2015-01-23 18:54:40 +01:00
|
|
|
[[visualize]]
|
2016-10-25 03:41:32 +02:00
|
|
|
= Visualize
|
2015-02-10 04:18:12 +01:00
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
[partintro]
|
|
|
|
|
--
|
2016-10-25 20:14:50 +02:00
|
|
|
_Visualize_ enables you to create visualizations of the data in your
|
|
|
|
|
Elasticsearch indices. You can then build <<dashboard, dashboards>> that
|
|
|
|
|
display related visualizations.
|
2015-02-10 04:18:12 +01:00
|
|
|
|
2016-10-25 20:14:50 +02:00
|
|
|
Kibana visualizations are based on Elasticsearch queries. By using a
|
|
|
|
|
series of Elasticsearch {es-ref}search-aggregations.html[aggregations]
|
|
|
|
|
to extract and process your data, you can create charts that show
|
|
|
|
|
you the trends, spikes, and dips you need to know about.
|
2015-02-10 04:18:12 +01:00
|
|
|
|
2016-10-25 20:14:50 +02:00
|
|
|
You can create visualizations from a search saved from <<discover, Discover>>
|
|
|
|
|
or start with a new search query.
|
2016-10-25 03:41:32 +02:00
|
|
|
--
|
2015-02-10 04:18:12 +01:00
|
|
|
|
2015-02-13 21:56:02 +01:00
|
|
|
[[createvis]]
|
2016-10-25 20:14:50 +02:00
|
|
|
== Creating a Visualization
|
2015-02-10 04:18:12 +01:00
|
|
|
|
2016-10-25 20:14:50 +02:00
|
|
|
To create a visualization:
|
2015-02-10 04:18:12 +01:00
|
|
|
|
2016-10-25 20:14:50 +02:00
|
|
|
. Click on *Visualize* in the side navigation.
|
|
|
|
|
. Choose the visualization type:
|
|
|
|
|
+
|
2015-03-09 06:30:42 +01:00
|
|
|
[horizontal]
|
2016-10-25 20:14:50 +02:00
|
|
|
<<area-chart,Area chart>>:: Visualize the total contribution of several
|
|
|
|
|
different series.
|
|
|
|
|
<<data-table,Data table>>:: Display the raw data of a composed aggregation.
|
|
|
|
|
<<line-chart,Line chart>>:: Compare different series.
|
|
|
|
|
<<markdown-widget,Markdown widget>>:: Display free-form information or
|
|
|
|
|
instructions.
|
|
|
|
|
<<metric-chart,Metric>>:: Display a single number.
|
|
|
|
|
<<pie-chart,Pie chart>>:: Display each source's contribution to a total.
|
|
|
|
|
<<tilemap,Tile map>>:: Associate the results of an aggregation with geographic
|
|
|
|
|
locations.
|
|
|
|
|
Timeseries:: Compute and combine data from multiple time series
|
|
|
|
|
data sets.
|
|
|
|
|
<<vertical-bar-chart,Vertical bar chart>>:: Graph values in a bar chart.
|
|
|
|
|
|
|
|
|
|
. Specify a search query to retrieve the data for your visualization:
|
|
|
|
|
** To enter new search criteria, select the index pattern for the indices that
|
|
|
|
|
contain the data you want to visualize. This opens the visualization builder
|
|
|
|
|
with a wildcard query that matches all of the documents in the selected
|
|
|
|
|
indices.
|
|
|
|
|
** To build a visualization from a saved search, click the name of the saved
|
|
|
|
|
search you want to use. This opens the visualization builder and loads the
|
|
|
|
|
selected query.
|
|
|
|
|
+
|
|
|
|
|
NOTE: When you build a visualization from a saved search, any subsequent
|
|
|
|
|
modifications to the saved search are automatically reflected in the
|
|
|
|
|
visualization. To disable automatic updates, you can disconnect a visualization
|
|
|
|
|
from the saved search.
|
|
|
|
|
|
|
|
|
|
. In the visualization builder, choose the metric aggregation for the
|
|
|
|
|
visualization's Y axis:
|
|
|
|
|
+
|
|
|
|
|
* {es-ref}search-aggregations-metrics-valuecount-aggregation.html[count]
|
|
|
|
|
* {es-ref}search-aggregations-metrics-avg-aggregation.html[average]
|
|
|
|
|
* {es-ref}search-aggregations-metrics-sum-aggregation.html[sum]
|
|
|
|
|
* {es-ref}search-aggregations-metrics-median-aggregation.html[median]
|
|
|
|
|
* {es-ref}search-aggregations-metrics-min-aggregation.html[min]
|
|
|
|
|
* {es-ref}search-aggregations-metrics-max-aggregation.html[max]
|
|
|
|
|
* {es-ref}search-aggregations-metrics-cardinality-aggregation.html[unique count]
|
|
|
|
|
* {es-ref}search-aggregations-metrics-percentile-aggregation.html[percentiles]
|
|
|
|
|
* {es-ref}search-aggregations-metrics-percentile-rank-aggregation.html[percentile ranks]
|
|
|
|
|
|
|
|
|
|
. For the visualizations X axis, select a bucket aggregation:
|
|
|
|
|
+
|
|
|
|
|
* {es-ref}search-aggregations-bucket-datehistogram-aggregation.html[date histogram]
|
|
|
|
|
* {es-ref}search-aggregations-bucket-range-aggregation.html[range]
|
|
|
|
|
* {es-ref}search-aggregations-bucket-terms-aggregation.html[terms]
|
|
|
|
|
* {es-ref}search-aggregations-bucket-filters-aggregation.html[filters]
|
|
|
|
|
* {es-ref}search-aggregations-bucket-significantterms-aggregation.html[significant terms]
|
|
|
|
|
|
|
|
|
|
For example, if you're indexing Apache server logs, you could build bar chart
|
|
|
|
|
that shows the distribution of incoming requests by geographic location by
|
|
|
|
|
specifying a terms aggregation on the `geo.src` field:
|
|
|
|
|
|
|
|
|
|
image::images/bar-terms-agg.jpg[]
|
|
|
|
|
|
|
|
|
|
The y-axis shows the number of requests received from each country, and the
|
|
|
|
|
countries are displayed across the x-axis.
|
|
|
|
|
|
|
|
|
|
Bar, line, or area chart visualizations use _metrics_ for the y-axis and
|
|
|
|
|
_buckets_ for the x-axis. Buckets are analogous to SQL `GROUP BY`
|
|
|
|
|
statements. Pie charts, use the metric for the slice size and the bucket
|
|
|
|
|
for the number of slices.
|
|
|
|
|
|
|
|
|
|
You can futher break down the data by specifying sub aggregations. The first
|
|
|
|
|
aggregation determines the data set for any subsequent aggregations. Sub
|
|
|
|
|
aggregations are applied in order--you can drag the aggregations to change the
|
|
|
|
|
order in which they're applied.
|
|
|
|
|
|
|
|
|
|
For example, you could add a terms sub aggregation on the `geo.dest` field to
|
|
|
|
|
the Country of Origin bar chart to see the locations those requests were
|
|
|
|
|
targeting.
|
|
|
|
|
|
|
|
|
|
image::images/bar-terms-subagg.jpg[]
|
|
|
|
|
|
|
|
|
|
For more information about working with sub aggregations, see
|
|
|
|
|
https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana,
|
|
|
|
|
Aggregation Execution Order, and You].
|
2015-03-09 06:30:42 +01:00
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
include::visualize/area.asciidoc[]
|
2015-03-09 06:30:42 +01:00
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
include::visualize/datatable.asciidoc[]
|
2015-03-09 06:30:42 +01:00
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
include::visualize/line.asciidoc[]
|
2015-03-09 06:30:42 +01:00
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
include::visualize/markdown.asciidoc[]
|
2015-03-09 06:30:42 +01:00
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
include::visualize/metric.asciidoc[]
|
2015-03-09 06:30:42 +01:00
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
include::visualize/pie.asciidoc[]
|
2015-03-09 06:30:42 +01:00
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
include::visualize/tilemap.asciidoc[]
|
2015-03-09 06:30:42 +01:00
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
include::visualize/vertbar.asciidoc[]
|
