Request two indexes simultaneously in Kibana 4?

Question

Request two indexes simultaneously in Kibana 4?

Whenever I create a visualization, Kibana 4 asks me to select an index to perform the search. My project requires finding data that is present in multiple indexes, and therefore I'm stuck. I want to search for two indexes for my data and then visualize them. Any help would be helpful.

+6

elasticsearch kibana kibana-4

Shubham mishra Apr 16 '15 at 10:18

source share

6 answers

A solution that works anyway: create an alias in Elasticsearch for the indexes you want to query at the same time, and then use the alias as an index in Kibana.

In the Marvel plugin, through the Sense interface, you can create an alias for multiple indexes by running this query:

POST _aliases { "actions" : [ { "add" : { "index" : "test1", "alias" : "alias1" } }, { "add" : { "index" : "test2", "alias" : "alias1" } } ] }

Or using CURL:

 curl -XPOST 'http://localhost:9200/_aliases' -d ' { "actions" : [ { "add" : { "index" : "test1", "alias" : "alias1" } }, { "add" : { "index" : "test2", "alias" : "alias1" } } ] }'

Then you just need to add the index template to Kibana for "alias1" and create a visualization.

For more information about aliases, see https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html

+9

Whitefangs Aug 08 '16 at 11:41

source share

Thanks for the help, But I figured out how to do this. In the Kibana 4 index template, create the index template as _all. This index template contains all the indexes present in your elastics search. Therefore, when you create a new visualization, simply select the _all index template and all data fields from all indexes in your elasticsearch are available, and you can easily use it to create the visualization.

+5

Shubham mishra Apr 16 '15 at 11:33

source share

If I understand correctly what you are asking, this may depend on how you named your indexes.

I can query several logstash indices by selecting my "logstash- *" template. When you customize your indexes, you can specify a template.

(Settings => Indexes => Index Template => Add New)

Hope this helps.

+3

Nic palmer Apr 16 '15 at 11:37

source share

Two wildcards (i.e. *-* ) work for me in Kibana 4.

+3

Kevin rego Feb 25 '16 at 19:41

source share

I'm not sure I understand correctly, but I think that your best option is to create this visualization for both indexes you want separately and create a dashboard, including both visualizations.

Kibana cannot display a single visualization when searching from two separate indexes.

0

gillyb Apr 16 '15 at 10:29

source share

sonenko · Accepted Answer · 2015-07-27T08:41:54+0000

Kibana can create visualizations from multiple indexes. But! indexes should have similar names, for example, you can just grab data from indexes: logstash-2015-01-01 and logstash-2015-01-02 using the logstash - mask . *

But yes, it would be convenient if we could write something like index1, onother_index .

I see two ways to resolve this issue:

rename indexes.
request for craving for Kibana.

Request two indexes simultaneously in Kibana 4?

More articles: