Kibana: Index pattern creation UI/UX improvements

@skearns64 Could you explain your idea regarding index templates (time series vs. rolled over)? I'm not familiar with these terms, so you might need to explain this like you would to a 5th grader (or link to some resources so I can study up).

@cjcenizal - sure thing.

In ES, in production, it's important to have a good set of mappings (this field is searchable text, that field is a keyword, so we can aggregate on it), and index settings (things like number of shards and replicas) for each index. When you have a set of time series or rollover indexes, you don't want to be manually creating each index and manually specifying the mappings and index settings - you'll forget or get it wrong. Enter: Index Templates. An index template lets you specify a set of mappings and settings that apply to any newly-created index that matches the template pattern. This is true whether it's a time-series index, or whether you're using the roll-over api; anytime you want consistent mappings and settings for a set of indices that get created over time, you should be using an index template in ES. Logstash uses one. Beats use them, so do Watcher, monitoring, etc., for the time-series indexes.

So, what does this have to do with Kibana index patterns? If you look at an index template (see doc link above for example), it has a template field, which contains.. a pattern string that defines which newly-created indices should receive the settings/mappings. It's essentially the same syntax that Kibana Index Patterns support.

So in an ideal world (like phase 3 or beyond), the "index name type-ahead support" of the Kibana Index Pattern page would show you two things: The set of unique Index Template template pattern fields across all index templates.. AND any indexes that do not match any of the index template patterns (to catch those indexes that are not time-series or roll-over). This wouldn't catch all cases, but it would catch the vast majority in an intuitive way, so we could consider how to show the full-set of indexes in the type-ahead box, perhaps grouped - index templates, Indexes without templates, and "All" indexes. The UX might be tricky, but if we could make it work, we could make the common use-cases significantly easier.

@cjcenizal Nearly all of the themes I had thought about to improve the getting started / index pattern creation experience were addressed during the UI review. This might be a bit repetitive but as I see it we covered the following:

• Simplifying the UI to focus on what matters - creating an index pattern, regardless of type
• Removing the advertisement of deprecated features
• Making the copy more concise and friendly to both new and power users
• Helping the user create an index pattern utilizing auto-completion and already available indices
• Providing reactions to every action a user has - loading indicators, validation experience, etc.

There were a few other things I'd like to highlight as well. Both of these themes came up during a discussion with a user about some of his frustrations Kibana's getting started experience

Progression

In other products, the getting started experience is a progression. You feel as if you are continually making progress to an end goal. At a high level, we may plan to address this in https://github.com/elastic/kibana/issues/10440 but I believe we are missing a step here. This is a great progression through setting up your index pattern - but then what? We should direct a user to one or many next actions they can take. This will expedite the next theme I mention below

Reducing "time to query" for new users

This specific user brought up an interesting concept he referred to as "time to query". This metric is essentially the time it takes for me to set up the stack and play with (any) data. To test out elastic he spun up Elastic cloud, injected some sample data and then got stuck on the index pattern page. Using progression as a theme here, we can certainly make that experience a bit better.

To address "time to query" for net new users, we could consider shipping Kibana with sample data. It would be a small data set preloaded with timestamps relative to the installation or an opt-in approach that easily installs and injects data into the related elasticsearch cluster. We do not want to make this a hinderance for existing users, but it might be something to consider for new users. This would significantly reduce "time to query" by removing _needing_ the getting started guide to inject example data. At the very least, a new user will understand how powerful Kibana can be without needing to do much.

Getting data in

This theme is also related to the two above. This plays both into progression and reducing time to query. We do not have a natural progression for getting data in, we just assume it is already there. Competing UI's do a nice job of this as the first step in their "Wizard" and we could benefit from taking a similar approach. Sample data could simply be an option here in this first "step" to reducing time to query for new users. Along with features such as import CSV.

Also, some related issues I came across previously.

Related Issues

Split up index pattern creation into 3 forms #10026
Index Pattern page to display the error response #10100
Friendly index pattern names #7305
Kibana should suggest index patterns #5053
Tutorial built into Kibana using overlays #3379

There is a lot here and I'd love to have some follow up calls to discuss in more detail whenever you and the team are ready.

Per convo with @skearns64, we should prioritize implementing typeahead support (https://github.com/elastic/kibana/issues/10438), which will allow us to remove the logstash-* default pattern, which @jimgoodwin mentioned has been confusing for some users, since it makes them think they need Logstash to continue.

@cjcenizal Can this be closed?

@chrisronline Yes it can! Thanks man.