Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to configure index pattern in Kibana

Tags:

I have connected Kibana to my ES instance.

cat/indices returns:

yellow open .kibana 1 1      1 0 3.1kb 3.1kb 
yellow open tests   5 1 413042 0 3.4gb 3.4gb

However I get the following on the kibana configuration screen. What am I missing?

Kibana screenshot

Update:

enter image description here

My sample document looks like this

    "_index": "tests",
    "_type": "test7",
    "_id": "AVGlIKIM1CQ8BZRgLZVg",
    "_score": 1.7840601,
    "_source": {
       "severity": "ERROR",
       "code": "CODE,
       "message": "MESSAGE",
       "environment": "TEST",
       "error_uuid": "cbe99080-0bf3-495c-a417-77384ba0fd39",
       "correlation_id": "cf5a1fd5-4fd2-40bb-9cdf-405b91dcbd6f",
       "timestamp": "2015-11-20 15:24:39.831"
like image 550
freefall Avatar asked Dec 15 '15 10:12

freefall

People also ask

How do I set the default index in Kibana?

For setting the default index pattern, we need to click on the index pattern name and then click on the star symbol link on top-right side of the page.

Where are Kibana index patterns stored?

Hey @Rosho, index-patterns are not stored on the Kibana server's filesystem. Instead, they are persisted to a document in the . kibana_* indices (which the . kibana alias points at).

1 Answers

Disable the option Use event times to create index names and put the index name instead of the pattern (tests).

The option you are trying to use is used when you have index names based on timestamp (imagine you create a new index per day with tests-2015.12.01, tests-2015.12.02...). It's quite clear if you read the message when you enable that option:

Patterns allow you to define dynamic index names. Static text in an index name is denoted using brackets. Example: [logstash-]YYYY.MM.DD. Please note that weeks are setup to use ISO weeks which start on Monday

EDIT: The problem with an empty dropdown in the time-field name is because you don't have any field with date type in the mapping of your index. You can actually check if you do GET /<index-name>/_mapping?pretty, that the timestamp is a "string" type and not "date". This happens because the format didn't match the regex for the date detection (yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z). To solve this:

  • You can change the format of the timestamp you are inserting to match the default regex.
  • You can modify the dynamic_date_format property and put a regex that matches the current format of your timestamp.
  • You can set an index template and set the type "date" for the "timestamp" field.

In any of the cases, you would need to delete the index and create a new one or reindex the data.

like image 153
Pigueiras Avatar answered Sep 23 '22 12:09

Pigueiras
Sign in to Comment

Related questions

Very poor performance of async task run on threadpool in .Net native
Sub-Pixels calculated and rendered differently among browsers
Transform ES5 code to ES6 at runtime
Recommendation on how to document Websocket API [closed]
Running multiple projects using docker which each runs with docker-compose
npm WARN deprecated [email protected]: this package has been reintegrated into npm and is now out of date with respect to npm
How can I disable default splash screen in react-native?
Pathfinding on large map
How will C++17 exception specifier type system work?
Firebase - uploading images when internet is offline
How to add another feature (length of text) to current bag of words classification? Scikit-learn
iOS 10 can no longer set barcolor and tint on MFMessageComposeViewController

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!