+
+The material in this section assumes you have a working Kibana install connected to a working Elasticsearch install.
+
+[float]
+[[tutorial-load-dataset]]
+=== Before You Start: Loading Sample Data
+
+The tutorials in this section rely on the following data sets:
+
+* The complete works of William Shakespeare, suitably parsed into fields. Download this data set by clicking here: 
+https://www.elastic.co/guide/en/kibana/3.0/snippets/shakespeare.json[shakespeare.json].
+* A set of fictitious accounts with randomly generated data. Download this data set by clicking here: 
+https://github.com/bly2k/files/blob/master/accounts.zip?raw=true[accounts.json]
+
+The Shakespeare data set is organized in the following schema:
+
+[source,json]
+{
+    "line_id": INT,
+    "play_name": "String",
+    "speech_number": INT,
+    "line_number": "String",
+    "speaker": "String",
+    "text_entry": "String",
+}
+
+The accounts data set is organized in the following schema:
+
+[source,json]
+{
+    "account_number": INT,
+    "balance": INT,
+    "firstname": "String",
+    "lastname": "String",
+    "age": INT,
+    "gender": "M or F",
+    "address": "String",
+    "employer": "String",
+    "email": "String",
+    "city": "String",
+    "state": "String"
+}
+
+After downloading the data sets, load them into Elasticsearch with the following commands:
+
+[source,shell]
+$ curl -XPOST 'localhost:9200/bank/account/_bulk?pretty' --data-binary @accounts.json
+$ curl -XPOST 'localhost:9200/play/shakespeare/_bulk?pretty' --data-binary @shakespeare.json
+
+These commands may take some time to execute, depending on the computing resources available.
+
+Verify successful loading with the following command:
+
+[source,shell]
+curl 'localhost:9200/_cat/indices?v'
+
+You should see output similar to the following:
+
+[source,shell]
+health status index               pri rep docs.count docs.deleted store.size pri.store.size
+yellow open   bank                  5   1       1000            0    418.2kb        418.2kb
+yellow open   shakespeare           5   1     111396            0     17.6mb         17.6mb
+
+[float]
+[[tutorial-define-index]]
+=== Defining Your Index Patterns
+
+Each set of data loaded to Elasticsearch has an https://www.elastic.co/guide/en/kibana/current/settings.html#settings-create-pattern[index pattern]. In the previous section, the Shakespeare data set has an index named `shakespeare`, and the accounts 
+data set has an index named `bank`. An _index pattern_ is a regular expression that can 
+match multiple indices. For example, in the common logging use case, a typical index name contains the date in MM-DD-YYYY 
+format, and an index pattern for May would look something like `logstash-05-*`.
+
+For this tutorial, any pattern that matches either of the two indices we've loaded will work. Open a browser and 
+navigate to `localhost:5601`. Click the *Settings* tab, then the *Indices* tab. Click *Add New* to define a new index 
+pattern. Since these data sets don't contain time-series data, make sure the *Index contains time-based events* box is 
+unchecked. Specify `shakes*`  as the index pattern for the Shakespeare data set and click *Create* to define the index 
+pattern, then define a second index pattern named `ba*`.
+
+[float]
+[[tutorial-discovering]]
+=== Discovering Your Data
+
+Click the *Discover* tab to display Kibana's data discovery functions:
+
+image::images/tutorial-discover.png[]
+
+Right under the tab itself, there is a search box where you can search your data. Searches take a specific 
+{ref}/query-dsl-query-string-query.html#query-string-syntax[query syntax] that enable you to create custom searches, 
+which you can save and load by clicking the buttons to the right of the search box.
+
+Beneath the search box, the current index pattern is displayed in a drop-down. You can change the index pattern by 
+selecting a different pattern from the drop-down selector.
+
+Try selecting the `ba*` index pattern and putting the following search into the search box:
+
+[source,text]
+account_number:<100 AND balance:>47500
+
+If you're using the linked sample data set, this search returns 5 results: Account numbers 8, 32, 78, 85, and 97.
+
+image::images/tutorial-discover-2.png[]
+
+To narrow the display to only the specific fields of interest, highlight each field in the list that displays under the 
+index pattern and click the *Add* button. Note how, in this example, adding the `account_number` field changes the 
+display from the full text of five records to a simple list of five account numbers:
+
+image::images/tutorial-discover-3.png[]
+
+[float]
+[[tutorial-visualizing]]
+=== Data Visualization: Beyond Discovery
+
+The visualization tools available on the *Visualize* tab enable you to display aspects of your data sets in several 
+different ways. Visualizations depend on Elasticsearch {ref}/search-aggregations.html[aggregations] in two different 
+types: _bucket_ aggregations and _metric_ aggregations. A bucket aggregation sorts your data according to criteria you 
+specify. For example, in our accounts data set, we can establish a range of account balances, then display what 
+proportions of the total fall into which range of balances.
+
+Click on the *Visualize* tab to start:
+
+image::images/tutorial-visualize.png[]
+
+Click on *Pie chart*, then *From a new search*. Select the `ba*` index pattern. The whole pie displays, since we 
+haven't specified any buckets yet.
+
+image::images/tutorial-visualize-pie-1.png[]
+
+Select *Split Slices* from the *Select buckets type* list, then select *Range* from the *Aggregation* drop-down 
+selector. Select the *balance* field from the *Field* drop-down, then click on *Add Range* four times to bring the 
+total number of ranges to six. Enter the following ranges:
+
+[source,text]
+0            1000
+1000         3000
+3000         7000
+7000        15000
+15000       31000
+31000       50000
+
+Click the green *Apply changes* to display the chart:
+
+image::images/tutorial-visualize-pie-2.png[]
+
+This shows you what proportion of the 1000 accounts fall in these balance ranges. To see another dimension of the data, 
+we're going to add another bucket aggregation. We can break down each of the balance ranges further by the account 
+holder's age.
+
+Click *Add sub-buckets* at the bottom, then select the *Terms* aggregation and the *age* field from the drop-downs. 
+Click the green *Apply changes* button to add an external ring with the new results.
+
+image::images/tutorial-visualize-pie-3.png[]
+
+Save this chart by clicking the *Save Visualization* button to the right of the search field. Name the visualization
+_Pie Example_.
+
+Next, we're going to make a bar chart. Click on *New Visualization*, then *Vertical bar chart*. Select *From a new 
+search* and the `ba*` index pattern, just as you did for the pie chart. You'll see a single big bar, since we haven't
+defined any buckets yet:
+
+image::images/tutorial-visualize-bar-1.png[]
+
+For the Y-axis metrics aggregation, select *Average*, with *age* as the field. For the X-Axis buckets, select the 
+*Range* aggregation and define the same ranges as you did for the pie chart.
+
+Now, click *Add sub-buckets* and *Split Bars* to refine our data. In addition to listing the average age of the 
+accounts in each balance range, we're going to split the bars by the top five states with the highest average ages.
+Select *Terms* as the sub-aggregation, with *state* as the field. Leave the other elements at their default values and 
+click the green *Apply changes* button. Your chart should now look like this:
+
+image::images/tutorial-visualize-bar-2.png[]
+
+Save this chart with the name _Bar Example_.
+
+Finally, we're going to define a sample Markdown widget to display on our dashboard. Click on *New Visualization*, then 
+*Markdown widget*, to display a very simple Markdown entry field:
+
+image::images/tutorial-visualize-md-1.png[]
+
+Write the following text in the field:
+
+[source,markdown]
+# This is a tutorial dashboard! 
+The Markdown widget uses **markdown** syntax.
+> Blockquotes in Markdown use the > character.
+
+Click the green *Apply changes* button to display the rendered Markdown in the preview pane:
+
+image::images/tutorial-visualize-md-2.png[]
+
+Save this visualization with the name _Markdown Example_.
+
+[float]
+[[tutorial-dashboard]]
+=== Putting it all Together with Dashboards
+
+A Kibana dashboard is a collection of visualizations that you can arrange and share. To get started, click the 
+*Dashboard* tab, then the *Add Visualization* button at the far right of the search box to display the list of saved 
+visualizations. Select _Markdown Example_, _Pie Example_, and _Bar Example_, then close the list of visualizations by
+clicking the small up-arrow at the bottom of the list. You can move the containers for each visualization by 
+clicking and dragging the title bar. Resize the containers by dragging the lower right corner of a visualization's 
+container. Your sample dashboard should end up looking roughly like this:
+
+image::images/tutorial-dashboard.png[]
+
+Click the *Save Dashboard* button, then name the dashboard _Tutorial Dashboard_. You can share a saved dashboard by 
+clicking the *Share* button to display HTML embedding code as well as a direct link.
+
+[float]
+[[wrapping-up]]
+=== Wrapping Up
+
+Now that you've handled the basic aspects of Kibana's functionality, you're ready to explore Kibana in further detail. 
+Take a look at the rest of the documentation for more details!

docs/index.asciidoc

@@ -8,6 +8,8 @@ include::introduction.asciidoc[]
 
 include::setup.asciidoc[]
 
+include::getting-started.asciidoc[]
+
 include::access.asciidoc[]
 
 include::discover.asciidoc[]
@@ -20,4 +22,4 @@ include::settings.asciidoc[]
 
 include::production.asciidoc[]
 
-include::whats-new.asciidoc[]
+include::whats-new.asciidoc[]

docs/introduction.asciidoc

@@ -54,5 +54,3 @@ image:images/TFL-Dashboard.jpg[Dashboard]
 
 For more information about creating and sharing visualizations and dashboards, see the <<visualize, Visualize>> 
 and <<dashboard, Dashboard>> topics.
-
-

docs/line.asciidoc

@@ -50,4 +50,4 @@ You can convert a line chart visualization to a bubble chart by performing the f
 . Click *Add Metrics* for the visualization's Y axis, then select *Dot Size*.
 . Select a metric aggregation from the drop-down list.
 . In the *Options* tab, uncheck the *Show Connecting Lines* box.
-. Click the *Apply changes* button.
+. Click the *Apply changes* button.

docs/markdown.asciidoc

@@ -4,4 +4,4 @@
 The Markdown widget is a text entry field that accepts GitHub-flavored Markdown text. Kibana renders the text you enter 
 in this field and displays the results on the dashboard. You can click the *Help* link to go to the 
 https://help.github.com/articles/github-flavored-markdown/[help page] for GitHub flavored Markdown. Click *Apply* to
-display the rendered text in the Preview pane or *Discard* to revert to a previous version.
+display the rendered text in the Preview pane or *Discard* to revert to a previous version.

docs/metric.asciidoc

@@ -17,4 +17,4 @@ NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you
 
 The availability of these options varies depending on the aggregation you choose.
 
-Click the *Options* tab to change the font used to display the metrics.
+Click the *Options* tab to change the font used to display the metrics.

docs/pie.asciidoc

@@ -75,4 +75,4 @@ Select the *Options* tab to change the following aspects of the table:
 *Show Legend*:: Check this box to enable the display of a legend next to the chart.
 
 After changing options, click the green *Apply changes* button to update your visualization, or the grey *Discard 
-changes* button to keep your visualization in its current state.
+changes* button to keep your visualization in its current state.

docs/production.asciidoc

@@ -42,7 +42,8 @@ kibana_elasticsearch_password: kibana4-password
 ----
 
 Kibana 4 users also need access to the `.kibana` index so they can save and load searches, visualizations, and dashboards.
-For more information, see {shield}/_shield_with_kibana_4.html#kibana4-roles[Configuring Roles for Kibana 4 Users] in the Shield documentation.
+For more information, see {shield}/_shield_with_kibana_4.html#kibana4-roles[Configuring Roles for Kibana 4 Users] in 
+the Shield documentation.
 
 [float]
 [[enabling-ssl]]
@@ -50,7 +51,8 @@ For more information, see {shield}/_shield_with_kibana_4.html#kibana4-roles[Conf
 Kibana supports SSL encryption for both client requests and the requests the Kibana server 
 sends to Elasticsearch.
 
-To encrypt communications between the browser and the Kibana server, you configure the `ssl_key_file `and `ssl_cert_file` properties in `kibana.yml`:
+To encrypt communications between the browser and the Kibana server, you configure the `ssl_key_file `and 
+`ssl_cert_file` properties in `kibana.yml`:
 
 [source,text]
 ----
@@ -101,7 +103,8 @@ If you have multiple nodes in your Elasticsearch cluster, the easiest way to dis
 across the nodes is to run an Elasticsearch _client_ node on the same machine as Kibana. 
 Elasticsearch client nodes are essentially smart load balancers that are part of the cluster. They
 process incoming HTTP requests, redirect operations to the other nodes in the cluster as needed, and 
-gather and return the results. For more information, see http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[Node] in the Elasticsearch reference.
+gather and return the results. For more information, see 
+http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html[Node] in the Elasticsearch reference.
 
 To use a local client node to load balance Kibana requests:
 
@@ -128,4 +131,4 @@ cluster.name: "my_cluster"
 --------
 # The Elasticsearch instance to use for all your queries.
 elasticsearch_url: "http://localhost:9200"
---------
+--------

docs/settings.asciidoc

@@ -309,7 +309,8 @@ To import a set of objects:
 
 The Kibana server reads properties from the `kibana.yml` file on startup. The default
 settings configure Kibana to run on `localhost:5601`. To change the host or port number, or
-connect to Elasticsearch running on a different machine, you'll need to update your `kibana.yml` file. You can also enable SSL and set a variety of other options.
+connect to Elasticsearch running on a different machine, you'll need to update your `kibana.yml` file. You can also 
+enable SSL and set a variety of other options.
 
 .Kibana Server Properties
 |===
@@ -328,13 +329,15 @@ connect to Elasticsearch running on a different machine, you'll need to update y
 |`elasticsearch_preserve_host`
 |By default, the host specified in the incoming request from the browser is specified as the host in the 
 corresponding request Kibana sends to Elasticsearch. If you set this option to `false`, Kibana uses the host
-specified in `elasticsearch_url`. You probably don't need to worry about this setting--just use the default. Default: `elasticsearch_preserve_host: true`.
+specified in `elasticsearch_url`. You probably don't need to worry about this setting--just use the default. 
+Default: `elasticsearch_preserve_host: true`.
 
 |`kibana_index`
 |The name of the index where saved searched, visualizations, and dashboards will be stored. Default: `kibana_index: .kibana`.
 
 |`default_app_id` 
-|The page that will be displayed when you launch Kibana: `discover`, `visualize`, `dashboard`, or `settings`. Default: `default_app_id: "discover"`. 
+|The page that will be displayed when you launch Kibana: `discover`, `visualize`, `dashboard`, or `settings`. Default: 
+`default_app_id: "discover"`. 
 
 |`request_timeout` 
 |How long to wait for responses from the Kibana backend or Elasticsearch, in milliseconds. Default: `request_timeout: 500000`.
@@ -343,7 +346,8 @@ specified in `elasticsearch_url`. You probably don't need to worry about this se
 |How long Elasticsearch should wait for responses from shards. Set to 0 to disable. Default: `shard_timeout: 0`.
 
 |`verify_ssl`
-|Indicates whether or not to validate the Elasticsearch SSL certificate. Set to false to disable SSL verification. Default: `verify_ssl: true`.
+|Indicates whether or not to validate the Elasticsearch SSL certificate. Set to false to disable SSL verification. 
+Default: `verify_ssl: true`.
 
 |`ca`
 |The path to the CA certificate for your Elasticsearch instance. Specify if you are using a self-signed certificate 
@@ -356,6 +360,7 @@ so the certificate can be verified. (Otherwise, you have to disable `verify_ssl`
 |The path to your Kibana server's certificate file. Must be set to encrypt communications between the browser and Kibana. Default: none.
 
 |`pid_file`
-|The location where you want to store the process ID file. If not specified, the PID file is stored in `/var/run/kibana.pid`. Default: none.
+|The location where you want to store the process ID file. If not specified, the PID file is stored in 
+`/var/run/kibana.pid`. Default: none.
 
 |===

docs/setup.asciidoc

@@ -9,7 +9,8 @@ All you need is:
 ** URL of the Elasticsearch instance you want to connect to.
 ** Which Elasticsearch indices you want to search.
 
-NOTE: If your Elasticsearch installation is protected by http://www.elastic.co/overview/shield/[Shield] see  https://www.elastic.co/guide/en/shield/current/_shield_with_kibana_4.html[Shield with Kibana 4] for additional setup instructions.
+NOTE: If your Elasticsearch installation is protected by http://www.elastic.co/overview/shield/[Shield] see 
+https://www.elastic.co/guide/en/shield/current/_shield_with_kibana_4.html[Shield with Kibana 4] for additional setup instructions.
 
 [float]
 [[install]]
@@ -25,9 +26,14 @@ That's it! Kibana is now running on port 5601.
 [float]
 [[connect]]
 === Connect Kibana with Elasticsearch
-Before you can start using Kibana, you need to tell it which Elasticsearch indices you want to explore. The first time you access Kibana, you are prompted to define an _index pattern_ that matches the name of one or more of your indices. That's it. That's all you need to configure to start using Kibana. You can add index patterns at any time from the <<settings-create-pattern,Settings tab>>.
+Before you can start using Kibana, you need to tell it which Elasticsearch indices you want to explore. The first time 
+you access Kibana, you are prompted to define an _index pattern_ that matches the name of one or more of your indices. 
+That's it. That's all you need to configure to start using Kibana. You can add index patterns at any time from the 
+<<settings-create-pattern,Settings tab>>.
 
-TIP: By default, Kibana connects to the Elasticsearch instance running on `localhost`. To connect to a different Elasticsearch instance, modify the Elasticsearch URL in the `kibana.yml` configuration file and restart Kibana. For information about using Kibana with your production nodes, see <<production>>.
+TIP: By default, Kibana connects to the Elasticsearch instance running on `localhost`. To connect to a different 
+Elasticsearch instance, modify the Elasticsearch URL in the `kibana.yml` configuration file and restart Kibana. For 
+information about using Kibana with your production nodes, see <<production>>.
 
 To configure the Elasticsearch indices you want to access with Kibana:
 
@@ -35,18 +41,31 @@ To configure the Elasticsearch indices you want to access with Kibana:
 +
 image:images/Start-Page.jpg[Kibana start page]
 +
-. Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana guesses that you're working with data being fed into Elasticsearch by Logstash. If that's the case, you can use the default `logstash-*` as your index pattern. The asterisk (*) matches zero or more characters in an index's name. If your Elasticsearch indices follow some other naming convention, enter an appropriate pattern.  The "pattern" can also simply be the name of a single index.
-. Select the index field that contains the timestamp that you want to use to perform time-based comparisons. Kibana reads the index mapping to list all of the fields that contain a timestamp. If your index doesn't have time-based data, disable the *Index contains time-based events* option.
-. If new indices are generated periodically and have a timestamp appended to the name, select the *Use event times to create index names* option and select the *Index pattern interval*. This improves search performance by enabling Kibana to search only those indices that could contain data in the time range you specify. This is primarily applicable if you are using Logstash to feed data into Elasticsearch.
-. Click *Create* to add the index pattern. This first pattern is automatically configured as the default. When you have more than one index pattern, you can designate which one to use as the default from *Settings > Indices*.
+. Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana 
+guesses that you're working with data being fed into Elasticsearch by Logstash. If that's the case, you can use the 
+default `logstash-*` as your index pattern. The asterisk (*) matches zero or more characters in an index's name. If 
+your Elasticsearch indices follow some other naming convention, enter an appropriate pattern.  The "pattern" can also 
+simply be the name of a single index.
+. Select the index field that contains the timestamp that you want to use to perform time-based comparisons. Kibana 
+reads the index mapping to list all of the fields that contain a timestamp. If your index doesn't have time-based data, 
+disable the *Index contains time-based events* option.
+. If new indices are generated periodically and have a timestamp appended to the name, select the *Use event times to 
+create index names* option and select the *Index pattern interval*. This improves search performance by enabling Kibana 
+to search only those indices that could contain data in the time range you specify. This is primarily applicable if you 
+are using Logstash to feed data into Elasticsearch.
+. Click *Create* to add the index pattern. This first pattern is automatically configured as the default. When you have 
+more than one index pattern, you can designate which one to use as the default from *Settings > Indices*.
 
-Voila! Kibana is now connected to your Elasticsearch data. Kibana displays a read-only list of fields configured for the matching index.
+Voila! Kibana is now connected to your Elasticsearch data. Kibana displays a read-only list of fields configured for 
+the matching index.
 
 [float]
 [[explore]]
 === Start Exploring your Data!
 You're ready to dive in to your data:
 
-* Search and browse your data interactively from the <<discover,Discover>> page.
+* Search and browse your data interactively from the <<discover, Discover>> page.
 * Chart and map your data from the <<visualize, Visualize>> page.
-* Create and view custom dashboards from the <<dashboard, Dashboard>> page.
+* Create and view custom dashboards from the <<dashboard, Dashboard>> page.
+
+For a brief tutorial to these core Kibana concepts, take a look at the <<getting-started, Getting Started>> page!

docs/tilemap.asciidoc

@@ -91,8 +91,10 @@ shades based on the metric aggregation's value.
 After changing options, click the green *Apply changes* button to update your visualization, or the grey *Discard 
 changes* button to keep your visualization in its current state.
 
+[float]
+[[navigating-map]]
 ==== Navigating the Map
 Once your tilemap visualization is ready, you can explore the map in several ways. Click and hold anywhere on the map 
 and move the cursor to move the map center. Hold Shift and drag a bounding box across the map to zoom in on the 
 selection. Click the *Fit Data Bounds* button to automatically crop the map boundaries to the geohash buckets that have 
-at least one result.
+at least one result.

docs/vertbar.asciidoc

@@ -44,4 +44,4 @@ Checkboxes are available to enable and disable the following behaviors:
 *Show Tooltip*:: Check this box to enable the display of tooltips.
 *Show Legend*:: Check this box to enable the display of a legend next to the chart.
 *Scale Y-Axis to Data Bounds*:: The default Y axis bounds are zero and the maximum value returned in the data. Check 
-this box to change both upper and lower bounds to match the values returned in the data.
+this box to change both upper and lower bounds to match the values returned in the data.

docs/visualize-config.asciidoc

@@ -1,20 +0,0 @@
-[[vizconf]]
-== Visualization Configuration
-
-This sections deals with the configuration options for visualizations in Kibana.
-
-include::area.asciidoc[]
-
-include::datatable.asciidoc[]
-
-include::line.asciidoc[]
-
-include::markdown.asciidoc[]
-
-include::metric.asciidoc[]
-
-include::pie.asciidoc[]
-
-include::tilemap.asciidoc[]
-
-include::vertbar.asciidoc[]

docs/visualize.asciidoc

@@ -149,4 +149,4 @@ include::pie.asciidoc[]
 
 include::tilemap.asciidoc[]
 
-include::vertbar.asciidoc[]
+include::vertbar.asciidoc[]

docs/x-axis-aggs.asciidoc

@@ -33,4 +33,4 @@ Sub Aggregation* to define a sub-aggregation, then choose *Split Area* or *Split
 from the list of types.
 
 When multiple aggregations are defined on a chart's axis, you can use the up or down arrows to the right of the 
-aggregation's type to change the aggregation's priority.
+aggregation's type to change the aggregation's priority.

docs/y-axis-aggs.asciidoc

@@ -21,4 +21,4 @@ aggregation returns the percentile rankings for the values in the numeric field
 from the drop-down, then specify one or more percentile rank values in the *Values* fields. Click the *X* to remove a
 values field. Click *+Add* to add a values field.
 
-You can add an aggregation by clicking the *+ Add Aggregation* button.
+You can add an aggregation by clicking the *+ Add Aggregation* button.