diff --git a/docs/images/management-index-patterns.png b/docs/images/management-index-patterns.png new file mode 100644 index 00000000000000..232d32893b96d3 Binary files /dev/null and b/docs/images/management-index-patterns.png differ diff --git a/docs/management/advanced-options.asciidoc b/docs/management/advanced-options.asciidoc index eea5bd4ead9575..03c680da8fc1bf 100644 --- a/docs/management/advanced-options.asciidoc +++ b/docs/management/advanced-options.asciidoc @@ -1,7 +1,7 @@ [[advanced-options]] -== Setting advanced options +== Advanced Settings -The *Advanced Settings* page enables you to directly edit settings that control the behavior of the Kibana application. +The *Advanced Settings* UI enables you to edit settings that control the behavior of Kibana. For example, you can change the format used to display dates, specify the default index pattern, and set the precision for displayed decimal values. diff --git a/docs/management/index-lifecycle-policies/intro-to-lifecycle-policies.asciidoc b/docs/management/index-lifecycle-policies/intro-to-lifecycle-policies.asciidoc index 79bd0b8be3ce9c..ba1d79710de05f 100644 --- a/docs/management/index-lifecycle-policies/intro-to-lifecycle-policies.asciidoc +++ b/docs/management/index-lifecycle-policies/intro-to-lifecycle-policies.asciidoc @@ -1,30 +1,30 @@ [role="xpack"] [[index-lifecycle-policies]] -== Index lifecycle policies +== Index Lifecycle Policies -If you're working with time series data, you don't want to continually dump -everything into a single index. Instead, you might periodically roll over the -data to a new index to keep it from growing so big it's slow and expensive. -As the index ages and you query it less frequently, you’ll likely move it to +If you're working with time series data, you don't want to continually dump +everything into a single index. Instead, you might periodically roll over the +data to a new index to keep it from growing so big it's slow and expensive. +As the index ages and you query it less frequently, you’ll likely move it to less expensive hardware and reduce the number of shards and replicas. -To automatically move an index through its lifecycle, you can create a policy -to define actions to perform on the index as it ages. Index lifecycle policies -are especially useful when working with {beats-ref}/beats-reference.html[Beats] -data shippers, which continually -send operational data, such as metrics and logs, to Elasticsearch. You can -automate a rollover to a new index when the existing index reaches a specified -size or age. This ensures that all indices have a similar size instead of having -daily indices where size can vary based on the number of Beats and the number +To automatically move an index through its lifecycle, you can create a policy +to define actions to perform on the index as it ages. Index lifecycle policies +are especially useful when working with {beats-ref}/beats-reference.html[Beats] +data shippers, which continually +send operational data, such as metrics and logs, to Elasticsearch. You can +automate a rollover to a new index when the existing index reaches a specified +size or age. This ensures that all indices have a similar size instead of having +daily indices where size can vary based on the number of Beats and the number of events sent. -{kib}’s *Index Lifecycle Policies* walks you through the process for creating -and configuring a policy. Before using this feature, you should be familiar +{kib}’s *Index Lifecycle Policies* walks you through the process for creating +and configuring a policy. Before using this feature, you should be familiar with index lifecycle management: -* For an introduction, see -{ref}/getting-started-index-lifecycle-management.html[Getting started with index -lifecycle management]. -* To dig into the concepts and technical details, see +* For an introduction, refer to +{ref}/getting-started-index-lifecycle-management.html[Getting started with index +lifecycle management]. +* To dig into the concepts and technical details, see {ref}/index-lifecycle-management.html[Managing the index lifecycle]. * To check out the APIs, see {ref}/index-lifecycle-management-api.html[Index lifecycle management API]. diff --git a/docs/management/index-patterns.asciidoc b/docs/management/index-patterns.asciidoc index 8e687f641c92be..d8073e4590c3c1 100644 --- a/docs/management/index-patterns.asciidoc +++ b/docs/management/index-patterns.asciidoc @@ -89,39 +89,11 @@ pattern: `*:logstash-*`. Once an index pattern is configured using the {ccs} syntax, all searches and aggregations using that index pattern in {kib} take advantage of {ccs}. + [float] +[[reload-fields]] === Manage your index pattern -Once you create an index pattern, manually or with a sample data set, -you can look at its fields and associated data types. -You can also perform housekeeping tasks, such as making the -index pattern the default or deleting it when you longer need it. -To drill down into the details of an index pattern, click its name in -the *Index patterns* overview. - -[role="screenshot"] -image:management/index-patterns/images/new-index-pattern.png["Index files and data types"] - -From the detailed view, you can perform the following actions: - -* *Manage the index fields.* You can add formatters to format values and create -scripted fields. -See <> for more information. - -* [[set-default-pattern]]*Set the default index pattern.* {kib} uses a badge to make users -aware of which index pattern is the default. The first pattern -you create is automatically designated as the default pattern. The default -index pattern is loaded when you open *Discover*. - -* [[reload-fields]]*Refresh the index fields list.* You can refresh the index fields list to -pick up any newly-added fields. Doing so also resets Kibana’s popularity counters -for the fields. The popularity counters are used in *Discover* to sort fields in lists. - -* [[delete-pattern]]*Delete the index pattern.* This action removes the pattern from the list of -Saved Objects in {kib}. You will not be able to recover field formatters, -scripted fields, source filters, and field popularity data associated with the index pattern. -Deleting an index pattern does -not remove any indices or data documents from {es}. -+ -WARNING: Deleting an index pattern breaks all visualizations, saved searches, and -other saved objects that reference the pattern. +To drill down into the fields and associated data types in an index pattern, +click its name in the *Index patterns* overview page. +For more information, refer to <>. diff --git a/docs/management/index-patterns/images/edit_icon.png b/docs/management/index-patterns/images/edit_icon.png new file mode 100644 index 00000000000000..d5af1751809ccc Binary files /dev/null and b/docs/management/index-patterns/images/edit_icon.png differ diff --git a/docs/management/managing-beats.asciidoc b/docs/management/managing-beats.asciidoc index 13e8f52f29b877..5a23b603071319 100644 --- a/docs/management/managing-beats.asciidoc +++ b/docs/management/managing-beats.asciidoc @@ -1,6 +1,6 @@ [[managing-beats]] [role="xpack"] -== Managing {beats} +== {beats} Central Management include::{asciidoc-dir}/../../shared/discontinued.asciidoc[tag=cm-discontinued] @@ -34,14 +34,14 @@ Central Management UI. You need to enroll {beats} to register them in central management and establish trust. Enrolled {beats} will have the credentials needed to retrieve -configurations from {kib}. +configurations from {kib}. [float] === Create configuration tags A _configuration tag_ is a group of configuration blocks that you can apply to one or more {beats}. For example, you can create a tag called `development` to -group configurations for {beats} running in your development environment. +group configurations for {beats} running in your development environment. The first time you walk through the enrollment process, you'll create a configuration tag that's applied to the {beats} instance you're enrolling. @@ -62,7 +62,7 @@ Central management supports configuration settings for: * {filebeat} modules * {metricbeat} modules * {filebeat} inputs -* {filebeat} and {metricbeat} outputs +* {filebeat} and {metricbeat} outputs NOTE: Central management supports the following outputs only: {es}, {ls}, Kafka, and Redis. Other output types are not supported for {beats} that are enrolled in @@ -72,7 +72,7 @@ Use the Central Management UI to define and manage settings for supported configuration blocks. You cannot define those settings in local {beats} configuration files. For configuration blocks that are not supported by central management, configure the settings in the local configuration file after -enrolling the Beat in central management. +enrolling the Beat in central management. [float] === Manage enrolled {beats} diff --git a/docs/management/managing-fields.asciidoc b/docs/management/managing-fields.asciidoc index 308e61abf70e55..f66976b3715d14 100644 --- a/docs/management/managing-fields.asciidoc +++ b/docs/management/managing-fields.asciidoc @@ -1,12 +1,56 @@ [[managing-fields]] -== Managing Fields +== Index Patterns and Fields -The fields for the index pattern are listed in a table. Click a column header to sort the table by that column. Click -the *Controls* button in the rightmost column for a given field to edit the field's properties. You can manually set -the field's format from the *Format* drop-down. Format options vary based on the field's type. +The *Index patterns* UI helps you create and manage +the index patterns that retrieve your data from Elasticsearch. -You can also set the field's popularity value in the *Popularity* text entry box to any desired value. Click the -*Update Field* button to confirm your changes or *Cancel* to return to the list of fields. +[role="screenshot"] +image::images/management-index-patterns.png[] + +[float] +=== Create an index pattern + +An index pattern is the glue that connects Kibana to your Elasticsearch data. Create an +index pattern whenever you load your own data into Kibana. To get started, +click *Create index pattern*, and then follow the guided steps. Refer to +<> for the types of index patterns +that you can create. + +[float] +=== Manage your index pattern + +To view the fields and associated data types in an index pattern, click its name in +the *Index patterns* overview. + +[role="screenshot"] +image::management/index-patterns/images/new-index-pattern.png["Index files and data types"] + +Use the icons in the upper right to perform the following actions: + +* [[set-default-pattern]]*Set the default index pattern.* {kib} uses a badge to make users +aware of which index pattern is the default. The first pattern +you create is automatically designated as the default pattern. The default +index pattern is loaded when you open *Discover*. + +* *Refresh the index fields list.* You can refresh the index fields list to +pick up any newly-added fields. Doing so also resets Kibana’s popularity counters +for the fields. The popularity counters are used in *Discover* to sort fields in lists. + +* [[delete-pattern]]*Delete the index pattern.* This action removes the pattern from the list of +Saved Objects in {kib}. You will not be able to recover field formatters, +scripted fields, source filters, and field popularity data associated with the index pattern. +Deleting an index pattern does +not remove any indices or data documents from {es}. ++ +WARNING: Deleting an index pattern breaks all visualizations, saved searches, and +other saved objects that reference the pattern. + +[float] +=== Edit a field + +To edit a field's properties, click the edit icon +image:management/index-patterns/images/edit_icon.png[] in the detail view. +You can set the field's format and popularity value. Kibana has field formatters for the following field types: diff --git a/docs/management/managing-indices.asciidoc b/docs/management/managing-indices.asciidoc index 7a3480c860b16f..933a2ffbf6ee2e 100644 --- a/docs/management/managing-indices.asciidoc +++ b/docs/management/managing-indices.asciidoc @@ -1,6 +1,6 @@ [role="xpack"] [[managing-indices]] -== Index management +== Index Management *Index Management* enables you to view index settings, mappings, and statistics and perform index-level operations. @@ -127,7 +127,7 @@ under the *Mapped fields* tab as follows: image::images/management-index-templates-mappings.png[Mapped fields page] You can create additional mapping configurations in the *Dynamic templates* and -*Advanced options* tabs. No additional mappings are required for this example. +*Advanced options* tabs. No additional mappings are required for this example. In the fourth step, define an alias named `logstash`. diff --git a/docs/management/managing-licenses.asciidoc b/docs/management/managing-licenses.asciidoc index ecb550d3ab267d..72accdb5fe2aab 100644 --- a/docs/management/managing-licenses.asciidoc +++ b/docs/management/managing-licenses.asciidoc @@ -1,32 +1,32 @@ [[managing-licenses]] -== License management +== License Management When you install the default distribution of {kib}, you receive a basic license with no expiration date. For the full list of free features that are included in -the basic license, see https://www.elastic.co/subscriptions[the subscription page]. +the basic license, refer to https://www.elastic.co/subscriptions[the subscription page]. If you want to try out the full set of platinum features, you can activate a -30-day trial license. Go to *Management > License Management* to view the +30-day trial license. Go to *Management > License Management* to view the status of your license, start a trial, or install a new license. NOTE: You can start a trial only if your cluster has not already activated a trial license for the current major product version. For example, if you have -already activated a trial for v6.0, you cannot start a new trial until -v7.0. You can, however, contact `info@elastic.co` to request an extended trial +already activated a trial for 6.0, you cannot start a new trial until +7.0. You can, however, contact `info@elastic.co` to request an extended trial license. -When you activate a new license level, new features appear in the left sidebar +When you activate a new license level, new features appear in the left sidebar of the *Management* page. [role="screenshot"] image::images/management-license.png[] At the end of the trial period, the platinum features operate in a -<>. You can revert to a basic license, -extend the trial, or purchase a subscription. +<>. You can revert to a basic license, +extend the trial, or purchase a subscription. -TIP: If {security-features} are enabled, unless you have a trial license, -you must configure Transport Layer Security (TLS) in {es}. +TIP: If {security-features} are enabled, unless you have a trial license, +you must configure Transport Layer Security (TLS) in {es}. See {ref}/encrypting-communications.html[Encrypting communications]. {kib} and the {ref}/start-basic.html[start basic API] provide a list of all of the features that will no longer be supported if you revert to a basic license. @@ -42,7 +42,7 @@ file that you install in {kib} or by using the TIP: If you are using a basic or trial license, {security-features} are disabled by default. In all other licenses, {security-features} are enabled by default; -you must secure the {stack} or disable the {security-features}. +you must secure the {stack} or disable the {security-features}. [discrete] [[license-expiration]] @@ -97,7 +97,7 @@ cluster. and start {dfeeds} are disabled. * All started {dfeeds} are stopped. * All open {anomaly-jobs} are closed. -* APIs to create and start {dfanalytics-jobs} are disabled. +* APIs to create and start {dfanalytics-jobs} are disabled. * Existing {anomaly-job} and {dfanalytics-job} results continue to be available by using {kib} or APIs. diff --git a/docs/management/managing-remote-clusters.asciidoc b/docs/management/managing-remote-clusters.asciidoc index a776cdf0334cb8..6b69cfef5b7689 100644 --- a/docs/management/managing-remote-clusters.asciidoc +++ b/docs/management/managing-remote-clusters.asciidoc @@ -1,8 +1,8 @@ [[working-remote-clusters]] -== Working with remote clusters +== Remote Clusters -{kib} *Management* provides user interfaces for working with data from remote -clusters and managing the {ccr} process. You can replicate indices from a +{kib} *Management* provides user interfaces for working with data from remote +clusters and managing the {ccr} process. You can replicate indices from a leader remote cluster to a follower index in a local cluster. The local follower indices can be used to provide remote backups for disaster recovery or for geo-proximite copies of data. @@ -14,51 +14,51 @@ Before using these features, you should be familiar with the following concepts: [float] [[managing-remote-clusters]] -== Managing remote clusters +== Managing remote clusters -*Remote clusters* helps you manage remote clusters for use with -{ccs} and {ccr}. You can add and remove remote clusters and check their connectivity. +*Remote clusters* helps you manage remote clusters for use with +{ccs} and {ccr}. You can add and remove remote clusters and check their connectivity. + +Before you use this feature, you should be familiar with the concept of +{ref}/modules-remote-clusters.html[remote clusters]. -Before you use this feature, you should be familiar with the concept of -{ref}/modules-remote-clusters.html[remote clusters]. - Go to *Management > Elasticsearch > Remote clusters* to create or manage your remotes. -To set up a new remote, click *Add a remote cluster*. Give the cluster a unique name -and define the seed nodes for cluster discovery. You can edit or remove your remote clusters +To set up a new remote, click *Add a remote cluster*. Give the cluster a unique name +and define the seed nodes for cluster discovery. You can edit or remove your remote clusters from the *Remote clusters* list view. [role="screenshot"] image::images/add_remote_cluster.png[][UI for adding a remote cluster] -Once a remote cluster is registered, you can use the tools under *{ccr-cap}* -to add and manage follower indices on the local cluster, and replicate data from +Once a remote cluster is registered, you can use the tools under *{ccr-cap}* +to add and manage follower indices on the local cluster, and replicate data from indices on the remote cluster based on an auto-follow index pattern. [float] [[managing-cross-cluster-replication]] == [xpack]#Managing {ccr}# -*{ccr-cap}* helps you create and manage the {ccr} process. -If you want to replicate data from existing indices, or set up -local followers on a case-by-case basis, go to *Follower indices*. -If you want to automatically detect and follow new indices when they are created -on a remote cluster, you can do so from *Auto-follow patterns*. +*{ccr-cap}* helps you create and manage the {ccr} process. +If you want to replicate data from existing indices, or set up +local followers on a case-by-case basis, go to *Follower indices*. +If you want to automatically detect and follow new indices when they are created +on a remote cluster, you can do so from *Auto-follow patterns*. -Creating an auto-follow pattern is useful when you have time-series data, like a logs index, on the -remote cluster that is created or rolled over on a daily basis. Once you have configured an -auto-follow pattern, any time a new index with a name that matches the pattern is +Creating an auto-follow pattern is useful when you have time-series data, like a logs index, on the +remote cluster that is created or rolled over on a daily basis. Once you have configured an +auto-follow pattern, any time a new index with a name that matches the pattern is created in the remote cluster, a follower index is automatically configured in the local cluster. -From the same view, you can also see a list of your saved auto-follow patterns for +From the same view, you can also see a list of your saved auto-follow patterns for a given remote cluster, and monitor whether the replication is active. Before you use these features, you should be familiar with the following concepts: -* {ref}/ccr-requirements.html[Requirements for leader indices] +* {ref}/ccr-requirements.html[Requirements for leader indices] * {ref}/ccr-auto-follow.html[Automatically following indices] -To get started, go to *Management > Elasticsearch > {ccr-cap}*. +To get started, go to *Management > Elasticsearch > {ccr-cap}*. [role="screenshot"] image::images/auto_follow_pattern.png[][UI for adding an auto-follow pattern] diff --git a/docs/management/managing-saved-objects.asciidoc b/docs/management/managing-saved-objects.asciidoc index 2daa4cf789f2ac..a92a6ae4bdc09c 100644 --- a/docs/management/managing-saved-objects.asciidoc +++ b/docs/management/managing-saved-objects.asciidoc @@ -1,9 +1,9 @@ [[managing-saved-objects]] -== Saved objects +== Saved Objects -*Saved Objects* helps you keep track of and manage your saved objects. These objects +The *Saved Objects* UI helps you keep track of and manage your saved objects. These objects store data for later use, including dashboards, visualizations, maps, index patterns, -Canvas workpads, and more. +Canvas workpads, and more. To get started, go to *Management > {kib} > Saved Objects*. With this UI, you can: @@ -23,8 +23,8 @@ image::images/management-saved-objects.png[Saved Objects] * To view and edit an object in its associated application, click the object title. -* To show objects that use this object, so you know the -impact of deleting it, click the actions icon image:images/actions_icon.png[Actions icon] +* To show objects that use this object, so you know the +impact of deleting it, click the actions icon image:images/actions_icon.png[Actions icon] and select *Relationships*. * To delete one or more objects, select their checkboxes, and then click *Delete*. @@ -33,19 +33,19 @@ and select *Relationships*. [[managing-saved-objects-export-objects]] === Import and export -Using the import and export commands, you can move objects between different -{kib} instances. This action is useful when you -have multiple environments for development and production. -Import and export also work well when you have a large number -of objects to update and want to batch the process. +Using the import and export commands, you can move objects between different +{kib} instances. This action is useful when you +have multiple environments for development and production. +Import and export also work well when you have a large number +of objects to update and want to batch the process. [float] ==== Import -You can import multiple objects in a single operation. Click *Import* and -navigate to the NDJSON file that -represents the objects to import. By default, +You can import multiple objects in a single operation. Click *Import* and +navigate to the NDJSON file that +represents the objects to import. By default, saved objects already in {kib} are overwritten. [float] @@ -56,7 +56,7 @@ You have two options for exporting saved objects. * Select the checkboxes of objects that you want to export, and then click *Export*. * Click *Export x objects*, and export objects by type. -This action creates an NDJSON with all your saved objects. By default, +This action creates an NDJSON with all your saved objects. By default, the NDJSON includes related objects. Exported dashboards include their associated index patterns. [float] @@ -78,9 +78,9 @@ use the <> inste === Advanced editing Some objects offer an advanced *Edit* page for modifying the object definition. -To open the page, click the actions icon image:images/actions_icon.png[Actions icon] -and select *Inspect*. -You can change the object title, add a description, and modify +To open the page, click the actions icon image:images/actions_icon.png[Actions icon] +and select *Inspect*. +You can change the object title, add a description, and modify the JSON that defines the object properties. If you access an object whose index has been deleted, you can: @@ -90,7 +90,7 @@ If you access an object whose index has been deleted, you can: * Change the index name in the object's `reference` array to point to an existing index pattern. This is useful if the index you were working with has been renamed. -WARNING: Validation is not performed for object properties. Submitting an invalid -change will render the object unusable. A more failsafe approach is to use -*Discover*, *Visualize*, or *Dashboard* to create new objects instead of +WARNING: Validation is not performed for object properties. Submitting an invalid +change will render the object unusable. A more failsafe approach is to use +*Discover*, *Visualize*, or *Dashboard* to create new objects instead of directly editing an existing one. diff --git a/docs/management/rollups/create_and_manage_rollups.asciidoc b/docs/management/rollups/create_and_manage_rollups.asciidoc index 06983c01f926d6..b07f075f880322 100644 --- a/docs/management/rollups/create_and_manage_rollups.asciidoc +++ b/docs/management/rollups/create_and_manage_rollups.asciidoc @@ -1,14 +1,14 @@ [role="xpack"] [[data-rollups]] -== Rollup jobs +== Rollup Jobs -A rollup job is a periodic task that aggregates data from indices specified -by an index pattern and rolls it into a new index. Rollup indices are a good way to -compactly store months or years of historical +A rollup job is a periodic task that aggregates data from indices specified +by an index pattern, and then rolls it into a new index. Rollup indices are a good way to +compactly store months or years of historical data for use in visualizations and reports. -You’ll find *Rollup Jobs* under *Management > Elasticsearch*. With this UI, +You’ll find *Rollup Jobs* under *Management > Elasticsearch*. With this UI, you can: * <> @@ -17,22 +17,22 @@ you can: [role="screenshot"] image::images/management_rollup_list.png[][List of currently active rollup jobs] -Before using this feature, you should be familiar with how rollups work. -{ref}/xpack-rollup.html[Rolling up historical data] is a good source for more detailed information. +Before using this feature, you should be familiar with how rollups work. +{ref}/xpack-rollup.html[Rolling up historical data] is a good source for more detailed information. [float] [[create-and-manage-rollup-job]] === Create a rollup job -{kib} makes it easy for you to create a rollup job by walking you through -the process. You fill in the name, data flow, and how often you want to roll -up the data. Then you define a date histogram aggregation for the rollup job -and optionally terms, histogram, and metrics aggregations. +{kib} makes it easy for you to create a rollup job by walking you through +the process. You fill in the name, data flow, and how often you want to roll +up the data. Then you define a date histogram aggregation for the rollup job +and optionally define terms, histogram, and metrics aggregations. -When defining the index pattern, you must enter a name that is different than -the output rollup index. Otherwise, the job -will attempt to capture the data in the rollup index. For example, if your index pattern is `metricbeat-*`, -you can name your rollup index `rollup-metricbeat`, but not `metricbeat-rollup`. +When defining the index pattern, you must enter a name that is different than +the output rollup index. Otherwise, the job +will attempt to capture the data in the rollup index. For example, if your index pattern is `metricbeat-*`, +you can name your rollup index `rollup-metricbeat`, but not `metricbeat-rollup`. [role="screenshot"] image::images/management_create_rollup_job.png[][Wizard that walks you through creation of a rollup job] @@ -41,38 +41,38 @@ image::images/management_create_rollup_job.png[][Wizard that walks you through c [[manage-rollup-job]] === Start, stop, and delete rollup jobs -Once you’ve saved a rollup job, you’ll see it the *Rollup Jobs* overview page, -where you can drill down for further investigation. The *Manage* menu in +Once you’ve saved a rollup job, you’ll see it the *Rollup Jobs* overview page, +where you can drill down for further investigation. The *Manage* menu in the lower right enables you to start, stop, and delete the rollup job. You must first stop a rollup job before deleting it. [role="screenshot"] image::images/management_rollup_job_details.png[][Rollup job details] -You can’t change a rollup job after you’ve created it. To select additional fields -or redefine terms, you must delete the existing job, and then create a new one -with the updated specifications. Be sure to use a different name for the new rollup -job—reusing the same name can lead to problems with mismatched job configurations. -You can read more at {ref}/rollup-job-config.html[rollup job configuration]. +You can’t change a rollup job after you’ve created it. To select additional fields +or redefine terms, you must delete the existing job, and then create a new one +with the updated specifications. Be sure to use a different name for the new rollup +job—reusing the same name can lead to problems with mismatched job configurations. +You can read more at {ref}/rollup-job-config.html[rollup job configuration]. [float] === Try it: Create and visualize rolled up data -This example creates a rollup job to capture log data from sample web logs. +This example creates a rollup job to capture log data from sample web logs. To follow along, add the <>. In this example, you want data that is older than 7 days in the target index pattern `kibana_sample_data_logs` -to roll up once a day into the index `rollup_logstash`. You’ll bucket the -rolled up data on an hourly basis, using 60m for the time bucket configuration. +to roll up once a day into the index `rollup_logstash`. You’ll bucket the +rolled up data on an hourly basis, using 60m for the time bucket configuration. This allows for more granular queries, such as 2h and 12h. [float] ==== Create the rollup job -As you walk through the *Create rollup job* UI, enter the data shown in -the table below. The terms, histogram, and metrics fields reflect -the key information to retain in the rolled up data: where visitors are from (geo.src), -what operating system they are using (machine.os.keyword), +As you walk through the *Create rollup job* UI, enter the data shown in +the table below. The terms, histogram, and metrics fields reflect +the key information to retain in the rolled up data: where visitors are from (geo.src), +what operating system they are using (machine.os.keyword), and how much data is being sent (bytes). |=== @@ -118,31 +118,28 @@ and how much data is being sent (bytes). |=== -You can now use the rolled up data for analysis at a fraction of the storage cost -of the original index. The original data can live side by side with the new +You can now use the rolled up data for analysis at a fraction of the storage cost +of the original index. The original data can live side by side with the new rollup index, or you can remove or archive it using <>. [float] ==== Visualize the rolled up data -Your next step is to visualize your rolled up data in a vertical bar chart. +Your next step is to visualize your rolled up data in a vertical bar chart. Most visualizations support rolled up data, with the exception of Timelion, TSVB, and Vega visualizations. -Using the information from the example rollup configuration described above, -you can use `rollup_logstash` to match the rolled up index pattern, -and `kibana_sample_data_logs` to match the index pattern for raw data. -The notation for a combination index pattern with both raw and rolled up data +Using the information from the example rollup configuration described above, +you can use `rollup_logstash` to match the rolled up index pattern, +and `kibana_sample_data_logs` to match the index pattern for raw data. +The notation for a combination index pattern with both raw and rolled up data is `rollup_logstash,kibana_sample_data_logs`. [role="screenshot"] image::images/management_rollup_job_vis.png[][Visualization of rolled up data] -You can then create a dashboard that contains visualizations of the rolled up +You can then create a dashboard that contains visualizations of the rolled up data, raw data, or both. See <> for more information. [role="screenshot"] image::images/management_rollup_job_dashboard.png[][Dashboard with rolled up data] - - - diff --git a/docs/user/index.asciidoc b/docs/user/index.asciidoc index 121f4ead6f1e5e..2bd087b3eae578 100644 --- a/docs/user/index.asciidoc +++ b/docs/user/index.asciidoc @@ -38,14 +38,6 @@ include::monitoring/index.asciidoc[] include::management.asciidoc[] -include::{kib-repo-dir}/spaces/index.asciidoc[] - -include::security/index.asciidoc[] - -include::{kib-repo-dir}/management/watcher-ui/index.asciidoc[] - -include::{kib-repo-dir}/management/upgrade-assistant/index.asciidoc[] - include::reporting/index.asciidoc[] include::api.asciidoc[] diff --git a/docs/user/management.asciidoc b/docs/user/management.asciidoc index 2c41d0072fe5b9..1c55ffc73ca72c 100644 --- a/docs/user/management.asciidoc +++ b/docs/user/management.asciidoc @@ -3,17 +3,115 @@ [partintro] -- -The Management application is where you perform your runtime configuration of -Kibana, including both the initial setup and ongoing configuration of index -patterns, advanced settings that tweak the behaviors of Kibana itself, and -the various "objects" that you can save throughout Kibana such as searches, -visualizations, and dashboards. +*Management* is home to UIs for managing all things Elastic Stack— +indices, clusters, licenses, UI settings, index patterns, spaces, and more. + +[float] +[[manage-Elasticsearch]] +== Manage {es} + +[cols="50, 50"] +|=== + +a| <> + +Replicate indices on a remote cluster and copy them to a follower index on a local cluster. +This is important for +disaster recovery. It also keeps data local for faster queries. + +| <> + +Create a policy for defining the lifecycle of an index as it ages +through the hot, warm, cold, and delete phases. +Such policies help you control operation costs +because you can put data in different resource tiers. + +a| <> + +View index settings, mappings, and statistics and perform operations, such as refreshing, +flushing, and clearing the cache. Practicing good index management ensures +that your data is stored cost effectively. + +| <> + +View the status of your license, start a trial, or install a new license. For +the full list of features that are included in your license, +see the https://www.elastic.co/subscriptions[subscription page]. + +| <> + +Manage your remote clusters for use with cross-cluster search and cross-cluster replication. +You can add and remove remote clusters, and check their connectivity. + +| <> + +Create a job that periodically aggregates data from one or more indices, and then +rolls it into a new, compact index. Rollup indices are a good way to store months or +years of historical data in combination with your raw data. + +| <> + +Define a policy that creates, schedules, and automatically deletes snapshots to ensure that you +have backups of your cluster in case something goes wrong. + +| {ref}/transforms.html[*Transforms*] + +Use transforms to pivot existing {es} indices into summarized or entity-centric indices. + +| <> + +Identify the issues that you need to address before upgrading to the +next major version of {es}, and then reindex, if needed. + +| <> + +Detect changes in your data by creating, managing, and monitoring alerts. +For example, create an alert when the maximum total CPU usage on a machine goes +above a certain percentage. + +|=== + +[float] +[[manage-kibana]] +== Manage {kib} + +[cols="50, 50"] +|=== + +a| <> + +Customize {kib} to suit your needs. Change the format for displaying dates, turn on dark mode, +set the timespan for notification messages, and much more. + +| <> + +Create and manage the index patterns that help you retrieve your data from {es}. + +| <> + +Monitor the generation of reports—PDF, PNG, and CSV—and download reports that you previously generated. +A report can contain a dashboard, visualization, saved search, or Canvas workpad. + +| <> + +Copy, edit, delete, import, and export your saved objects. +These include dashboards, visualizations, maps, index patterns, Canvas workpads, and more. + +| <> + +Create spaces to organize your dashboards and other saved objects into categories. +A space is isolated from all other spaces, +so you can tailor it to your needs without impacting others. + +|   + +|=== -- -include::{kib-repo-dir}/management/managing-licenses.asciidoc[] +include::{kib-repo-dir}/management/advanced-options.asciidoc[] -include::{kib-repo-dir}/management/rollups/create_and_manage_rollups.asciidoc[] +include::{kib-repo-dir}/management/managing-beats.asciidoc[] include::{kib-repo-dir}/management/index-lifecycle-policies/intro-to-lifecycle-policies.asciidoc[] @@ -25,16 +123,24 @@ include::{kib-repo-dir}/management/index-lifecycle-policies/add-policy-to-index. include::{kib-repo-dir}/management/index-lifecycle-policies/example-index-lifecycle-policy.asciidoc[] +include::{kib-repo-dir}/management/managing-indices.asciidoc[] + include::{kib-repo-dir}/management/managing-fields.asciidoc[] -include::{kib-repo-dir}/management/managing-indices.asciidoc[] +include::{kib-repo-dir}/management/managing-licenses.asciidoc[] -include::{kib-repo-dir}/management/advanced-options.asciidoc[] +include::{kib-repo-dir}/management/managing-remote-clusters.asciidoc[] -include::{kib-repo-dir}/management/managing-saved-objects.asciidoc[] +include::{kib-repo-dir}/management/rollups/create_and_manage_rollups.asciidoc[] -include::{kib-repo-dir}/management/managing-beats.asciidoc[] +include::{kib-repo-dir}/management/managing-saved-objects.asciidoc[] -include::{kib-repo-dir}/management/managing-remote-clusters.asciidoc[] +include::security/index.asciidoc[] include::{kib-repo-dir}/management/snapshot-restore/index.asciidoc[] + +include::{kib-repo-dir}/spaces/index.asciidoc[] + +include::{kib-repo-dir}/management/upgrade-assistant/index.asciidoc[] + +include::{kib-repo-dir}/management/watcher-ui/index.asciidoc[]