- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 8.8
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- Alerting and action settings
- APM settings
- Banners settings
- Cases settings
- Enterprise Search settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Monitoring settings
- Reporting settings
- Search sessions settings
- Secure settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Configure security
- Configure reporting
- Configure logging
- Configure monitoring
- Command line tools
- Production considerations
- Discover
- Dashboard and visualizations
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- APM
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Data views API
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Add comment
- Create case
- Delete cases
- Delete comments
- Find case activity
- Find cases
- Find connectors
- Get alerts
- Get case activity
- Get case
- Get case status
- Get cases by alert
- Get comments
- Get configuration
- Get reporters
- Get tags
- Push case
- Set configuration
- Update cases
- Update comment
- Update configuration
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Osquery manager API
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Kibana plugins
- Troubleshooting
- Accessibility
- Release notes
- Kibana 8.8.2
- Kibana 8.8.1
- Kibana 8.8.0
- Kibana 8.7.1
- Kibana 8.7.0
- Kibana 8.6.1
- Kibana 8.6.0
- Kibana 8.5.2
- Kibana 8.5.1
- Kibana 8.5.0
- Kibana 8.4.3
- Kibana 8.4.2
- Kibana 8.4.1
- Kibana 8.4.0
- Kibana 8.3.3
- Kibana 8.3.2
- Kibana 8.3.1
- Kibana 8.3.0
- Kibana 8.2.3
- Kibana 8.2.2
- Kibana 8.2.1
- Kibana 8.2.0
- Kibana 8.1.3
- Kibana 8.1.2
- Kibana 8.1.1
- Kibana 8.1.0
- Kibana 8.0.0
- Kibana 8.0.0-rc2
- Kibana 8.0.0-rc1
- Kibana 8.0.0-beta1
- Kibana 8.0.0-alpha2
- Kibana 8.0.0-alpha1
- Developer guide
Create data view API
editCreate data view API
edit[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Create data views.
Request
editPOST <kibana host>:<port>/api/data_views/data_view
POST <kibana host>:<port>/s/<space_id>/api/data_views/data_view
Path parameters
edit-
space_id
-
(Optional, string) An identifier for the space. If
space_id
is not provided in the URL, the default space is used.
Request body
edit-
override
-
(Optional, boolean) Overrides an existing data view if a
data view with the provided title already exists. The default is
false
. -
data_view
- (Required, object) The data view object. All fields are optional.
Response code
edit-
200
- Indicates a successful call.
Examples
editTo explore the data in the logstash-*
indices, create a data view:
$ curl -X POST api/data_views/data_view { "data_view": { "title": "logstash-*", "name": "My Logstash Data View" } }
To create custom field formats, use the data_view.fieldFormats
property:
$ curl -X POST api/data_views/data_view { "data_view": { "title": "logstash-*", "name": "My Logstash data view 2", "fieldFormats": { "event_time": { "id": "date_nanos" }, "machine.ram": { "id": "number", "params": { "pattern": "0,0.[000] b" } } } } }
To create custom labels, use the data_view.fieldAttrs
property:
$ curl -X POST api/data_views/data_view { "data_view": { "title": "logstash-*", "name": "My Logstash data view 3", "fieldAttrs": { "utc_time": { "customLabel": "Time (UTC)" } } } }
To create a data view with runtime fields, use the data_view.runtimeFieldMap
property:
$ curl -X POST api/data_views/data_view { "data_view": { "title": "logstash-*", "name": "My Logstash data view 3", "runtimeFieldMap": { "runtime_shape_name": { "type": "keyword", "script": { "source": "emit(doc['shape_name'].value)" } } } } }
To create data views based on rollup indices, use the data_view.type
and data_view.typeMeta
properties :
$ curl -X POST api/data_views/data_view { "data_view": { "title": "logstash-*", "name": "My Logstash rollup data view", "type": "rollup", "typeMeta": { "params": { "rollup_index": "rollup_logstash" }, "aggs": { "terms": { "geo.dest": { "agg": "terms" }, "extension.keyword": { "agg": "terms" }, "geo.src": { "agg": "terms" }, "machine.os.keyword": { "agg": "terms" } }, "date_histogram": { "@timestamp": { "agg": "date_histogram", "fixed_interval": "20m", "delay": "10m", "time_zone": "UTC" } }, "avg": { "memory": { "agg": "avg" }, "bytes": { "agg": "avg" } }, "max": { "memory": { "agg": "max" } }, "min": { "memory": { "agg": "min" } }, "sum": { "memory": { "agg": "sum" } }, "value_count": { "memory": { "agg": "value_count" } }, "histogram": { "machine.ram": { "agg": "histogram", "interval": 5 } } } } } }
The API returns the data view object:
{ "data_view": {...} }
Properties of the data_view
object:
edit-
title
-
(Optional, string) Comma-separated list of data streams, indices, and aliases that you want to search. Supports wildcards
(
*
). -
name
- (Optional, string) The data view name.
-
id
- (Optional, string) Saved object ID.
-
type
-
(Optional, string) When set to
rollup
, identifies the rollup data views. -
typeMeta
-
(Optional, object) When you use rollup indices, contains the field list for the rollup data view API endpoints.
Properties of the typeMeta objects:
-
aggs
- (Required, object) A map of rollup restrictions by aggregation type and field name.
-
params
- (Required, object) Properties for retrieving rollup fields.
-
-
timeFieldName
- (Optional, string) Timestamp field name, which you use for time-based data views.
-
sourceFilters
- (Optional, string[]) Array of field names you want to filter out in Discover.
-
fieldAttrs
-
(Optional, object) Map of field attributes by field name.
Properties of the fieldAttrs[fieldName] objects:
-
customLabel
- (Optional, string) Custom label for the field.
-
count
- (Optional, number) Popularity count for the field.
-
-
runtimeFieldMap
-
(Optional, object) Map of runtime field definitions by field name.
Properties of the runtimeFieldMap[fieldName] objects:
-
type
- (Required, string) Mapping type of the runtime field. For more information, check Field data types.
-
script.source
- (Required, string) Script of the runtime field.
-
-
fieldFormats
- (Optional, object) Map of field formats by field name.
-
allowNoIndex
- (Optional, boolean) Allows the data view saved object to exist before the data is available.
-
namespaces
- (Optional, string[]) Array of space IDs for sharing the data view between multiple spaces.
On this page