Kibana User Guide [4.2] » Getting Started with Kibana » Defining Your Index Patterns

翻译 2015年11月18日 23:51:27

Each set of data loaded to Elasticsearch has an index pattern. In the previous section, the Shakespeare data set has an index named shakespeare, and the accounts data set has an index named bank. An index pattern is a string with optional wildcards that can match multiple indices. For example, in the common logging use case, a typical index name contains the date in MM-DD-YYYY format, and an index pattern for May would look something like logstash-2015.05*.

每个加载到ES的数据集都有一个索引模式。在前一部分,莎士比亚数据集有一个叫“莎士比亚”的索引名,而且,计数数据集用一个索引名叫“bank”。索引模式是一个包含可选通配符的字符串,它可以匹配多种索引。例如,在通常的日志使用案例中,一个典型的索引名包括MM-DD-YYYY 格式的日期,而且五月的索引模式看起来像是logstash-2015.05。

For this tutorial, any pattern that matches the name of an index we’ve loaded will work. Open a browser and navigate to localhost:5601. Click the Settings tab, then the Indices tab. Click Add New to define a new index pattern. Two of the sample data sets, the Shakespeare plays and the financial accounts, don’t contain time-series data. Make sure the Index contains time-based events box is unchecked when you create index patterns for these data sets. Specify shakes* as the index pattern for the Shakespeare data set and click Create to define the index pattern, then define a second index pattern named ba*.

在这篇教程中,任何满足我们加载的满足索引名字的模式都将产生作用。打开浏览器,访问localhost:5601。点击‘Settings’按钮,然后是‘Indices’按钮。点击‘Add New’来定义一个新模式。两个数据集中的简单例子,莎士比亚剧本和财务记账,并没有包含时间序列的数据。当你为数据集创建索引模式时,确保‘Index contains time-based events’的使用未受限。为莎士比亚数据集,指定‘shake*’作为索引模式,然后点击‘Create’来定义索引模式,最后定义一个名字是‘ba*’的二级索引模式。

The Logstash data set does contain time-series data, so after clicking Add New to define the index for this data set, make sure the Index contains time-based events box is checked and select the @timestamp field from the Time-field name drop-down.

Logstash数据集包含时间序列的数据,所以,在点击‘Add New’来为数据集定义索引之后,确保‘Index contains time-based events’栏是封闭的,从’Time-field name‘下拉列表选择@timestamp字段。

Discovering Your Data


Click the Discover tab to display Kibana’s data discovery functions:


Right under the tab itself, there is a search box where you can search your data. Searches take a specificquery syntax that enable you to create custom searches, which you can save and load by clicking the buttons to the right of the search box.


Beneath the search box, the current index pattern is displayed in a drop-down. You can change the index pattern by selecting a different pattern from the drop-down selector.


You can construct searches by using the field names and the values you’re interested in. With numeric fields you can use comparison operators such as greater than (>), less than (<), or equals (=). You can link elements with the logical operators AND, OR, and NOT, all in uppercase.


Try selecting the ba* index pattern and putting the following search into the search box:


account_number:<100 AND balance:>47500

This search returns all account numbers between zero and 99 with balances in excess of 47,500.

If you’re using the linked sample data set, this search returns 5 results: Account numbers 8, 32, 78, 85, and 97.



To narrow the display to only the specific fields of interest, highlight each field in the list that displays under the index pattern and click the Add button. Note how, in this example, adding the account_numberfield changes the display from the full text of five records to a simple list of five account numbers:







Kibana User Guide [4.2] » Getting Started with Kibana » Defining Your Index Patterns

Each set of data loaded to Elasticsearch has an index pattern. In the previous section, the Shakesp...

Kibana User Guide [4.2] » Getting Started with Kibana

Getting Started with Kibana 开始使用Kibana Now that you have Kibana installed, you can step through ...



Kibana User Guide [4.2] » Getting Started with Kibana » Putting it all Together with Dashboards

Putting it all Together with Dashboards 使用仪表盘整合在一起 A Kibana dashboard is a collection of v...

Kibana User Guide [4.2] » Getting Started with Kibana » Data Visualization: Beyond Discovery

Data Visualization: Beyond Discovery 数据可视化:Discovery之外的内容 The visualization tools available on th...

Kibana User Guide [4.2] » Getting Kibana Up and Running

Getting Kibana Up and Running 启动并运行Kibana You can set up Kibana and start exploring your E...

Kibana User Guide [4.2] » Kibana Plugins

Kibana Plugins Kibana插件 Add-on functionality for Kibana is implemented with plug-in modules. You ...

Kibana User Guide [4.2] » Dashboard

Dashboard 仪表盘 A Kibana dashboard displays a set of saved visualizations in groups that you...

Kibana User Guide [4.2] »Settings

Settings 设置 To use Kibana, you have to tell it about the Elasticsearch indices that you want t...

Kibana User Guide [4.2] » Visualize

Visualize  可视化 You can use the Visualize page to design data visualizations. You can save these ...

Kibana User Guide [4.2] » Kibana 4.2 Release Notes

Kibana 4.2 Release Notes Kibana 4.2 发布注意事项 Starting with the 2.0 release of Elasticsearch, you ...