Before you can start working with data and creating visualizations to analyze data, Kibana requires you to configure/create an index pattern. Index patterns are used to identify the Elasticsearch index, that will have search and analytics run against it. They are also used to configure fields. An index pattern is a string with optional wildcards that can match multiple indices. Typically, two types of index exist within Elasticsearch:

• Time-series indexes: If there is a correlation between the timestamp and the data, the data is called time-series data. This data will have a timestamp field. Examples of this would be logs data, metrics data, and tweet data. When this data is stored in Elasticsearch, the data is stored in multiple indexes (rolling indexes) with index names appended by a timestamp, usually; for example, unixlogs-2017.10.10, tweets-2017.05, logstash-2017.08.10.
• Regular indexes: If the data doesn't contain timestamp and the data has no correlation with time, then the data is called regular data. Typically, this data is stored in single indexes—for example, departments data and product catalog data.

Open up Kibana from the browser using the http://localhost:5601 URL. In the landing page, click on the Connect to your Elasticsearch instance link and type in logstash-* in the Index pattern text field and click on the Next step button, as shown in the following screenshot:

On the Create Index Pattern screen, during the configuration of an index pattern, if the index has a datetime field (that is, it is a time-series index), the Time Filter field name dropdown is visible and allows the user to select the appropriate datetime field; otherwise, the field is not visible. As the data that we loaded in the previous section contains time-series data, in the Time Filter field name, select @timestamp and click Create, as follows:

Once the index pattern is successfully created, you should see the following screen: