For example, Logstash typically creates a series of indices in the format . To explore all of the log data from May 2018, you could specify the index pattern logstash-2018.05*.

    Create your first index pattern

    First you’ll create index patterns for the Shakespeare data set, which has an index named shakespeare, and the accounts data set, which has an index named . These data sets don’t contain time series data.

    1. Open the menu, then go to Stack Management > Kibana > Index Patterns.

    3. Click Next step.

    4. You’re presented a table of all fields and associated data types in the index.

    5. Return to the Index patterns page and create a second index pattern named ba*.

    Create an index pattern for the time series data

    1. Click Next step.
    2. From the Time Filter field name dropdown, select @timestamp.
    3. Click Create index pattern.

    When you define an index pattern, the indices that match that pattern must exist in Elasticsearch and they must contain data. To check which indices are available, open the menu, then go to Dev Tools > Console and enter GET _cat/indices. Alternately, use curl -XGET "http://localhost:9200/_cat/indices".