Im planning to create a summary view of my filebeat and metricbeat indices with few selected field from each and use it as my visualization source in kibana. Is this possible?
Hi Archelle,
yes this is possible. When creating an index pattern (under Stack Management > Kibana > Index Patterns), you can use wildcards and commas for using multiple indexes below, so you could create an index pattern for metricbeat-*,filebeat-* that would match all indexes begining with either of those.
Cheers,
Tim
Thank you but it needs to reindex right? right now i need something like a view .. that doesnt require to reindex as i dont have any access to source data
You won't need to reindex anything - index patterns in Kibana are just a "selector" (or pointer) for your data in Elasticsearch. It's simply telling Elasticsearch which indices to consider when queries are sent.
ok, so how do i select which fields only to include in index pattern? bcoz i need to filter out only the main fields like agent.hostname, system.cpu etc
You can select them when creating your charts - them showing up in the index pattern isn't having any effect (like worse performance and so on)
not gonna work in my local machine haha. combining metricbeat and filebeat is making an index pattern with more that 7k fields, and i only need more or less 10 fields.
What issue are you running into with the 7k fields index?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.