Each set of data loaded to Elasticsearch has an index pattern. In the previous section, the Shakespeare data set has an index named
shakespeare
, and the accounts data set has an index named
bank
. An index pattern is a string with optional wildcards that can match multiple indices. For example, in the common logging use case, a typical index name contains the date in MM-DD-YYYY format, and an index pattern for May would look something like
logstash-2015.05*
.
每個加載到ES的資料集都有一個索引模式。在前一部分,莎士比亞資料集有一個叫“莎士比亞”的索引名,而且,計數資料集用一個索引名叫“bank”。索引模式是一個包含可選通配符的字元串,它可以比對多種索引。例如,在通常的日志使用案例中,一個典型的索引名包括MM-DD-YYYY 格式的日期,而且五月的索引模式看起來像是logstash-2015.05。
For this tutorial, any pattern that matches the name of an index we’ve loaded will work. Open a browser and navigate to
localhost:5601
. Click the Settings tab, then the Indices tab. Click Add New to define a new index pattern. Two of the sample data sets, the Shakespeare plays and the financial accounts, don’t contain time-series data. Make sure the Index contains time-based events box is unchecked when you create index patterns for these data sets. Specify
shakes*
as the index pattern for the Shakespeare data set and click Create to define the index pattern, then define a second index pattern named
ba*
.
在這篇教程中,任何滿足我們加載的滿足索引名字的模式都将産生作用。打開浏覽器,通路localhost:5601。點選‘Settings’按鈕,然後是‘Indices’按鈕。點選‘Add New’來定義一個新模式。兩個資料集中的簡單例子,莎士比亞劇本和财務記賬,并沒有包含時間序列的資料。當你為資料集建立索引模式時,確定‘Index contains time-based events’的使用未受限。為莎士比亞資料集,指定‘shake*’作為索引模式,然後點選‘Create’來定義索引模式,最後定義一個名字是‘ba*’的二級索引模式。
The Logstash data set does contain time-series data, so after clicking Add New to define the index for this data set, make sure the Index contains time-based events box is checked and select the
@timestamp
field from the Time-field name drop-down.
Logstash資料集包含時間序列的資料,是以,在點選‘Add New’來為資料集定義索引之後,確定‘Index contains time-based events’欄是封閉的,從’Time-field name‘下拉清單選擇@timestamp字段。
Discovering Your Data
Discover你的資料
Click the Discover tab to display Kibana’s data discovery functions:
點選’Discover‘鍵來展示Kibana資料的發現功能。
Right under the tab itself, there is a search box where you can search your data. Searches take a specificquery syntax that enable you to create custom searches, which you can save and load by clicking the buttons to the right of the search box.
在’Discover‘标簽的正下方,有一個搜尋欄,你在那裡可以搜尋資料。搜尋使用了一種特殊的請求文法,來保證你能建立普通搜尋,你可以通過點選搜尋欄右邊的按鈕來儲存和加載。
Beneath the search box, the current index pattern is displayed in a drop-down. You can change the index pattern by selecting a different pattern from the drop-down selector.
在搜尋欄下方,現在的搜尋模式被展現在下拉菜單。你可以從下拉選擇器中,選擇一個不同的模式,來改變搜尋模式。
You can construct searches by using the field names and the values you’re interested in. With numeric fields you can use comparison operators such as greater than (>), less than (<), or equals (=). You can link elements with the logical operators AND, OR, and NOT, all in uppercase.
你可以使用你感興趣的字段名和值來建構搜尋。對于資料字段,你可以使用’>‘,'<'或’=‘。你可以使用鍵盤上的邏輯操作’AND‘,’OR‘和’NOT‘來連接配接元素。
Try selecting the
ba*
index pattern and putting the following search into the search box:
試着選擇’ba*‘索引模式,把下面的内容放在索引欄:
account_number:<100 AND balance:>47500 This search returns all account numbers between zero and 99 with balances in excess of 47,500.
If you’re using the linked sample data set, this search returns 5 results: Account numbers 8, 32, 78, 85, and 97.
這次搜尋傳回了數字在0到99之間,而賬目大于47500的内容。
如果你使用連結中的樣本資料集,這次搜尋将傳回5個結果:賬目資料8,32,78,85和97。
To narrow the display to only the specific fields of interest, highlight each field in the list that displays under the index pattern and click the Add button. Note how, in this example, adding the
account_number
field changes the display from the full text of five records to a simple list of five account numbers:
為了把展示結果限定成感興趣的字段,突出索引模式下清單中的每個字段,點選’Add‘按鈕。在這個例子中,添加’account_number‘字段,把顯示的完整資訊變成隻顯示五個數字:
備注:
材料來自elastic官網。
位址:
https://www.elastic.co/guide/en/kibana/current/tutorial-define-index.html