Kibana User Guide [4.2] »Settings

Settings

设置

To use Kibana, you have to tell it about the Elasticsearch indices that you want to explore by configuring one or more index patterns. You can also:

要使用 Kibana，你就得告诉它你想要探索的 Elasticsearch 索引是那些，这就要配置一个或者更多的索引模式。此外，你还可以：

• Create scripted fields that are computed on the fly from your data. You can browse and visualize scripted fields, but you cannot search them. 创建脚本化字段，这个字段可以实时从你的数据中计算出来。你可以浏览这种字段，并且在它基础上做可视化，但是不能搜索这种字段。
• Set advanced options such as the number of rows to show in a table and how many of the most popular fields to show. Use caution when modifying advanced options, as it’s possible to set values that are incompatible with one another. 设置高级选项，比如表格里显示多少行，常用字段显示多少个。修改高级选项的时候要千万小心，因为一个设置很可能跟另一个设置是不兼容的。
• Configure Kibana for a production environment  为生产环境配置 Kibana。

Creating an Index Pattern to Connect to Elasticsearch

创建一个连接到ES的索引模式

An index pattern identifies one or more Elasticsearch indices that you want to explore with Kibana. Kibana looks for index names that match the specified pattern. An asterisk (*) in the pattern matches zero or more characters. For example, the pattern myindex-* matches all indices whose names start withmyindex-, such as myindex-1 and myindex-2.
一个索引模式定义了一个或者多个你打算探索的 Elasticsearch 索引。Kibana 会查找匹配指定模式的索引名。模式中的通配符()匹配零到多个字符。比如，模式 `myindex-匹配所有名字以myindex-开头的索引，比如myindex-1和myindex-2`。

If you use event times to create index names (for example, if you’re pushing data into Elasticsearch from Logstash), the index pattern can also contain a date format. In this case, the static text in the pattern must be enclosed in brackets, and you specify the date format using the tokens described in Table 1, “Date Format Tokens”.

如果你用了事件时间来创建索引名(比如说，如果你是用 Logstash 往 Elasticsearch 里写数据)，索引模式里也可以匹配一个日期格式。在这种情况下，模式的静态文本部分必须用中括号包含起来，日期格式能用的字符，参见表 1 "日期格式码"。

For example, [logstash-]YYYY.MM.DD matches all indices whose names have a timestamp of the formYYYY.MM.DD appended to the prefix logstash-, such as logstash-2015.01.31 and logstash-2015-02-01.

比如，[logstash-]YYYY.MM.DD 匹配所有名字以 logstash- 为前缀，后面跟上 YYYY.MM.DD 格式时间戳的索引，比如 logstash-2015.01.31 和 logstash-2015-02-01。

An index pattern can also simply be the name of a single index.

To create an index pattern to connect to Elasticsearch:

索引模式也可以简单的设置为一个单独的索引名字。

要创建一个连接到 Elasticsearch 的索引模式：

1. Go to the Settings > Indices tab.  切换到 Settings > Indices 标签页。

2. Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana guesses that you’re you’re working with log data being fed into Elasticsearch by Logstash. 指定一个能匹配你的 Elasticsearch 索引名的索引模式。默认的，Kibana 会假设你是要处理 Logstash 导入的数据。

   

   When you switch between top-level tabs, Kibana remembers where you were. For example, if you view a particular index pattern from the Settings tab, switch to the Discover tab, and then go back to the Settings tab, Kibana displays the index pattern you last looked at. To get to the create pattern form, click the Add button in the Index Patterns list.   当你在顶层标签页之间切换的时候，Kibana 会记住你之前停留的位置。比如，如果你在 Settings 标签页查看了一个索引模式，然后切换到 Discover 标签，再切换回 Settings 标签，Kibana 还会显示上次你查看的索引模式。要看到创建模式的表单，需要从索引模式列表里点击 Add 按钮。

3. If your index contains a timestamp field that you want to use to perform time-based comparisons, select the Index contains time-based events option and select the index field that contains the timestamp. Kibana reads the index mapping to list all of the fields that contain a timestamp.  如果你索引有时间戳字段打算用来做基于事件的对比，勾选 Index contains time-based events 然后选择包含了时间戳的索引字段。Kibana 会读取索引映射，列出所有包含了时间戳的字段供选择。
4. If new indices are generated periodically and have a timestamp appended to the name, select theUse event times to create index names option and select the Index pattern interval. This enables Kibana to search only those indices that could possibly contain data in the time range you specify. This is primarily applicable if you are using Logstash to feed data into Elasticsearch.  如果新索引是周期性生成，名字里有时间戳的，勾选 Use event times to create index names 和Index pattern interval 选项。这会让 Kibana 只搜索哪些包含了你指定的时间范围内的数据的索引。当你使用 Logstash 往 Elasticsearch 写数据的时候非常有用。
5. Click Create to add the index pattern.  点击 Create 添加索引模式。
6. To designate the new pattern as the default pattern to load when you view the Discover tab, click the favorite button. 要设置新模式作为你查看 Discover 页是的默认模式，点击 favorite 按钮。

Table 1. Date Format Tokens

表 1. 日期格式码

M

Month - cardinal: 1 2 3 … 12

Mo

Month - ordinal: 1st 2nd 3rd … 12th

MM

Month - two digit: 01 02 03 … 12

MMM

Month - abbreviation: Jan Feb Mar … Dec

MMMM

Month - full: January February March … December

Q

Quarter: 1 2 3 4

D

Day of Month - cardinal: 1 2 3 … 31

Do

Day of Month - ordinal: 1st 2nd 3rd … 31st

DD

Day of Month - two digit: 01 02 03 … 31

DDD

Day of Year - cardinal: 1 2 3 … 365

DDDo

Day of Year - ordinal: 1st 2nd 3rd … 365th

DDDD

Day of Year - three digit: 001 002 … 364 365

d

Day of Week - cardinal: 0 1 3 … 6

do

Day of Week - ordinal: 0th 1st 2nd … 6th

dd

Day of Week - 2-letter abbreviation: Su Mo Tu … Sa

ddd

Day of Week - 3-letter abbreviation: Sun Mon Tue … Sat

dddd

Day of Week - full: Sunday Monday Tuesday … Saturday

e

Day of Week (locale): 0 1 2 … 6

E

Day of Week (ISO): 1 2 3 … 7

w

Week of Year - cardinal (locale): 1 2 3 … 53

wo

Week of Year - ordinal (locale): 1st 2nd 3rd … 53rd

ww

Week of Year - 2-digit (locale): 01 02 03 … 53

W

Week of Year - cardinal (ISO): 1 2 3 … 53

Wo

Week of Year - ordinal (ISO): 1st 2nd 3rd … 53rd

WW

Week of Year - two-digit (ISO): 01 02 03 … 53

YY

Year - two digit: 70 71 72 … 30

YYYY

Year - four digit: 1970 1971 1972 … 2030

gg

Week Year - two digit (locale): 70 71 72 … 30

gggg

Week Year - four digit (locale): 1970 1971 1972 … 2030

GG

Week Year - two digit (ISO): 70 71 72 … 30

GGGG

Week Year - four digit (ISO): 1970 1971 1972 … 2030

A

AM/PM: AM PM

a

am/pm: am pm

H

Hour: 0 1 2 … 23

HH

Hour - two digit: 00 01 02 … 23

h

Hour - 12-hour clock: 1 2 3 … 12

hh

Hour - 12-hour clock, 2 digit: 01 02 03 … 12

m

Minute: 0 1 2 … 59

mm

Minute - two-digit: 00 01 02 … 59

s

Second: 0 1 2 … 59

ss

Second - two-digit: 00 01 02 … 59

S

Fractional Second - 10ths: 0 1 2 … 9

SS

Fractional Second - 100ths: 0 1 … 98 99

SSS

Fractional Seconds - 1000ths: 0 1 … 998 999

Z

Timezone - zero UTC offset (hh:mm format): -07:00 -06:00 -05:00 .. +07:00

ZZ

Timezone - zero UTC offset (hhmm format): -0700 -0600 -0500 … +0700

X

Unix Timestamp: 1360013296

x

Unix Millisecond Timestamp: 1360013296123

Setting the Default Index Pattern

设置默认索引模式

The default index pattern is loaded by automatically when you view the Discover tab. Kibana displays a star to the left of the name of the default pattern in the Index Patterns list on the Settings > Indices tab. The first pattern you create is automatically designated as the default pattern.

默认索引模式会在你查看 Discover 标签的时候自动加载。Kibana 会在 Settings > Indices 标签页的索引模式列表里，给默认模式左边显示一个星号。你创建的第一个模式会自动被设置为默认模式。

To set a different pattern as the default index pattern:

要设置一个另外的模式为默认索引模式：

1. Go to the Settings > Indices tab.  进入 Settings > Indices 标签页。
2. Select the pattern you want to set as the default in the Index Patterns list.  在索引模式列表里选择你打算设置为默认值的模式。
3. Click the pattern’s Favorite button.  点击模式的 Favorite 标签。

You can also manually set the default index pattern in Advanced > Settings.

你也可以在 Advanced > Settings 里设置默认索引模式。

Reloading the Index Fields List 重新加载索引字段列表

When you add an index mapping, Kibana automatically scans the indices that match the pattern to display a list of the index fields. You can reload the index fields list to pick up any newly-added fields.

当你添加了一个索引映射，Kibana 自动扫描匹配模式的索引以显示索引字段。你可以重加载索引字段列表，以显示新添加的字段。

Reloading the index fields list also resets Kibana’s popularity counters for the fields. The popularity counters keep track of the fields you’ve used most often within Kibana and are used to sort fields within lists.

重加载索引字段列表，也会重设 Kibana 的常用字段计数器。这个计数器是跟踪你在 Kibana 里常用字段，然后来排序字段列表的。

To reload the index fields list:

要重加载索引的字段列表：

1. Go to the Settings > Indices tab.  进入 Settings > Indices 标签页。
2. Select an index pattern from the Index Patterns list.  在索引模式列表里选择一个索引模式。
3. Click the pattern’s Reload button.  点击模式的 Reload 按钮。

Deleting an Index Pattern  删除一个索引模式

To delete an index pattern: 怎样删除一个索引模式：

1. Go to the Settings > Indices tab.  进入 Settings > Indices 标签页。
2. Select the pattern you want to remove in the Index Patterns list.  在索引模式列表里选择你打算删除的模式。
3. Click the pattern’s Delete button.  点击模式的 Delete 按钮。
4. Confirm that you want to remove the index pattern.  确认你是想要删除这个索引模式。

备注：
材料来自elastic官网。
参考整理：
http://kibana.logstash.es/content/kibana/v4/settings.html
原文地址：
https://www.elastic.co/guide/en/kibana/current/settings.html#settings