Create an Index pattern

Learn how to create an index pattern to configure your data from Elasticsearch to Kibana

Follow these steps to create an index pattern:

1. Click on the ”Menu bar” on the left corner of the second ribbon from the top

2. Scroll to the bottom of the menu & click “Stack Management” and click on “Index Patterns”

3. Click the “Create Index” pattern

4. Once you click on Create Index you will be directed to a screen, a sample snapshot of the same is given below. Step 1 for you is to define your index pattern. In the next steps, you will learn how to define your index pattern.

Creating Index Pattern

5. Start typing in the Index pattern field. Kibana checks for the names of Elasticsearch indices that match your input.

5.1. To match multiple indices use a wildcard (*). For example, suppose your system creates indices for Apache data with the naming scheme ”filebeat-apache-a, filebeat-apache-b”, and so on. An index pattern named ”filebeat-a” matches a single source, and ”filebeat-*” matches multiple data sources. Using a wildcard is the most popular approach.

5.2. You also have the option to select multiple indices. You can do this by entering multiple strings, separated by a comma. Make sure there is no space after the comma. For example, ”filebeat-a,filebeat-b” matches two indices.

5.3 Use a minus sign (-) to exclude an index, for example, test*,-test3 will exclude test3 index.

6. If Kibana detects an index with a timestamp, expand the Time field menu, and then specify the default field for filtering your data by time.

7.Finally click the “Create index” pattern

Kibana is now configured to use your Elasticsearch data!

If your index doesn’t have time-based data, or if you don’t want to select the default timestamp field, choose I don’t want to use the Time Filter.

If you don’t set a default time field, you will not be able to use global time filters on your dashboards.