How to create a Kibana data view

Kibana data views make indices and data streams available to Discover, visualizations, and dashboards by defining a match pattern and an optional default time field. A correctly scoped data view keeps analysis fast and predictable, especially when many indices share the same naming scheme.

A data view is stored in Kibana as a saved object and referenced by its unique id. The title typically contains an index pattern like logs-* (or a data stream name), while settings such as timeFieldName control time-based filtering and histogram behavior.

API access requires authentication to Kibana plus sufficient permissions to manage data views and read metadata from the target indices. In deployments using Spaces or a reverse proxy, the Kibana base URL or API base path may differ from http://localhost:5601.

Steps to create a Kibana data view:

Create the data view with the API.

$ curl --silent --show-error --cacert /etc/kibana/certs/kibana-ca.crt --user elastic:password -H "kbn-xsrf: true" -H "Content-Type: application/json" -X POST "https://localhost:5601/kibana/api/data_views/data_view" -d '{
  "data_view": {
    "title": "logs-*",
    "name": "Logs",
    "timeFieldName": "@timestamp"
  }
}'
{
  "data_view": {
    "id": "52ebdaae-bb41-4c84-9cbc-11f6eab7b408",
    "version": "WzEwLDFd",
    "title": "logs-*",
    "timeFieldName": "@timestamp",
    "sourceFilters": [],
    "fieldFormats": {},
    "runtimeFieldMap": {},
    "fieldAttrs": {},
    "allowNoIndex": false,
    "name": "Logs",
    "allowHidden": false,
    "fields": {
##### snipped #####
    }
  }
}

The returned id uniquely identifies the data view for later API calls and saved object references.

Avoid embedding long-lived privileged credentials in shell history; prefer a least-privileged role and short-lived secrets for automation.

Fetch the data view by id to confirm creation.

$ curl --silent --show-error --cacert /etc/kibana/certs/kibana-ca.crt --user elastic:password -H "kbn-xsrf: true" "https://localhost:5601/kibana/api/data_views/data_view/52ebdaae-bb41-4c84-9cbc-11f6eab7b408" | jq '{data_view: {id: .data_view.id, name: .data_view.name, title: .data_view.title}}'
{
  "data_view": {
    "id": "52ebdaae-bb41-4c84-9cbc-11f6eab7b408",
    "name": "Logs",
    "title": "logs-*"
  }
}

Matching id, name, and title confirms the saved object exists and is readable through the API.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.