Skip to content

Commit

Permalink
Merge branch 'master' into siem_ui_setup
Browse files Browse the repository at this point in the history
  • Loading branch information
rylnd committed Jan 7, 2020
2 parents 75ffe9b + 0576327 commit 06d5807
Show file tree
Hide file tree
Showing 325 changed files with 1,713 additions and 851 deletions.
138 changes: 75 additions & 63 deletions docs/management/index-patterns.asciidoc
Original file line number Diff line number Diff line change
@@ -1,17 +1,22 @@
[[index-patterns]]
== Index patterns
== Creating an index pattern

To visualize and explore data in {kib}, you must create an index pattern.
An index pattern tells {kib} which {es} indices contain the data that you want to work with.
An index pattern can match a single index, multiple indices, and a rollup index.
To explore and visualize data in {kib}, you must create an index pattern.
An index pattern tells {kib} which {es} indices contain the data that
you want to work with.
Once you create an index pattern, you're ready to:

* Interactively explore your data in <<discover, Discover>>.
* Analyze your data in charts, tables, gauges, tag clouds, and more in <<visualize, Visualize>>.
* Show off your data in a <<canvas, Canvas>> workpad.
* If your data includes geo data, visualize it with <<maps, Maps>>.

[float]
[[index-patterns-read-only-access]]
=== [xpack]#Read-only access#
If you have insufficient privileges to create or save index patterns, a read-only
If you have insufficient privileges to create or save index patterns, a read-only
indicator appears in Kibana. The buttons to create new index patterns or save
existing index patterns are not visible. For more information on granting access to
Kibana see <<xpack-security-authorization>>.
existing index patterns are not visible. For more information, see <<xpack-security-authorization>>.

[role="screenshot"]
image::images/management-index-read-only-badge.png[Example of Index Pattern Management's read only access indicator in Kibana's header]
Expand All @@ -20,96 +25,103 @@ image::images/management-index-read-only-badge.png[Example of Index Pattern Mana
[[settings-create-pattern]]
=== Create an index pattern

To get started, go to *Management > Kibana > Index Patterns*. You begin with
an overview of your index patterns, including any that were added when you
downloaded sample data sets.

You can create a standard index pattern, and if a rollup index is detected in the
cluster, a rollup index pattern.
If you are in an app that requires an index pattern, and you don't have one yet,
{kib} prompts you to create one. Or, you can go directly to
*Management > Kibana > Index Patterns*.

[role="screenshot"]
image:management/index-patterns/images/rollup-index-pattern.png["Menu with rollup index pattern"]

[float]
==== Standard index pattern

{kib} makes it easy for you to create an index pattern by walking you through
the process. Just start typing in the *Index pattern* field, and {kib} looks for
the names of {es} indices that match your input. Make sure that the name of the
Just start typing in the *Index pattern* field, and {kib} looks for
the names of {es} indices that match your input. Make sure that the name of the
index pattern is unique.

If you want to include system indices in your search, toggle the switch in the
upper right.
To include system indices in your search, toggle the switch in the upper right.

[role="screenshot"]
image:management/index-patterns/images/create-index-pattern.png["Create index pattern"]

Your index pattern can match multiple {es} indices.
Use a comma to separate the names, with no space after the comma. The notation for
wildcards (`*`) and the ability to "exclude" (`-`) also apply
Your index pattern can match multiple {es} indices.
Use a comma to separate the names, with no space after the comma. The notation for
wildcards (`*`) and the ability to "exclude" (`-`) also apply
(for example, `test*,-test3`).

When {kib} detects an index with a timestamp, you’re asked to choose a field to
filter your data by time. If you don’t specify a field, you won’t be able
If {kib} detects an index with a timestamp, you’re asked to choose a field to
filter your data by time. If you don’t specify a field, you won’t be able
to use the time filter.

Once you’ve created your index pattern, you can start working with
your {es} data in {kib}. Here are some things to try:

* Interactively explore your data in <<discover, Discover>>.
* Present your data in charts, tables, gauges, tag clouds, and more in <<visualize, Visualize>>.
* Show off your data in a <<canvas, Canvas>> presentation.
* If your data includes geo data, visualize it using <<maps, Maps>>.

For a walkthrough of creating an index pattern and visualizing the data,
see <<getting-started, Getting Started>>.

[float]
==== Rollup index pattern

If a rollup index is detected in the cluster, clicking *Create index pattern*
includes an item for creating a rollup index pattern. You create an
index pattern for rolled up data the same way you do for any data.
If a rollup index is detected in the cluster, clicking *Create index pattern*
includes an item for creating a rollup index pattern.
You can match an index pattern to only rolled up data, or mix both rolled
up and raw data to explore and visualize all data together.
An index pattern can match
only one rollup index.

[float]
[[management-cross-cluster-search]]
==== {ccs-cap} index pattern

If your {es} clusters are configured for {ref}/modules-cross-cluster-search.html[{ccs}], you can create
index patterns to search across the clusters of your choosing. Using the
same syntax that you'd use in a raw {ccs} request in {es}, create your
index pattern with the convention `<cluster-names>:<pattern>`.

For example, to query {ls} indices across two {es} clusters
that you set up for {ccs}, which are named `cluster_one` and `cluster_two`,
you would use `cluster_one:logstash-*,cluster_two:logstash-*` as your index pattern.

You can use wildcards in your cluster names
to match any number of clusters, so if you want to search {ls} indices across
clusters named `cluster_foo`, `cluster_bar`, and so on, you would use `cluster_*:logstash-*`
as your index pattern.

You can match an index pattern to only rolled up data, or mix both rolled
up and raw data to visualize all data together. An index pattern can match
only one rollup index, not multiple. There is no restriction on the
number of standard indices that an index pattern can match.
To query across all {es} clusters that have been configured for {ccs},
use a standalone wildcard for your cluster name in your index
pattern: `*:logstash-*`.

See <<visualize-rollup-data, Creating a visualization using rolled up data>>
for more detailed information.
Once an index pattern is configured using the {ccs} syntax, all searches and
aggregations using that index pattern in {kib} take advantage of {ccs}.

[float]
=== Manage your index pattern

Once you’ve created an index pattern, you’re presented a table of all fields
and associated data types in the index.
Once you create an index pattern, manually or with a sample data set,
you can look at its fields and associated data types.
You can also perform housekeeping tasks, such as making the
index pattern the default or deleting it when you longer need it.
To drill down into the details of an index pattern, click its name in
the *Index patterns* overview.

[role="screenshot"]
image:management/index-patterns/images/new-index-pattern.png["Index files and data types"]

You can perform the following actions:
From the detailed view, you can perform the following actions:

* *Manage the index fields.* Click a column header to sort the table by that column.
Use the field dropdown menu to limit to display to a specific field.
See <<managing-fields, Managing fields>> for more detailed information.
* *Manage the index fields.* You can add formatters to format values and create
scripted fields.
See <<managing-fields, Managing fields>> for more information.

* [[set-default-pattern]]*Set the default index pattern.* {kib} uses a badge to make users
aware of which index pattern is the default. The first pattern
you create is automatically designated as the default pattern. The default
index pattern is loaded when you view the Discover tab.
* [[set-default-pattern]]*Set the default index pattern.* {kib} uses a badge to make users
aware of which index pattern is the default. The first pattern
you create is automatically designated as the default pattern. The default
index pattern is loaded when you open *Discover*.

* [[reload-fields]]*Reload the index fields list.* You can reload the index fields list to
pick up any newly-added fields. Doing so also resets Kibana’s popularity counters
for the fields. The popularity counters keep track of the fields
you’ve used most often in {kib} and are used to sort fields in lists.
* [[reload-fields]]*Refresh the index fields list.* You can refresh the index fields list to
pick up any newly-added fields. Doing so also resets Kibana’s popularity counters
for the fields. The popularity counters are used in *Discover* to sort fields in lists.

* [[delete-pattern]]*Delete the index pattern.* This action removes the pattern from the list of
Saved Objects in {kib}. You will not be able to recover field formatters,
* [[delete-pattern]]*Delete the index pattern.* This action removes the pattern from the list of
Saved Objects in {kib}. You will not be able to recover field formatters,
scripted fields, source filters, and field popularity data associated with the index pattern.
+
Deleting an index pattern breaks all visualizations, saved searches, and
other saved objects that reference the pattern. Deleting an index pattern does
Deleting an index pattern does
not remove any indices or data documents from {es}.

include::index-patterns/management-cross-cluster-search.asciidoc[]
+
WARNING: Deleting an index pattern breaks all visualizations, saved searches, and
other saved objects that reference the pattern.

This file was deleted.

3 changes: 3 additions & 0 deletions docs/user/discover.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

[partintro]
--

When you know what your data includes, you can create visualizations
that best display that data and build better dashboards.
*Discover* enables you to explore your data, find
Expand Down Expand Up @@ -99,6 +100,8 @@ or create a direct link to share. The *Save* and *Share* actions are in the men

--

include::{kib-repo-dir}/management/index-patterns.asciidoc[]

include::{kib-repo-dir}/discover/set-time-filter.asciidoc[]

include::{kib-repo-dir}/discover/search.asciidoc[]
Expand Down
4 changes: 0 additions & 4 deletions docs/user/management.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,6 @@ visualizations, and dashboards.

include::{kib-repo-dir}/management/managing-licenses.asciidoc[]

include::{kib-repo-dir}/management/index-patterns.asciidoc[]

include::{kib-repo-dir}/management/rollups/create_and_manage_rollups.asciidoc[]

include::{kib-repo-dir}/management/index-lifecycle-policies/intro-to-lifecycle-policies.asciidoc[]
Expand All @@ -40,5 +38,3 @@ include::{kib-repo-dir}/management/managing-beats.asciidoc[]
include::{kib-repo-dir}/management/managing-remote-clusters.asciidoc[]

include::{kib-repo-dir}/management/snapshot-restore/index.asciidoc[]


32 changes: 16 additions & 16 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@
"react-use": "^13.13.0",
"reactcss": "1.2.3",
"redux": "4.0.0",
"redux-actions": "2.2.1",
"redux-actions": "2.6.5",
"redux-thunk": "2.3.0",
"regenerator-runtime": "^0.13.3",
"regression": "2.0.1",
Expand Down Expand Up @@ -314,7 +314,7 @@
"@types/delete-empty": "^2.0.0",
"@types/elasticsearch": "^5.0.33",
"@types/enzyme": "^3.9.0",
"@types/eslint": "^6.1.2",
"@types/eslint": "^6.1.3",
"@types/fetch-mock": "^7.3.1",
"@types/getopts": "^2.0.1",
"@types/glob": "^7.1.1",
Expand Down Expand Up @@ -353,7 +353,7 @@
"@types/react-router-dom": "^5.1.3",
"@types/react-virtualized": "^9.18.7",
"@types/redux": "^3.6.31",
"@types/redux-actions": "^2.2.1",
"@types/redux-actions": "^2.6.1",
"@types/request": "^2.48.2",
"@types/selenium-webdriver": "^4.0.5",
"@types/semver": "^5.5.0",
Expand All @@ -368,8 +368,8 @@
"@types/uuid": "^3.4.4",
"@types/vinyl-fs": "^2.4.11",
"@types/zen-observable": "^0.8.0",
"@typescript-eslint/eslint-plugin": "^2.12.0",
"@typescript-eslint/parser": "^2.12.0",
"@typescript-eslint/eslint-plugin": "^2.15.0",
"@typescript-eslint/parser": "^2.15.0",
"angular-mocks": "^1.7.8",
"archiver": "^3.1.1",
"axe-core": "^3.3.2",
Expand All @@ -389,21 +389,21 @@
"enzyme-adapter-react-16": "^1.15.1",
"enzyme-adapter-utils": "^1.12.1",
"enzyme-to-json": "^3.4.3",
"eslint": "^6.5.1",
"eslint-config-prettier": "^6.4.0",
"eslint": "^6.8.0",
"eslint-config-prettier": "^6.9.0",
"eslint-plugin-babel": "^5.3.0",
"eslint-plugin-ban": "^1.3.0",
"eslint-plugin-cypress": "^2.7.0",
"eslint-plugin-import": "^2.18.2",
"eslint-plugin-jest": "^22.19.0",
"eslint-plugin-ban": "^1.4.0",
"eslint-plugin-cypress": "^2.8.1",
"eslint-plugin-import": "^2.19.1",
"eslint-plugin-jest": "^23.3.0",
"eslint-plugin-jsx-a11y": "^6.2.3",
"eslint-plugin-mocha": "^6.2.0",
"eslint-plugin-mocha": "^6.2.2",
"eslint-plugin-no-unsanitized": "^3.0.2",
"eslint-plugin-node": "^10.0.0",
"eslint-plugin-node": "^11.0.0",
"eslint-plugin-prefer-object-spread": "^1.2.1",
"eslint-plugin-prettier": "^3.1.1",
"eslint-plugin-react": "^7.16.0",
"eslint-plugin-react-hooks": "^2.1.2",
"eslint-plugin-prettier": "^3.1.2",
"eslint-plugin-react": "^7.17.0",
"eslint-plugin-react-hooks": "^2.3.0",
"exit-hook": "^2.2.0",
"faker": "1.1.0",
"fetch-mock": "^7.3.9",
Expand Down
18 changes: 9 additions & 9 deletions packages/eslint-config-kibana/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,19 +15,19 @@
},
"homepage": "https://github.com/elastic/eslint-config-kibana#readme",
"peerDependencies": {
"@typescript-eslint/eslint-plugin": "^2.12.0",
"@typescript-eslint/parser": "^2.12.0",
"@typescript-eslint/eslint-plugin": "^2.15.0",
"@typescript-eslint/parser": "^2.15.0",
"babel-eslint": "^10.0.3",
"eslint": "^6.5.1",
"eslint": "^6.8.0",
"eslint-plugin-babel": "^5.3.0",
"eslint-plugin-ban": "^1.3.0",
"eslint-plugin-ban": "^1.4.0",
"eslint-plugin-jsx-a11y": "^6.2.3",
"eslint-plugin-import": "^2.18.2",
"eslint-plugin-jest": "^22.19.0",
"eslint-plugin-mocha": "^6.2.0",
"eslint-plugin-import": "^2.19.1",
"eslint-plugin-jest": "^23.3.0",
"eslint-plugin-mocha": "^6.2.2",
"eslint-plugin-no-unsanitized": "^3.0.2",
"eslint-plugin-prefer-object-spread": "^1.2.1",
"eslint-plugin-react": "^7.16.0",
"eslint-plugin-react-hooks": "^2.1.2"
"eslint-plugin-react": "^7.17.0",
"eslint-plugin-react-hooks": "^2.3.0"
}
}
4 changes: 2 additions & 2 deletions packages/kbn-eslint-plugin-eslint/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@
"private": true,
"license": "Apache-2.0",
"peerDependencies": {
"eslint": "6.5.1",
"eslint": "6.8.0",
"babel-eslint": "^10.0.3"
},
"dependencies": {
"micromatch": "3.1.10",
"dedent": "^0.7.0",
"eslint-module-utils": "2.4.1"
"eslint-module-utils": "2.5.0"
}
}
Loading

0 comments on commit 06d5807

Please sign in to comment.