Case 1: When we send the data using logstash we use to give an index name in output section of logstash.conf file. But we can’t search in kibana without creating an index pattern in kibana. In this blog we will be implementing kibana index creation and mapping.
  1. In Kibana, in the Management tab, click Index Patterns. The Index Patterns tab is displayed.
  2. Click Add New. The Configure an index pattern section is displayed.
  3. Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana guesses that you’re working with log data fed into Elasticsearch by Logstash, so it proposes “logstash-*”.

Note: The index name is correct only if the green Create button is displayed.

     4. Enter the name of the index. The default index pattern name is “default*”.


5. If your index contains a timestamp field that you want to use to perform time-based comparisons, select the Index contains time-based events option. Proceed by selecting the index field that contains the timestamp. Kibana reads the index mapping to list all the fields that contain a timestamp.

    6. Make sure the do not expand index pattern when searching option is not selected. By default, Kibana restricts wildcard expansion of time-based index patterns to indices with data within the currently selected time range.

    7. Set @timeStamp as the Time-field name.

   8. Click Create to add the index pattern.

Case 2: Sometimes, an index needs to be created on the fly, just like in the below case where the insertion of the first document triggers the creation of a new index. The index template kicks in and provides the matching template for the index while creating the new index. This helps in creating indexes in a controlled way, that is, with desired defaults like the number of shards and type mappings for the types within them.
You can create an index and specify the number of shards and replicas to create:

It is also possible to specify a mapping for a type at the time of index creation. The following command will create an index called catalog with five shards and two replicas. Additionally, it also defines a type called my_type with two fields, one of the text type and another of the keyword type:

Note: If the mapping is not done by us then When the first document is indexed within a type that doesn’t yet exist, Elasticsearch tries to infer the datatypes of all the fields. This feature is called the dynamic mapping of types. By default, the dynamic mapping of types is enabled in Elasticsearch.

 If you are still facing issue regarding kibana index creation and mapping Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on 👍 Social Networks 😉