Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Query two indexes simultaneously in Kibana 4?

Tags:

elasticsearch

kibana-4

kibana

Whenever I create a visualization, Kibana 4 asks me to select the index for doing the search. My project requires searching data that is present in multiple indexes and hence I am stuck. I wish to search two indexes for my data and then visualize them. Any help would be valuable.

like image 853
Shubham Mishra Avatar asked Apr 16 '15 10:04

Shubham Mishra

4 Answers

A solution that works in any case: create an alias in Elasticsearch for the indexes you want to query simultaneously and then use the alias as an index-pattern in Kibana.

In the plugin Marvel, through the Sense interface, you can create an alias for multiple indexes by doing this request :

POST _aliases
{
    "actions" : [
      { "add" : { "index" : "test1", "alias" : "alias1" } },
      { "add" : { "index" : "test2", "alias" : "alias1" } }
    ]
}

Or using CURL:

curl -XPOST 'http://localhost:9200/_aliases' -d '
{
    "actions" : [
        { "add" : { "index" : "test1", "alias" : "alias1" } },
        { "add" : { "index" : "test2", "alias" : "alias1" } }
    ]
}'

Then, you just need to add an index-pattern in Kibana for "alias1" and create your visualizations.

For more informations on aliases, see https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html

like image 100
WhiteFangs Avatar answered Oct 03 '22 20:10

WhiteFangs

Thanks for all the help, But I figured out a way in which this could be done. In Index Pattern of Kibana 4 create an index Pattern as _all. This index pattern contains all the indexes present in your elasticsearch. Hence when you create a new visualization simply select the _all index pattern there and all the data fields from all the indexes in your elasticsearch are accessible and you can easily use it to create visualizations.

like image 40
Shubham Mishra Avatar answered Oct 03 '22 20:10

Shubham Mishra

Kibana can create Visualization from multiple indexes. But! indexes should have similar names, or alias names with similar names, for example, you can simply grab data from indexes: logstash-2015-01-01 and logstash-2015-01-02 using mask logstash-*.

But yes it would be handy if we could write something like index1,onother_index.

like image 24
sonenko Avatar answered Oct 03 '22 19:10

sonenko

Two wildcards (i.e. *-*) works for me in Kibana 4.

like image 26
Kevin Rego Avatar answered Oct 03 '22 18:10

Kevin Rego
Sign in to Comment

Related questions

Search a nested field for multiple values on the same field with elasticsearch
Elasticsearch filter aggregations on minimal doc count
How to combine multiple bool queries in elasticsearch
Elasticsearch process memory locking failed
Symbols in query-string for elasticsearch
Using multiple node clients in elasticsearch
type keyword and not analyzed, any difference?
How to perform indices query in ElasticSearch?
How to store money in elasticsearch
Delete documents older than 30 days in elasticsearch [closed]
ElasticSearch vs. ElasticSearch+Cassandra
Configure elasticsearch mapping with java api
Removing an index from an alias in Elasticsearch
elasticsearch - routing VS. indexing for query performance
How to start elasticsearch 5.1 embedded in my java application?
How to get all indices with Elastic's High Level Rest Client?
Not able to start elastic search service
docker-compose.yml for elasticsearch and kibana
Edge NGram with phrase matching
Unable to access ElasticSearch AWS through Python

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!