mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 01:38:56 -04:00
Fixes merge conflict (#54195)
This commit is contained in:
gchaps
GitHub
parent
8f8d08367e
commit
7a92f0a278
4 changed files with 78 additions and 96 deletions
|
|
@ -1,17 +1,22 @@
|
|||
[[index-patterns]]
|
||||
== Index patterns
|
||||
== Creating an index pattern
|
||||
|
||||
To visualize and explore data in {kib}, you must create an index pattern.
|
||||
An index pattern tells {kib} which {es} indices contain the data that you want to work with.
|
||||
An index pattern can match a single index, multiple indices, and a rollup index.
|
||||
To explore and visualize data in {kib}, you must create an index pattern.
|
||||
An index pattern tells {kib} which {es} indices contain the data that
|
||||
you want to work with.
|
||||
Once you create an index pattern, you're ready to:
|
||||
|
||||
* Interactively explore your data in <<discover, Discover>>.
|
||||
* Analyze your data in charts, tables, gauges, tag clouds, and more in <<visualize, Visualize>>.
|
||||
* Show off your data in a <<canvas, Canvas>> workpad.
|
||||
* If your data includes geo data, visualize it with <<maps, Maps>>.
|
||||
|
||||
[float]
|
||||
[[index-patterns-read-only-access]]
|
||||
=== [xpack]#Read-only access#
|
||||
If you have insufficient privileges to create or save index patterns, a read-only
|
||||
If you have insufficient privileges to create or save index patterns, a read-only
|
||||
indicator appears in Kibana. The buttons to create new index patterns or save
|
||||
existing index patterns are not visible. For more information on granting access to
|
||||
Kibana see <<xpack-security-authorization>>.
|
||||
existing index patterns are not visible. For more information, see <<xpack-security-authorization>>.
|
||||
|
||||
[role="screenshot"]
|
||||
image::images/management-index-read-only-badge.png[Example of Index Pattern Management's read only access indicator in Kibana's header]
|
||||
|
|
@ -20,12 +25,9 @@ image::images/management-index-read-only-badge.png[Example of Index Pattern Mana
|
|||
[[settings-create-pattern]]
|
||||
=== Create an index pattern
|
||||
|
||||
To get started, go to *Management > Kibana > Index Patterns*. You begin with
|
||||
an overview of your index patterns, including any that were added when you
|
||||
downloaded sample data sets.
|
||||
|
||||
You can create a standard index pattern, and if a rollup index is detected in the
|
||||
cluster, a rollup index pattern.
|
||||
If you are in an app that requires an index pattern, and you don't have one yet,
|
||||
{kib} prompts you to create one. Or, you can go directly to
|
||||
*Management > Kibana > Index Patterns*.
|
||||
|
||||
[role="screenshot"]
|
||||
image:management/index-patterns/images/rollup-index-pattern.png["Menu with rollup index pattern"]
|
||||
|
|
@ -33,83 +35,93 @@ image:management/index-patterns/images/rollup-index-pattern.png["Menu with rollu
|
|||
[float]
|
||||
==== Standard index pattern
|
||||
|
||||
{kib} makes it easy for you to create an index pattern by walking you through
|
||||
the process. Just start typing in the *Index pattern* field, and {kib} looks for
|
||||
the names of {es} indices that match your input. Make sure that the name of the
|
||||
Just start typing in the *Index pattern* field, and {kib} looks for
|
||||
the names of {es} indices that match your input. Make sure that the name of the
|
||||
index pattern is unique.
|
||||
|
||||
If you want to include system indices in your search, toggle the switch in the
|
||||
upper right.
|
||||
To include system indices in your search, toggle the switch in the upper right.
|
||||
|
||||
[role="screenshot"]
|
||||
image:management/index-patterns/images/create-index-pattern.png["Create index pattern"]
|
||||
|
||||
Your index pattern can match multiple {es} indices.
|
||||
Use a comma to separate the names, with no space after the comma. The notation for
|
||||
wildcards (`*`) and the ability to "exclude" (`-`) also apply
|
||||
Your index pattern can match multiple {es} indices.
|
||||
Use a comma to separate the names, with no space after the comma. The notation for
|
||||
wildcards (`*`) and the ability to "exclude" (`-`) also apply
|
||||
(for example, `test*,-test3`).
|
||||
|
||||
When {kib} detects an index with a timestamp, you’re asked to choose a field to
|
||||
filter your data by time. If you don’t specify a field, you won’t be able
|
||||
If {kib} detects an index with a timestamp, you’re asked to choose a field to
|
||||
filter your data by time. If you don’t specify a field, you won’t be able
|
||||
to use the time filter.
|
||||
|
||||
Once you’ve created your index pattern, you can start working with
|
||||
your {es} data in {kib}. Here are some things to try:
|
||||
|
||||
* Interactively explore your data in <<discover, Discover>>.
|
||||
* Present your data in charts, tables, gauges, tag clouds, and more in <<visualize, Visualize>>.
|
||||
* Show off your data in a <<canvas, Canvas>> presentation.
|
||||
* If your data includes geo data, visualize it using <<maps, Maps>>.
|
||||
|
||||
For a walkthrough of creating an index pattern and visualizing the data,
|
||||
see <<getting-started, Getting Started>>.
|
||||
|
||||
[float]
|
||||
==== Rollup index pattern
|
||||
|
||||
If a rollup index is detected in the cluster, clicking *Create index pattern*
|
||||
includes an item for creating a rollup index pattern. You create an
|
||||
index pattern for rolled up data the same way you do for any data.
|
||||
If a rollup index is detected in the cluster, clicking *Create index pattern*
|
||||
includes an item for creating a rollup index pattern.
|
||||
You can match an index pattern to only rolled up data, or mix both rolled
|
||||
up and raw data to explore and visualize all data together.
|
||||
An index pattern can match
|
||||
only one rollup index.
|
||||
|
||||
You can match an index pattern to only rolled up data, or mix both rolled
|
||||
up and raw data to visualize all data together. An index pattern can match
|
||||
only one rollup index, not multiple. There is no restriction on the
|
||||
number of standard indices that an index pattern can match.
|
||||
[float]
|
||||
[[management-cross-cluster-search]]
|
||||
==== {ccs-cap} index pattern
|
||||
|
||||
See <<visualize-rollup-data, Creating a visualization using rolled up data>>
|
||||
for more detailed information.
|
||||
If your {es} clusters are configured for {ref}/modules-cross-cluster-search.html[{ccs}], you can create
|
||||
index patterns to search across the clusters of your choosing. Using the
|
||||
same syntax that you'd use in a raw {ccs} request in {es}, create your
|
||||
index pattern with the convention `<cluster-names>:<pattern>`.
|
||||
|
||||
For example, to query {ls} indices across two {es} clusters
|
||||
that you set up for {ccs}, which are named `cluster_one` and `cluster_two`,
|
||||
you would use `cluster_one:logstash-*,cluster_two:logstash-*` as your index pattern.
|
||||
|
||||
You can use wildcards in your cluster names
|
||||
to match any number of clusters, so if you want to search {ls} indices across
|
||||
clusters named `cluster_foo`, `cluster_bar`, and so on, you would use `cluster_*:logstash-*`
|
||||
as your index pattern.
|
||||
|
||||
To query across all {es} clusters that have been configured for {ccs},
|
||||
use a standalone wildcard for your cluster name in your index
|
||||
pattern: `*:logstash-*`.
|
||||
|
||||
Once an index pattern is configured using the {ccs} syntax, all searches and
|
||||
aggregations using that index pattern in {kib} take advantage of {ccs}.
|
||||
|
||||
[float]
|
||||
=== Manage your index pattern
|
||||
|
||||
Once you’ve created an index pattern, you’re presented a table of all fields
|
||||
and associated data types in the index.
|
||||
Once you create an index pattern, manually or with a sample data set,
|
||||
you can look at its fields and associated data types.
|
||||
You can also perform housekeeping tasks, such as making the
|
||||
index pattern the default or deleting it when you longer need it.
|
||||
To drill down into the details of an index pattern, click its name in
|
||||
the *Index patterns* overview.
|
||||
|
||||
[role="screenshot"]
|
||||
image:management/index-patterns/images/new-index-pattern.png["Index files and data types"]
|
||||
|
||||
You can perform the following actions:
|
||||
From the detailed view, you can perform the following actions:
|
||||
|
||||
* *Manage the index fields.* Click a column header to sort the table by that column.
|
||||
Use the field dropdown menu to limit to display to a specific field.
|
||||
See <<managing-fields, Managing fields>> for more detailed information.
|
||||
* *Manage the index fields.* You can add formatters to format values and create
|
||||
scripted fields.
|
||||
See <<managing-fields, Managing fields>> for more information.
|
||||
|
||||
* [[set-default-pattern]]*Set the default index pattern.* {kib} uses a badge to make users
|
||||
aware of which index pattern is the default. The first pattern
|
||||
you create is automatically designated as the default pattern. The default
|
||||
index pattern is loaded when you view the Discover tab.
|
||||
* [[set-default-pattern]]*Set the default index pattern.* {kib} uses a badge to make users
|
||||
aware of which index pattern is the default. The first pattern
|
||||
you create is automatically designated as the default pattern. The default
|
||||
index pattern is loaded when you open *Discover*.
|
||||
|
||||
* [[reload-fields]]*Reload the index fields list.* You can reload the index fields list to
|
||||
pick up any newly-added fields. Doing so also resets Kibana’s popularity counters
|
||||
for the fields. The popularity counters keep track of the fields
|
||||
you’ve used most often in {kib} and are used to sort fields in lists.
|
||||
* [[reload-fields]]*Refresh the index fields list.* You can refresh the index fields list to
|
||||
pick up any newly-added fields. Doing so also resets Kibana’s popularity counters
|
||||
for the fields. The popularity counters are used in *Discover* to sort fields in lists.
|
||||
|
||||
* [[delete-pattern]]*Delete the index pattern.* This action removes the pattern from the list of
|
||||
Saved Objects in {kib}. You will not be able to recover field formatters,
|
||||
* [[delete-pattern]]*Delete the index pattern.* This action removes the pattern from the list of
|
||||
Saved Objects in {kib}. You will not be able to recover field formatters,
|
||||
scripted fields, source filters, and field popularity data associated with the index pattern.
|
||||
+
|
||||
Deleting an index pattern breaks all visualizations, saved searches, and
|
||||
other saved objects that reference the pattern. Deleting an index pattern does
|
||||
Deleting an index pattern does
|
||||
not remove any indices or data documents from {es}.
|
||||
|
||||
include::index-patterns/management-cross-cluster-search.asciidoc[]
|
||||
+
|
||||
WARNING: Deleting an index pattern breaks all visualizations, saved searches, and
|
||||
other saved objects that reference the pattern.
|
||||
|
|
|
|||
|
|
@ -1,30 +0,0 @@
|
|||
[[management-cross-cluster-search]]
|
||||
=== {ccs-cap}
|
||||
|
||||
{es} supports the ability to run search and aggregation requests across multiple
|
||||
clusters using a module called _{ccs}_.
|
||||
|
||||
In order to take advantage of {ccs}, you must configure your {es}
|
||||
clusters accordingly. Review the corresponding {es}
|
||||
{ref}/modules-cross-cluster-search.html[documentation] before attempting to use {ccs} in {kib}.
|
||||
|
||||
Once your {es} clusters are configured for {ccs}, you can create
|
||||
specific index patterns in {kib} to search across the clusters of your choosing. Using the
|
||||
same syntax that you'd use in a raw {ccs} request in {es}, create your
|
||||
index pattern in {kib} with the convention `<cluster-names>:<pattern>`.
|
||||
|
||||
For example, if you want to query {ls} indices across two of the {es} clusters
|
||||
that you set up for {ccs}, which were named `cluster_one` and `cluster_two`,
|
||||
you would use `cluster_one:logstash-*,cluster_two:logstash-*` as your index pattern in {kib}.
|
||||
|
||||
Just like in raw search requests in {es}, you can use wildcards in your cluster names
|
||||
to match any number of clusters, so if you wanted to search {ls} indices across any
|
||||
clusters named `cluster_foo`, `cluster_bar`, and so on, you would use `cluster_*:logstash-*`
|
||||
as your index pattern in {kib}.
|
||||
|
||||
If you want to query across all {es} clusters that have been configured for {ccs},
|
||||
then use a standalone wildcard for your cluster name in your {kib} index
|
||||
pattern: `*:logstash-*`.
|
||||
|
||||
Once an index pattern is configured using the {ccs} syntax, all searches and
|
||||
aggregations using that index pattern in {kib} take advantage of {ccs}.
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
|
||||
[partintro]
|
||||
--
|
||||
|
||||
When you know what your data includes, you can create visualizations
|
||||
that best display that data and build better dashboards.
|
||||
*Discover* enables you to explore your data, find
|
||||
|
|
@ -99,6 +100,8 @@ or create a direct link to share. The *Save* and *Share* actions are in the men
|
|||
|
||||
--
|
||||
|
||||
include::{kib-repo-dir}/management/index-patterns.asciidoc[]
|
||||
|
||||
include::{kib-repo-dir}/discover/set-time-filter.asciidoc[]
|
||||
|
||||
include::{kib-repo-dir}/discover/search.asciidoc[]
|
||||
|
|
|
|||
|
|
@ -13,8 +13,6 @@ visualizations, and dashboards.
|
|||
|
||||
include::{kib-repo-dir}/management/managing-licenses.asciidoc[]
|
||||
|
||||
include::{kib-repo-dir}/management/index-patterns.asciidoc[]
|
||||
|
||||
include::{kib-repo-dir}/management/rollups/create_and_manage_rollups.asciidoc[]
|
||||
|
||||
include::{kib-repo-dir}/management/index-lifecycle-policies/intro-to-lifecycle-policies.asciidoc[]
|
||||
|
|
@ -40,4 +38,3 @@ include::{kib-repo-dir}/management/managing-beats.asciidoc[]
|
|||
include::{kib-repo-dir}/management/managing-remote-clusters.asciidoc[]
|
||||
|
||||
include::{kib-repo-dir}/management/snapshot-restore/index.asciidoc[]
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue