mirror of
https://github.com/elastic/kibana.git
synced 2025-04-25 10:23:14 -04:00
8895ae110f
This overhaul of the docs structure puts Kibana's documentation more inline with the structure that is used in Elasticsearch. This will help us better organize the docs going forward as more docs are added. This also includes a few necessary content changes for 5.0.
22 lines
1.5 KiB
Text
22 lines
1.5 KiB
Text
[[tutorial-define-index]]
|
|
== Defining Your Index Patterns
|
|
|
|
Each set of data loaded to Elasticsearch has an index pattern. In the previous section, the
|
|
Shakespeare data set has an index named `shakespeare`, and the accounts data set has an index named `bank`. An _index
|
|
pattern_ is a string with optional wildcards that can match multiple indices. For example, in the common logging use
|
|
case, a typical index name contains the date in MM-DD-YYYY format, and an index pattern for May would look something
|
|
like `logstash-2015.05*`.
|
|
|
|
For this tutorial, any pattern that matches the name of an index we've loaded will work. Open a browser and
|
|
navigate to `localhost:5601`. Click the *Settings* tab, then the *Indices* tab. Click *Add New* to define a new index
|
|
pattern. Two of the sample data sets, the Shakespeare plays and the financial accounts, don't contain time-series data.
|
|
Make sure the *Index contains time-based events* box is unchecked when you create index patterns for these data sets.
|
|
Specify `shakes*` as the index pattern for the Shakespeare data set and click *Create* to define the index pattern, then
|
|
define a second index pattern named `ba*`.
|
|
|
|
The Logstash data set does contain time-series data, so after clicking *Add New* to define the index for this data
|
|
set, make sure the *Index contains time-based events* box is checked and select the `@timestamp` field from the
|
|
*Time-field name* drop-down.
|
|
|
|
NOTE: When you define an index pattern, indices that match that pattern must exist in Elasticsearch. Those indices must
|
|
contain data.
|