11

Whenever I create a visualization, Kibana 4 asks me to select the index for doing the search. My project requires searching data that is present in multiple indexes and hence I am stuck. I wish to search two indexes for my data and then visualize them. Any help would be valuable.

4

6 回答 6

13

Kibana can create Visualization from multiple indexes. But! indexes should have similar names, or alias names with similar names, for example, you can simply grab data from indexes: logstash-2015-01-01 and logstash-2015-01-02 using mask logstash-*.

But yes it would be handy if we could write something like index1,onother_index.

于 2015-07-27T08:41:54.280 回答
12

A solution that works in any case: create an alias in Elasticsearch for the indexes you want to query simultaneously and then use the alias as an index-pattern in Kibana.

In the plugin Marvel, through the Sense interface, you can create an alias for multiple indexes by doing this request :

POST _aliases
{
    "actions" : [
      { "add" : { "index" : "test1", "alias" : "alias1" } },
      { "add" : { "index" : "test2", "alias" : "alias1" } }
    ]
}

Or using CURL:

curl -XPOST 'http://localhost:9200/_aliases' -d '
{
    "actions" : [
        { "add" : { "index" : "test1", "alias" : "alias1" } },
        { "add" : { "index" : "test2", "alias" : "alias1" } }
    ]
}'

Then, you just need to add an index-pattern in Kibana for "alias1" and create your visualizations.

For more informations on aliases, see https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html

于 2016-08-08T11:41:39.120 回答
7

Thanks for all the help, But I figured out a way in which this could be done. In Index Pattern of Kibana 4 create an index Pattern as _all. This index pattern contains all the indexes present in your elasticsearch. Hence when you create a new visualization simply select the _all index pattern there and all the data fields from all the indexes in your elasticsearch are accessible and you can easily use it to create visualizations.

于 2015-04-16T11:33:58.367 回答
3

If I understand what you are asking correctly, then it may depend on how you've named your indexes.

I can query multiple logstash indexes, by selecting my pattern 'logstash-*'. When you setup your indexes it gives you the option to specify a pattern.

(Settings => Indices => Index Pattern => Add New)

I hope that helps.

于 2015-04-16T11:37:45.650 回答
3

Two wildcards (i.e. *-*) works for me in Kibana 4.

于 2016-02-25T19:41:20.297 回答
0

I'm not sure i understand correctly, but I think your best option is to create that visualization on both indexes you want separately, and build a dashboard including both the visualizations.

Kibana can't display a single visualization with searches from two separate indexes.

于 2015-04-16T10:29:59.860 回答