How to configure index pattern in Kibana

Tags:

I have connected Kibana to my ES instance.

cat/indices returns:

yellow open .kibana 1 1      1 0 3.1kb 3.1kb 
yellow open tests   5 1 413042 0 3.4gb 3.4gb

However I get the following on the kibana configuration screen. What am I missing?

Kibana screenshot

Update:

enter image description here

My sample document looks like this

    "_index": "tests",
    "_type": "test7",
    "_id": "AVGlIKIM1CQ8BZRgLZVg",
    "_score": 1.7840601,
    "_source": {
       "severity": "ERROR",
       "code": "CODE,
       "message": "MESSAGE",
       "environment": "TEST",
       "error_uuid": "cbe99080-0bf3-495c-a417-77384ba0fd39",
       "correlation_id": "cf5a1fd5-4fd2-40bb-9cdf-405b91dcbd6f",
       "timestamp": "2015-11-20 15:24:39.831"

550

asked Dec 15 '15 10:12

freefall

1 Answers

Disable the option Use event times to create index names and put the index name instead of the pattern (tests).

The option you are trying to use is used when you have index names based on timestamp (imagine you create a new index per day with tests-2015.12.01, tests-2015.12.02...). It's quite clear if you read the message when you enable that option:

Patterns allow you to define dynamic index names. Static text in an index name is denoted using brackets. Example: [logstash-]YYYY.MM.DD. Please note that weeks are setup to use ISO weeks which start on Monday

EDIT: The problem with an empty dropdown in the time-field name is because you don't have any field with date type in the mapping of your index. You can actually check if you do GET /<index-name>/_mapping?pretty, that the timestamp is a "string" type and not "date". This happens because the format didn't match the regex for the date detection (yyyy/MM/dd HH:mm:ss Z||yyyy/MM/dd Z). To solve this:

You can change the format of the timestamp you are inserting to match the default regex.
You can modify the dynamic_date_format property and put a regex that matches the current format of your timestamp.
You can set an index template and set the type "date" for the "timestamp" field.

In any of the cases, you would need to delete the index and create a new one or reindex the data.

153

answered Sep 23 '22 12:09

Pigueiras

Related questions
                            
                                Very poor performance of async task run on threadpool in .Net native
                            
                                Sub-Pixels calculated and rendered differently among browsers
                            
                                Transform ES5 code to ES6 at runtime
                            
                                Recommendation on how to document Websocket API [closed]
                            
                                Running multiple projects using docker which each runs with docker-compose
                            
                                npm WARN deprecated [email protected]: this package has been reintegrated into npm and is now out of date with respect to npm
                            
                                How can I disable default splash screen in react-native?
                            
                                Pathfinding on large map
                            
                                How will C++17 exception specifier type system work?
                            
                                Firebase - uploading images when internet is offline
                            
                                How to add another feature (length of text) to current bag of words classification? Scikit-learn
                            
                                iOS 10 can no longer set barcolor and tint on MFMessageComposeViewController

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With