github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-25 02:09:32 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/getting-started/tutorial-define-index.asciidoc
Kaarina Tungseth 896b9cddbc
[DOCS] Updates for navigation redesign (#68709) 
* [DOCS] Updates for navigation redesign

* Getting started

* Set up text

* Discover

* Dashboard, Graph, ML, Maps, APM, SIEM, Dev tools

* Dev Tools, Stack Monitoring, Management

* Management

* Final changes

* [DOCS] Updates for navigation redesign

* [DOCS] Updates CCR monitoring screenshots

* updates SIEM screenshot and Cases overview text

* Added Brandon's APM image

* [DOCS] Refines CCR shard screenshot

* Removed merge conflict image file

Co-authored-by: lcawl <lcawley@elastic.co>
Co-authored-by: Ben Skelker <ben.skelker@elastic.co>
2020-06-12 09:39:36 -05:00

53 lines
1.9 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[[tutorial-define-index]]
=== Define your index patterns
Index patterns tell Kibana which Elasticsearch indices you want to explore.
An index pattern can match the name of a single index, or include a wildcard
(*) to match multiple indices.
For example, Logstash typically creates a
series of indices in the format `logstash-YYYY.MMM.DD`. To explore all
of the log data from May 2018, you could specify the index pattern
`logstash-2018.05*`.
[float]
==== Create your first index pattern
First you'll create index patterns for the Shakespeare data set, which has an
index named `shakespeare,` and the accounts data set, which has an index named
`bank`. These data sets don't contain time series data.
. Open the menu, then go to *Stack Management > {kib} > Index Patterns*.
. If this is your first index pattern, the *Create index pattern* page opens.
Otherwise, click *Create index pattern*.
. In the *Index pattern field*, enter `shakes*`.
+
[role="screenshot"]
image::images/tutorial-pattern-1.png[]
. Click *Next step*.
. Select the *Time Filter field name*, then click *Create index pattern*.
+
Youre presented a table of all fields and associated data types in the index.
. Return to the *Index patterns* page and create a second index pattern named `ba*`.
[float]
==== Create an index pattern for the time series data
Create an index pattern for the Logstash index, which
contains the time series data.
. Define an index pattern named `logstash*`.
. Click *Next step*.
. From the *Time Filter field name* dropdown, select *@timestamp*.
. Click *Create index pattern*.
NOTE: When you define an index pattern, the indices that match that pattern must
exist in Elasticsearch and they must contain data. To check which indices are
available, open the menu, then go to *Dev Tools > Console* and enter `GET _cat/indices`. Alternately, use
`curl -XGET "http://localhost:9200/_cat/indices"`.
Reference in a new issue View git blame Copy permalink