Kibana User Guide [4.2]»getting Started with kibana»defining Your Index Patterns

Each set of data loaded to Elasticsearch have an index pattern. The previous section, the Shakespeare data set have an index named Shakespeare, and the accounts data set have an index n Amed Bank. An index pattern was a string with optional wildcards that can match multiple indices. For example, the common logging use case, a typical index name contains the date in MM-DD-YYYY format, and an index pat Tern for could would look something like logstash-2015.05*.

Each dataset loaded into ES has an indexed pattern. In the previous section, the Shakespeare dataset had an index name called "Shakespeare", and the Count dataset was named "bank" with an index. An indexed pattern is a string that contains an optional wildcard character that can match multiple indexes. For example, in the usual log use case, a typical index name includes a date in the MM-DD-YYYY format, and the May index pattern looks like a logstash-2015.05.

For this tutorial, any pattern that matches the name of the A index we ' ve loaded would work. Open a browser and navigate to localhost:5601. Click the Settings tab, then the Indices tab. Click ADD new to define a new index pattern. Both of the sample data sets, the Shakespeare plays and the financial accounts, don ' t contain time-series data. Make sure the index contains time-based events box was unchecked when you create Index patterns for these data sets. Specify shakes* as the index pattern for the Shakespeare data set and click Create to define the index pattern, then Defin E A second index pattern named ba*.

In this tutorial, any pattern that satisfies the index name that we load will have a role to play. Open the browser and access localhost:5601. Click the ' Settings ' button and then the ' Indices ' button. Click ' Add new ' to define a new pattern. A simple example of two data sets, Shakespeare's script and financial bookkeeping, does not contain time series data. When you create an indexed schema for a dataset, make sure that the use of ' Index contains time-based events ' is unrestricted. For the Shakespeare DataSet, specify ' shake* ' as the index pattern, then click ' Create ' to define the index pattern, and finally define a two-level index pattern named ' ba* '.

The Logstash data set does contain time-series data, so after clicking Add New to define the index for this data set, make Sure the Index contains time-based events box is checked and select the @timestamp field from the Time-field name drop-do Wn.

The Logstash dataset contains the data for the time series, so after clicking ' Add New ' to define the index for the dataset, make sure that the ' Index contains time-based events ' column is closed from ' Time-field name ' Drop-down list to select the @timestamp field. Discovering Your Data Discover your data

Click The Discover tab to display Kibana ' s data discovery functions:

Click the ' Discover ' button to display the discovery function of the Kibana data.

Right under the tab itself, there are a search box where you can search your data. Searches take a specificquery syntax that enable the Create custom searches, which you can save and load by clicking th e buttons to the right of the search box.

Just below the ' Discover ' tab, there is a search bar where you can search for data. The search uses a special request syntax to ensure that you can create regular searches that you can save and load by clicking the button on the right side of the search bar.

Beneath the search box, the current index pattern was displayed in a drop-down. You can change the index pattern by selecting a different pattern from the Drop-down selector.

Below the search bar, the search mode is now displayed in the drop-down menu. You can change the search mode by selecting a different mode from the drop-down selector.

You can construct searches by using the field names and the values of your ' re interested in. With numeric the can use comparison operators such as greater than (>), less than (<), or equals (=). You can link elements with the logical operators and, or, and not, all in uppercase.

You can use the field names and values you're interested in to build your search. For data fields, you can use ' > ', ' < ' or ' = '. You can use the logic on your keyboard to manipulate ' and ', ' or ', and ' not ' to connect elements.

Try Selecting the ba* index pattern and putting the following search into the search box:

Try selecting ' ba* ' index mode and placing the following on the index bar:

Account_number:<100 and balance:>47500

This search returns all account numbers between zero and the balances in excess of 47,500.

If you're using the linked sample data set, this search returns 5 Results:account numbers 8, + 97,. The search returned a number from 0 to 99, and the account was more than 47500 content.

If you use a sample dataset in the link, this search will return 5 results: Account data 8,32,78,85 and 97.

To narrow the display to only the specific fields of interest, highlight each field in the list that displays under the in Dex pattern and click the Add button. Note How, in this example, adding the Account_numberfield changes the display from the full text of five records to a simp Le List of five account numbers:

To limit the display results to fields of interest, highlight each of the fields in the following table in index mode and click the ' Add ' button. In this example, add the ' Account_number ' field to display the complete information to show only five numbers:

Note:

Materials from elastic official website.

Address:

Https://www.elastic.co/guide/en/kibana/current/tutorial-define-index.html