- In Kibana, in the Management tab, click Index Patterns. The Index Patterns tab is displayed.
- Click Add New. The Configure an index pattern section is displayed.
- Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana guesses that you’re working with log data fed into Elasticsearch by Logstash, so it proposes "logstash-*".
- Enter the name of the tenant. The default tenant name is "default", so please enter this:
The index name is correct only if the green Create button is displayed.
- Important! If your index contains a timestamp field that you want to use to perform time-based comparisons, select the Index contains time-based events option. Proceed by selecting the index field that contains the timestamp. Kibana reads the index mapping to list all the fields that contain a timestamp.
- Ensure the Do not expand index pattern when searching option is not selected. By default, Kibana restricts wildcard expansion of time-based index patterns to indices with data within the currently selected time range.
- Set @timeStamp as the Time-field name.
- Click Create to add the index pattern.
Updated 2 years ago