0

I want to create a data table in a single visualization in Kibana that combines data from two different indexes into a single visualization. In Kibana elastic search

I want to make a data table visualization using two different index's.enter image description here enter image description here

Jyoti Pandey
  • 3
  • 3

1 Answers1

0

To search/visualize your data in multiple indices via Kibana UI you can create index_pattern with start (*) in data view/index pattern.

https://www.elastic.co/guide/en/kibana/current/data-views.html#settings-create-pattern

Start typing in the Index pattern field, and Kibana looks for the names of indices, data streams, and aliases that match your input. You can view all available sources or only the sources that the data view targets.

Create data view

To match multiple sources, use a wildcard (). filebeat- matches filebeat-apache-a, filebeat-apache-b, and so on. To match multiple single sources, enter their names, separated by a comma. Do not include a space after the comma. filebeat-a,filebeat-b matches two indices. To exclude a source, use a minus sign (-), for example, -test3.

enter image description here

Musab Dogan
  • 1,811
  • 1
  • 6
  • 8
  • so as of now I have 2 index with the name merchant_master and 2nd is amex_service Do you means that I should keep merchant_master* like this it what about the amex_service index? I want to show visualization in data table form of both the index at a time – Jyoti Pandey Aug 25 '23 at 12:03
  • Definitely! Keeping the indices name in one format would be the best option. For quick solution you can add same alias to both indices and use as a index pattern. To add an alias you can check this documentation: https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html – Musab Dogan Aug 25 '23 at 13:02
  • Thank you for this. but when I have to create a data table in visualization should I keep both index's together like index1,index2 or alone like index1 in kibana in the management section – Jyoti Pandey Aug 26 '23 at 10:16
  • as of now indice name is the same so I created one index with the name of amex* when i am making a data table of that in visualization then only one index data is showing and when taking value from other index of whch is there in drop section of filed then it show no result found Here i am stuck to show data's of second index at a time showing only one index's data's – Jyoti Pandey Aug 26 '23 at 10:37
  • Make sure both indices have **the same field names** otherwise when you filter the unrelated indices will show no result. – Musab Dogan Aug 28 '23 at 10:56
  • yes i check both indice have same filed name but still getting no result – Jyoti Pandey Aug 28 '23 at 12:13
  • Please add a couple of screenshot to understand it better and let me try to help more – Musab Dogan Aug 29 '23 at 07:59
  • i have add i request to you to see it – Jyoti Pandey Aug 31 '23 at 07:36
  • there is only one screenshot and there is no data in it. Are you sure that the index pattern hits any index? – Musab Dogan Aug 31 '23 at 09:13
  • yes becasue i have added 2 index in this with same alice name if i will only show one index data then it show else it will show this kind of message – Jyoti Pandey Aug 31 '23 at 09:33
  • from devtools `GET amex*/_search`, and `GET _cat/indices/amex*?v` – Musab Dogan Aug 31 '23 at 12:18
  • i did not get you – Jyoti Pandey Aug 31 '23 at 12:32
  • https://www.elastic.co/guide/en/kibana/current/console-kibana.html – Musab Dogan Aug 31 '23 at 13:32