2019-04-01 17:58:59 +02:00
|
|
|
|
[role="xpack"]
|
2018-11-09 21:57:59 +01:00
|
|
|
|
[[visualize-rollup-data]]
|
2019-11-21 20:57:21 +01:00
|
|
|
|
== Use rolled up data in a visualization
|
2018-11-09 21:57:59 +01:00
|
|
|
|
|
|
|
|
|
beta[]
|
|
|
|
|
|
2019-11-21 20:57:21 +01:00
|
|
|
|
You can visualize your rolled up data in a variety of charts, tables, maps, and
|
|
|
|
|
more. Most visualizations support rolled up data, with the exception of
|
2020-01-10 17:02:55 +01:00
|
|
|
|
Timelion and Vega visualizations.
|
2018-11-09 21:57:59 +01:00
|
|
|
|
|
2019-11-21 20:57:21 +01:00
|
|
|
|
To get started, go to *Management > Kibana > Index patterns.*
|
|
|
|
|
If a rollup index is detected in the cluster, *Create index pattern*
|
|
|
|
|
includes an item for creating a rollup index pattern.
|
2018-11-09 21:57:59 +01:00
|
|
|
|
|
|
|
|
|
[role="screenshot"]
|
|
|
|
|
image::images/management_create_rollup_menu.png[Create index pattern menu]
|
|
|
|
|
|
2019-11-21 20:57:21 +01:00
|
|
|
|
You can match an index pattern to only rolled up data, or mix both rolled up
|
|
|
|
|
and raw data to visualize all data together. An index pattern can match only one
|
|
|
|
|
rolled up index, not multiple. There is no restriction on the number of standard
|
|
|
|
|
indices that an index pattern can match. When matching multiple indices,
|
|
|
|
|
use a comma to separate the names, with no space after the comma.
|
2018-11-09 21:57:59 +01:00
|
|
|
|
|
|
|
|
|
Keep the following in mind when creating a visualization from rolled up data:
|
|
|
|
|
|
2019-11-21 20:57:21 +01:00
|
|
|
|
* The data in a rollup index only has summarized metrics for specific fields.
|
|
|
|
|
You can’t search any other field from the original raw data.
|
|
|
|
|
* Data is summarized into time buckets that might be split into sub buckets for
|
|
|
|
|
numeric field values or terms. You can ask for a time aggregation that takes
|
|
|
|
|
several time buckets and combines them to lower granularity. For example,
|
2018-11-09 21:57:59 +01:00
|
|
|
|
if the rollup job was aggregated by hours, you can ask for buckets of days.
|
|
|
|
|
|
2019-07-24 17:16:03 +02:00
|
|
|
|
The following visualization of rolled up data shows the date histogram
|
|
|
|
|
interval multiple and the limited metrics aggregations.
|
2018-11-09 21:57:59 +01:00
|
|
|
|
|
|
|
|
|
[role="screenshot"]
|
|
|
|
|
image::images/management_rollups_visualization.png[][Rollups in visualizations]
|
|
|
|
|
|
2019-11-21 20:57:21 +01:00
|
|
|
|
Dashboards can have a mixture of rollup visualizations and regular visualizations,
|
2019-07-24 17:16:03 +02:00
|
|
|
|
as shown in the following figure. Note that not all queries and filters support rollups.
|
2018-11-09 21:57:59 +01:00
|
|
|
|
|
|
|
|
|
[role="screenshot"]
|
|
|
|
|
image::images/management_rolled_dashboard.png[][Rollups in dashboards]
|