Hi,
After hitting a problem, I've finally managed to get elasticsearch configured with kibana. I'm using an HTTP sender to post directly into elastic and it all seems to be working OK. I've set up a test index and am ready to actually switch this on and move it into production. But just want to clarify a few things first to make sure I fully understand everything.
My HTTP sender gets a response like this when posting. I assume all this is normal and OK? Pretty self explanatory - is total the total amount of records in the index?
{
"_index" : "testmsg",
"_type" : "msg",
"_id" : "AVhJxWWd__W47b1DFlAg",
"_version" : 1,
"_shards" : {
"total" : 2,
"successful" : 1,
"failed" : 0
},
"created" : true
}
I'm guessing Kibana is used mainly for visualisation of the data and I'm going to get stuck into that now. Do you guys use Kibana as the main query/lookup tool as well? For example querying on an object property of a specific type (e.g. I might want to see all 'email' flagged messages per _msg object from the testmsg _index). I know Kibana has the query filter at the top, is this the most efficient way - I've been using Postman as well.
I know what _index, _type and _id are from the kibana docs - what is _score?
When I set up my index, I used Postman. One of the fields does contain date/time data but when I loaded the index into Kibana, and had the checkbox ticked for 'contains date/time' data it didn't bring back the fields to 'pick'. Does it require a certain property name to pick up or data format?
I realise some of these are related to kibana as well but any pointers appreciated before I decide to start logging properly.