Define your index patterns

edit

Index patterns tell Kibana which Elasticsearch indices you want to explore. An index pattern can match the name of a single index, or include a wildcard (*) to match multiple indices.

For example, Logstash typically creates a series of indices in the format logstash-YYYY.MMM.DD. To explore all of the log data from May 2018, you could specify the index pattern logstash-2018.05*.

Create your first index pattern

edit

First you’ll create index patterns for the Shakespeare data set, which has an index named shakespeare, and the accounts data set, which has an index named bank. These data sets don’t contain time series data.

  1. In Kibana, open Management, and then click Index Patterns.
  2. If this is your first index pattern, the Create index pattern page opens automatically. Otherwise, click Create index pattern.
  3. Enter shakes* in the Index pattern field.

    tutorial pattern 1
  4. Click Next step.
  5. In Configure settings, click Create index pattern.

    You’re presented a table of all fields and associated data types in the index.

  6. Return to the Index patterns overview page and define a second index pattern named ba*.

Create an index pattern for time series data

edit

Now create an index pattern for the Logstash index, which contains time series data.

  1. Define an index pattern named logstash*.
  2. Click Next step.
  3. Open the Time Filter field name dropdown and select @timestamp.
  4. Click Create index pattern.

When you define an index pattern, the indices that match that pattern must exist in Elasticsearch and they must contain data. To check which indices are available, go to Dev Tools > Console and enter GET _cat/indices. Alternately, use curl -XGET "http://localhost:9200/_cat/indices".