Step 3. Define Views
Use Refinery views to filter and prepare indexed data for visualization.
After you create and index one or more more object groups, use the ChaosSearch Refinery® to create views. Views are a virtual pane into the indexed data for one or more object groups; they allow you to define how to explore and query that data with the Search Analytics or SQL Analytics interfaces or through interfaces like the Elasticsearch API.
Refinery views have powerful data controls, allowing you to virtually transform the indexed data fields and materialize fields into the columns that will drive the end-user visualizations and analytics. For example, you could limit analysis to a recent time frame, such as the last 7 days. You can also set various behaviors such as caching results or case-sensitivity for querying. For the details about creating views, see Refinery Views.
To create a view, navigate to the Views tab and click Create View.
Select one or more object groups to associate their indexed data with the view. The object group selections control the list of daily intervals that help to scope the indexed data that is queried by the view. You can use the interval options to refine the list of daily intervals to include, or to set a time window to limit the recent daily intervals that will be queried, then click Next.
In the Schema Transformation window, you can review the data model/schema for the columns in the view and take advantage of several predefined, schema-on-read, transformation types that are available to you. You can transform fields virtually (that is, without changing the indexed data stored on disk) by clicking the gear icon.
If your object group uses isolation keys, you can use view filtering controls to specify the isolation keys to apply to the view, to show and analyze only the data associated with the specified keys.
An advantage of the ChaosSearch views is that you can use virtual transformations to change or refine the type of the data within the view, without the overhead of re-indexing the source data. For example, you can create a materialized column with a regular expression on an existing field, or with a JSONPath expression on a JSON string field. You can narrow a data type for a column named client_ip from a string type to a string treated as an IP. This type change can assist visualization tools to properly manage and render the data, all with the current indexed data.
After you specify any optional filtering or transforms, click Next to proceed to the view naming and final steps.
After you create the views that provide the analysis window to your indexed data, you can start to query, search, and visualize your data.
Updated 10 days ago
Run queries, create dashboards, and gain insight from your log files and data.