|
1 | 1 | [[connect-to-elasticsearch]] |
2 | | -== Connect Kibana with Elasticsearch |
| 2 | +== Adding data |
3 | 3 |
|
4 | | -Before you can start using Kibana, you need to tell it which Elasticsearch indices you want to explore. |
5 | | -The first time you access Kibana, you are prompted to define an _index pattern_ that matches the name of |
6 | | -one or more of your indices. That's it. That's all you need to configure to start using Kibana. You can |
7 | | -add index patterns at any time from the <<settings-create-pattern,Management tab>>. |
| 4 | +To start working with your data in {kib}, you can: |
8 | 5 |
|
9 | | -TIP: By default, Kibana connects to the Elasticsearch instance running on `localhost`. To connect to a |
10 | | -different Elasticsearch instance, modify the Elasticsearch URL in the `kibana.yml` configuration file and |
11 | | -restart Kibana. For information about using Kibana with your production nodes, see <<production>>. |
| 6 | +* Upload a CSV, JSON, or log file with the File Data Visualizer. |
12 | 7 |
|
13 | | -To configure the Elasticsearch indices you want to access with Kibana: |
| 8 | +* Upload geospatial data with the GeoJSON Upload feature. |
14 | 9 |
|
15 | | -. Point your browser at port 5601 to access the Kibana UI. For example, `localhost:5601` or |
16 | | -`http://YOURDOMAIN.com:5601`. |
17 | | -+ |
18 | | -image:images/Start-Page.png[Kibana start page] |
19 | | -+ |
20 | | -. Specify an index pattern that matches the name of one or more of your Elasticsearch indices. The pattern |
21 | | -can include an asterisk (*) to matches zero or more characters in an index's name. When filling out your |
22 | | -index pattern, any matched indices will be displayed. |
23 | | -. Click *Next Step* to select the index field that contains the timestamp you want to use to perform time-based |
24 | | -comparisons. Kibana reads the index mapping to list all of the fields that contain a timestamp. If your |
25 | | -index doesn't have time-based data, choose *I don't want to use the Time Filter* option. |
26 | | -+ |
27 | | -. Click *Create index pattern* to add the index pattern. This first pattern is automatically configured as the default. |
28 | | -When you have more than one index pattern, you can designate which one to use as the default by clicking |
29 | | -on the star icon above the index pattern title from *Management > Index Patterns*. |
| 10 | +* Index logs, metrics, events, or application data by setting up a Beats module. |
| 11 | + |
| 12 | +* Connect {kib} with existing {es} indices. |
| 13 | + |
| 14 | +If you're not ready to use your own data, you can add a <<get-data-in, sample data set>> |
| 15 | +to see all that you can do in {kib}. |
| 16 | + |
| 17 | +[float] |
| 18 | +[[upload-data-kibana]] |
| 19 | +=== Upload a CSV, JSON, or log file |
| 20 | + |
| 21 | +To visualize data in a CSV, JSON, or log file, you can |
| 22 | +upload it using the File Data Visualizer. On the home page, |
| 23 | +click *Import a CSV, NDSON, or log file*, and then drag your file into the |
| 24 | +File Data Visualizer. |
| 25 | + |
| 26 | +You can upload a file up to 100 MB. This value is configurable up to 1 GB in |
| 27 | +<<kibana-ml-settings, Advanced Settings>>. |
| 28 | + |
| 29 | +[role="screenshot"] |
| 30 | +image::images/add-data-fv.png[File Data Visualizer] |
| 31 | + |
| 32 | +The File Data Visualizer uses the {ref}/ml-find-file-structure.html[find_file_structure API] to analyze |
| 33 | +the uploaded file and to suggest ingest pipelines and mappings for your data. |
| 34 | + |
| 35 | +NOTE: This feature is not intended for use as part of a |
| 36 | +repeated production process, but rather for the initial exploration of your data. |
| 37 | + |
| 38 | +[float] |
| 39 | +[[upload-geoipdata-kibana]] |
| 40 | +=== Upload geospatial data |
| 41 | + |
| 42 | +To visualize geospatial data in a point or shape file, you can upload it using the <<geojson-upload, GeoJSON Upload>> |
| 43 | +feature in *Elastic Maps*, and then use that data as a layer in a map. |
| 44 | +The data is also available for use in the broader Kibana ecosystem, for example, |
| 45 | +in visualizations and Canvas workpads. |
| 46 | +With GeoJSON Upload, you can upload a file up to 50 MB. |
| 47 | + |
| 48 | +[role="screenshot"] |
| 49 | +image::images/fu_gs_select_source_file_upload.png[] |
30 | 50 |
|
31 | | -All done! Kibana is now connected to your Elasticsearch data. Kibana displays a read-only list of fields |
32 | | -configured for the matching index. |
33 | 51 |
|
34 | 52 | [float] |
35 | | -[[explore]] |
36 | | -=== Start Exploring your Data! |
37 | | -You're ready to dive in to your data: |
| 53 | +[[add-data-tutorial-kibana]] |
| 54 | +=== Index metrics, log, security, and application data |
38 | 55 |
|
39 | | -* Search and browse your data interactively from the <<discover, Discover>> page. |
40 | | -* Chart and map your data from the <<visualize, Visualize>> page. |
41 | | -* Create and view custom dashboards from the <<dashboard, Dashboard>> page. |
| 56 | +The built-in data tutorials can help you quickly get up and running with |
| 57 | +metrics data, log analytics, security events, and application data. |
| 58 | +These tutorials walk you through installing and configuring a |
| 59 | +Beats data shipper to periodically collect and send data to {es}. |
| 60 | +You can then use the pre-built dashboards to explore and analyze the data. |
42 | 61 |
|
43 | | -For a step-by-step introduction to these core Kibana concepts, see the <<getting-started, |
44 | | -Getting Started>> tutorial. |
| 62 | +You access the tutorials from the home page. |
| 63 | +If a tutorial doesn’t exist for your data, go to the {beats-ref}/beats-reference.html[Beats overview] |
| 64 | +to learn about other data shippers in the Beats family. |
| 65 | + |
| 66 | +[role="screenshot"] |
| 67 | +image::images/add-data-tutorials.png[Add Data tutorials] |
| 68 | + |
| 69 | + |
| 70 | +[float] |
| 71 | +[[connect-to-es]] |
| 72 | +=== Connect with {es} indices |
| 73 | + |
| 74 | +To visualize data in existing {es} indices, you must |
| 75 | +create an index pattern that matches the names of the indices that you want to explore. |
| 76 | +When you add data with the File Data Visualizer, GeoJSON Upload feature, |
| 77 | +or built-in tutorial, an index pattern is created for you. |
| 78 | + |
| 79 | +. Go to *Stack Management*, and then click *Index Patterns*. |
| 80 | + |
| 81 | +. Click *Create index pattern*. |
| 82 | + |
| 83 | +. Specify an index pattern that matches the name of one or more of your Elasticsearch indices. |
| 84 | ++ |
| 85 | +For example, an index pattern can point to your Apache data from yesterday, |
| 86 | +`filebeat-apache-4-3-2022`, or any index that matches the pattern, `filebeat-*`. |
| 87 | +Using a wildcard is the more popular approach. |
| 88 | + |
| 89 | + |
| 90 | +. Click *Next Step*, and then select the index field that contains the timestamp you want to use to perform time-based |
| 91 | +comparisons. |
| 92 | ++ |
| 93 | +Kibana reads the index mapping and lists all fields that contain a timestamp. If your |
| 94 | +index doesn't have time-based data, choose *I don't want to use the Time Filter*. |
| 95 | ++ |
| 96 | +You must select a time field to use global time filters on your dashboards. |
| 97 | + |
| 98 | +. Click *Create index pattern*. |
| 99 | ++ |
| 100 | +{kib} is now configured to access your {es} indices. |
| 101 | +You’ll see a list of fields configured for the matching index. |
| 102 | +You can designate your index pattern as the default by clicking the star icon on this page. |
| 103 | ++ |
| 104 | +When searching in *Discover* and creating visualizations, you choose a pattern |
| 105 | +from the index pattern menu to specify the {es} indices that contain the data you want to explore. |
0 commit comments