kibana/docs/visualize.asciidoc

[[visualize]]
= Visualize

[partintro]
--
_Visualize_ enables you to create visualizations of the data in your
Elasticsearch indices. You can then build <<dashboard, dashboards>> that
display related visualizations.

Kibana visualizations are based on Elasticsearch queries. By using a
series of Elasticsearch {es-ref}search-aggregations.html[aggregations]
to extract and process your data, you can create charts that show
you the trends, spikes, and dips you need to know about.

You can create visualizations from a search saved from <<discover, Discover>>
or start with a new search query.
--

[[createvis]]
== Creating a Visualization

To create a visualization:

. Click on *Visualize* in the side navigation.
. Choose the visualization type:
+
[horizontal]
<<xy-chart,Line, Area and Bar chart>>:: Compare different series in X/Y charts.
<<data-table,Data table>>:: Display the raw data of a composed aggregation.
<<markdown-widget,Markdown widget>>:: Display free-form information or
instructions.
<<metric-chart,Metric>>:: Display a single number.
<<pie-chart,Pie chart>>:: Display each source's contribution to a total.
<<tagcloud-chart,Tag cloud>>:: Display words as a cloud in which the size of the word correspond to its importance
<<tilemap,Tile map>>:: Associate the results of an aggregation with geographic
locations.
Timelion:: Compute and combine data from multiple time series
data sets.

. Specify a search query to retrieve the data for your visualization:
** To enter new search criteria, select the index pattern for the indices that
contain the data you want to visualize. This opens the visualization builder
with a wildcard query that matches all of the documents in the selected
indices.
** To build a visualization from a saved search, click the name of the saved
search you want to use. This opens the visualization builder and loads the
selected query.
+
NOTE: When you build a visualization from a saved search, any subsequent
modifications to the saved search are automatically reflected in the
visualization. To disable automatic updates, you can disconnect a visualization
from the saved search.

. In the visualization builder, choose the metric aggregation for the
visualization's Y axis:
+
* {es-ref}search-aggregations-metrics-valuecount-aggregation.html[count]
* {es-ref}search-aggregations-metrics-avg-aggregation.html[average]
* {es-ref}search-aggregations-metrics-sum-aggregation.html[sum]
* {es-ref}search-aggregations-metrics-min-aggregation.html[min]
* {es-ref}search-aggregations-metrics-max-aggregation.html[max]
* {es-ref}search-aggregations-metrics-cardinality-aggregation.html[unique count]
* {es-ref}search-aggregations-metrics-percentile-aggregation.html[median] (50th percentile)
* {es-ref}search-aggregations-metrics-percentile-aggregation.html[percentiles]
* {es-ref}search-aggregations-metrics-percentile-rank-aggregation.html[percentile ranks]

. For the visualizations X axis, select a bucket aggregation:
+
* {es-ref}search-aggregations-bucket-datehistogram-aggregation.html[date histogram]
* {es-ref}search-aggregations-bucket-range-aggregation.html[range]
* {es-ref}search-aggregations-bucket-terms-aggregation.html[terms]
* {es-ref}search-aggregations-bucket-filters-aggregation.html[filters]
* {es-ref}search-aggregations-bucket-significantterms-aggregation.html[significant terms]

For example, if you're indexing Apache server logs, you could build bar chart
that shows the distribution of incoming requests by geographic location by
specifying a terms aggregation on the `geo.src` field:

image::images/bar-terms-agg.jpg[]

The y-axis shows the number of requests received from each country, and the
countries are displayed across the x-axis.

Bar, line, or area chart visualizations use _metrics_ for the y-axis and
_buckets_ for the x-axis. Buckets are analogous to SQL `GROUP BY`
statements. Pie charts, use the metric for the slice size and the bucket
for the number of slices.

You can futher break down the data by specifying sub aggregations. The first
aggregation determines the data set for any subsequent aggregations. Sub
aggregations are applied in order--you can drag the aggregations to change the
order in which they're applied.

For example, you could add a terms sub aggregation on the `geo.dest` field to
the Country of Origin bar chart to see the locations those requests were
targeting.

image::images/bar-terms-subagg.jpg[]

For more information about working with sub aggregations, see
https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana,
Aggregation Execution Order, and You].

include::visualize/xychart.asciidoc[]

include::visualize/datatable.asciidoc[]

include::visualize/markdown.asciidoc[]

include::visualize/metric.asciidoc[]

include::visualize/pie.asciidoc[]

include::visualize/tilemap.asciidoc[]

include::visualize/tagcloud.asciidoc[]

include::visualize/heatmap.asciidoc[]
Set up doc skeleton for Kibana user guide. 2015-01-23 18:54:40 +01:00			`[[visualize]]`
docs: Overhaul of doc structure for 5.0+ (#8821) This overhaul of the docs structure puts Kibana's documentation more inline with the structure that is used in Elasticsearch. This will help us better organize the docs going forward as more docs are added. This also includes a few necessary content changes for 5.0. 2016-10-25 03:41:32 +02:00			`= Visualize`
Visualize & Dashboard chapters for K4 documentation, initial draft. 2015-02-10 04:18:12 +01:00
docs: Overhaul of doc structure for 5.0+ (#8821) This overhaul of the docs structure puts Kibana's documentation more inline with the structure that is used in Elasticsearch. This will help us better organize the docs going forward as more docs are added. This also includes a few necessary content changes for 5.0. 2016-10-25 03:41:32 +02:00			`[partintro]`
			`--`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`_Visualize_ enables you to create visualizations of the data in your`
			`Elasticsearch indices. You can then build <<dashboard, dashboards>> that`
docs: Fix broken ES docs link in create vis docs There is no median aggregation, it's just the 50th percentile. 2016-10-25 22:32:38 +02:00			`display related visualizations.`
Visualize & Dashboard chapters for K4 documentation, initial draft. 2015-02-10 04:18:12 +01:00
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`Kibana visualizations are based on Elasticsearch queries. By using a`
			`series of Elasticsearch {es-ref}search-aggregations.html[aggregations]`
			`to extract and process your data, you can create charts that show`
			`you the trends, spikes, and dips you need to know about.`
Visualize & Dashboard chapters for K4 documentation, initial draft. 2015-02-10 04:18:12 +01:00
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`You can create visualizations from a search saved from <<discover, Discover>>`
			`or start with a new search query.`
docs: Overhaul of doc structure for 5.0+ (#8821) This overhaul of the docs structure puts Kibana's documentation more inline with the structure that is used in Elasticsearch. This will help us better organize the docs going forward as more docs are added. This also includes a few necessary content changes for 5.0. 2016-10-25 03:41:32 +02:00			`--`
Visualize & Dashboard chapters for K4 documentation, initial draft. 2015-02-10 04:18:12 +01:00
Added What's New & Production topics to index, fixed duplicate anchor. 2015-02-13 21:56:02 +01:00			`[[createvis]]`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`== Creating a Visualization`
Visualize & Dashboard chapters for K4 documentation, initial draft. 2015-02-10 04:18:12 +01:00
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`To create a visualization:`
Visualize & Dashboard chapters for K4 documentation, initial draft. 2015-02-10 04:18:12 +01:00
docs: Fix broken ES docs link in create vis docs There is no median aggregation, it's just the 50th percentile. 2016-10-25 22:32:38 +02:00			`. Click on Visualize in the side navigation.`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`. Choose the visualization type:`
			`+`
Updates to add Visualize Reference material. 2015-03-09 06:30:42 +01:00			`[horizontal]`
Vislib Point Series Charts (#9642) * adding vislib chart grid * updating vislib to correctly render all new features * adding new options to kibana visualizations * update vis icon on save * updating documentation * fixing unit tests * cleaning up * updating based on UI review * adding visualize editor unit tests * selenium tests * additional option tabs * some more changes to the tabs/options [thanks CJ] * going back from Category/Value axis to X/Y axis * fixing unselected dropdown options * updating based on last UI review * updating based on last review * updating based on last review * fixing issue with axis titles * allowing to specify only upper or only lower data bound * updating based on brandons review * fixing horizontal bar chart labels * fixing test * adding backward compatibility * updating based on last review * fixing selenium tests 2017-02-15 17:54:42 +01:00			`<<xy-chart,Line, Area and Bar chart>>:: Compare different series in X/Y charts.`
docs: Fix broken ES docs link in create vis docs There is no median aggregation, it's just the 50th percentile. 2016-10-25 22:32:38 +02:00			`<<data-table,Data table>>:: Display the raw data of a composed aggregation.`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`<<markdown-widget,Markdown widget>>:: Display free-form information or`
			`instructions.`
			`<<metric-chart,Metric>>:: Display a single number.`
			`<<pie-chart,Pie chart>>:: Display each source's contribution to a total.`
improve tag cloud doc (#9356) 2016-12-03 00:56:22 +01:00			`<<tagcloud-chart,Tag cloud>>:: Display words as a cloud in which the size of the word correspond to its importance`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`<<tilemap,Tile map>>:: Associate the results of an aggregation with geographic`
			`locations.`
Time Series Metric Visualizations (#9725) * Initial import * updating the editor width to match the new specs * Adding tribe node support * Adding tests for server libs * removing bluebird * removing extra cruft * Fixing the font sizes * Fixed the updating code * Adding brushing * Fixing linting issues * Adding global filters * Adding missing packages * Default gauge style to half circle * Fixing the markdown css bug * Adding tests for the get_vis_data api * Adding time offset * Adding time offset to each type * fixing bugs from time offset * adding index pattern option to series * Adding index pattern overrides * Adding index pattern overrides * Fixing tests * Fixing brushing in the vis editor * Changing the label * Change the behavior of selecting a pipeline agg when only one exists. * Refactoring series a bit * Changing series options to just options * Making sure we honor the toaster container height * Adding first tests * renaming vis_config to panel_config * renaming vis_config to panel_config * Adding more tests * adding more tests * removing api subdirectory * refactoring get_vis_data (breaking it up and removing unused imports) * reorganizing the visualization directory * Re-organizing directory layouts and moving things to more logical places * Refactoring React compontents to use ES6 syntax and adding propTypes for each. Also refactored out splats as much as possible. * Adding serial differencing * Refactored gauge to use 2 components instead of 4 * Finishing react refactor on visualizations. Consolidated legned funtionality * Refactoring series config and removing a bunch of duplicate code * fixing series config name * Fixing numbers and strings (doesnt matter which it is); Fixing classname * Changing the way the dark theme works * Adding new vis into list for test * Adding empty bucket check * Fixing the index patterns in the aggs * Fixing typo * Refactoring vis_data * Fixing std_metric * Fixing refresh-hack * Adding tests for get_splits, get_last_metric, map_bucket * Fixing the error handing * removing restrictions * Sometimes values are strings or numbers... it doesn't matter * Adding new color options for splits * Fixing colors * fixing size * Adding support for fitlers agg * Fixing tests * Fixing splits for filters * Fixing Top N to work better with fitlers * Adding annotation editor * initial work for annotations * Finalizing annotations * Fixing label * making it expandable * Fixing hacks fixed by #10175 * Fixing bars to use the same stacking options as lines * Getting rid of align by colons * removing unused depends * removing unused depends * Changing to readable lodash function * Adding missing parens * refactoring custom color picker * Removing string refs and converting uncontrolled components * Fixing the controlled components where value maybe null; converting error to css * refactoring styles from components * fixing the refresh behavoir borked by fullEditor * Adding the executor service * Fixing the test directories * fixing save * Adding filter ratios * Fixing controlled components * Trying to fix the weird typing * Fixing offset bug with days * Adding percentile rank * Fixing yaxis updates; fixing percentile rank layout; adding steps to line chart * removing unused depends * Fixed a bug with the index patterns updating; fixed bug with charts rendering too much * Fixing tests * Commenting out React tests because the ENV must have change and they are no longer working * Moving bucket transform * moving calculate auto * Moving calculate_indices * moving extended_stats_types && get_agg_value * moving get_buckets_path * moving get_sibling_agg_value * moving parse_settings * moving series_agg * Moving unit_to_seconds * Fixing tests * Fixing per PR * Renaming vars to make it more clear what's happening * Changing the way testible functions are exported * fixing tests * removing unused imports; fixing typos; fixing package name * Name has to match the plugin path * Fixing typos; removing unused imports * fixing tests * rearanging and removing unused imports * Fixing a bug with unque names for radio buttons on the same form * Fixing filter ratio to use a metric instead of just count * fixing a bug with the new filter ratios * Fixing the file path from the #8 * Fixing renderComplete trigger; Fixing embedded mode; Changing names for Timelion and Time Series Visual Builder * Fixing name * Fixing docs * Fixing a typo for the field select for terms splits * Fixing tests 2017-03-02 21:07:28 +01:00			`Timelion:: Compute and combine data from multiple time series`
docs: Fix broken ES docs link in create vis docs There is no median aggregation, it's just the 50th percentile. 2016-10-25 22:32:38 +02:00			`data sets.`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00
			`. Specify a search query to retrieve the data for your visualization:`
			`** To enter new search criteria, select the index pattern for the indices that`
			`contain the data you want to visualize. This opens the visualization builder`
			`with a wildcard query that matches all of the documents in the selected`
docs: Fix broken ES docs link in create vis docs There is no median aggregation, it's just the 50th percentile. 2016-10-25 22:32:38 +02:00			`indices.`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`** To build a visualization from a saved search, click the name of the saved`
			`search you want to use. This opens the visualization builder and loads the`
docs: Fix broken ES docs link in create vis docs There is no median aggregation, it's just the 50th percentile. 2016-10-25 22:32:38 +02:00			`selected query.`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`+`
			`NOTE: When you build a visualization from a saved search, any subsequent`
			`modifications to the saved search are automatically reflected in the`
			`visualization. To disable automatic updates, you can disconnect a visualization`
			`from the saved search.`

			`. In the visualization builder, choose the metric aggregation for the`
			`visualization's Y axis:`
			`+`
			`* {es-ref}search-aggregations-metrics-valuecount-aggregation.html[count]`
			`* {es-ref}search-aggregations-metrics-avg-aggregation.html[average]`
			`* {es-ref}search-aggregations-metrics-sum-aggregation.html[sum]`
			`* {es-ref}search-aggregations-metrics-min-aggregation.html[min]`
			`* {es-ref}search-aggregations-metrics-max-aggregation.html[max]`
			`* {es-ref}search-aggregations-metrics-cardinality-aggregation.html[unique count]`
docs: Fix broken ES docs link in create vis docs There is no median aggregation, it's just the 50th percentile. 2016-10-25 22:32:38 +02:00			`* {es-ref}search-aggregations-metrics-percentile-aggregation.html[median] (50th percentile)`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`* {es-ref}search-aggregations-metrics-percentile-aggregation.html[percentiles]`
			`* {es-ref}search-aggregations-metrics-percentile-rank-aggregation.html[percentile ranks]`

docs: Fix broken ES docs link in create vis docs There is no median aggregation, it's just the 50th percentile. 2016-10-25 22:32:38 +02:00			`. For the visualizations X axis, select a bucket aggregation:`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`+`
			`* {es-ref}search-aggregations-bucket-datehistogram-aggregation.html[date histogram]`
			`* {es-ref}search-aggregations-bucket-range-aggregation.html[range]`
			`* {es-ref}search-aggregations-bucket-terms-aggregation.html[terms]`
			`* {es-ref}search-aggregations-bucket-filters-aggregation.html[filters]`
			`* {es-ref}search-aggregations-bucket-significantterms-aggregation.html[significant terms]`

			`For example, if you're indexing Apache server logs, you could build bar chart`
			`that shows the distribution of incoming requests by geographic location by`
			specifying a terms aggregation on the `geo.src` field:

			`image::images/bar-terms-agg.jpg[]`

			`The y-axis shows the number of requests received from each country, and the`
docs: Fix broken ES docs link in create vis docs There is no median aggregation, it's just the 50th percentile. 2016-10-25 22:32:38 +02:00			`countries are displayed across the x-axis.`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00
			`Bar, line, or area chart visualizations use _metrics_ for the y-axis and`
			_buckets_ for the x-axis. Buckets are analogous to SQL `GROUP BY`
			`statements. Pie charts, use the metric for the slice size and the bucket`
			`for the number of slices.`

			`You can futher break down the data by specifying sub aggregations. The first`
			`aggregation determines the data set for any subsequent aggregations. Sub`
			`aggregations are applied in order--you can drag the aggregations to change the`
			`order in which they're applied.`

			For example, you could add a terms sub aggregation on the `geo.dest` field to
			`the Country of Origin bar chart to see the locations those requests were`
			`targeting.`

			`image::images/bar-terms-subagg.jpg[]`

docs: Fix broken ES docs link in create vis docs There is no median aggregation, it's just the 50th percentile. 2016-10-25 22:32:38 +02:00			`For more information about working with sub aggregations, see`
Docs: Cleaned up viz topic. (#8824) 2016-10-25 20:14:50 +02:00			`https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana,`
			`Aggregation Execution Order, and You].`
Updates to add Visualize Reference material. 2015-03-09 06:30:42 +01:00
Vislib Point Series Charts (#9642) * adding vislib chart grid * updating vislib to correctly render all new features * adding new options to kibana visualizations * update vis icon on save * updating documentation * fixing unit tests * cleaning up * updating based on UI review * adding visualize editor unit tests * selenium tests * additional option tabs * some more changes to the tabs/options [thanks CJ] * going back from Category/Value axis to X/Y axis * fixing unselected dropdown options * updating based on last UI review * updating based on last review * updating based on last review * fixing issue with axis titles * allowing to specify only upper or only lower data bound * updating based on brandons review * fixing horizontal bar chart labels * fixing test * adding backward compatibility * updating based on last review * fixing selenium tests 2017-02-15 17:54:42 +01:00			`include::visualize/xychart.asciidoc[]`
Updates to add Visualize Reference material. 2015-03-09 06:30:42 +01:00
docs: Overhaul of doc structure for 5.0+ (#8821) This overhaul of the docs structure puts Kibana's documentation more inline with the structure that is used in Elasticsearch. This will help us better organize the docs going forward as more docs are added. This also includes a few necessary content changes for 5.0. 2016-10-25 03:41:32 +02:00			`include::visualize/datatable.asciidoc[]`
Updates to add Visualize Reference material. 2015-03-09 06:30:42 +01:00
docs: Overhaul of doc structure for 5.0+ (#8821) This overhaul of the docs structure puts Kibana's documentation more inline with the structure that is used in Elasticsearch. This will help us better organize the docs going forward as more docs are added. This also includes a few necessary content changes for 5.0. 2016-10-25 03:41:32 +02:00			`include::visualize/markdown.asciidoc[]`
Updates to add Visualize Reference material. 2015-03-09 06:30:42 +01:00
docs: Overhaul of doc structure for 5.0+ (#8821) This overhaul of the docs structure puts Kibana's documentation more inline with the structure that is used in Elasticsearch. This will help us better organize the docs going forward as more docs are added. This also includes a few necessary content changes for 5.0. 2016-10-25 03:41:32 +02:00			`include::visualize/metric.asciidoc[]`
Updates to add Visualize Reference material. 2015-03-09 06:30:42 +01:00
docs: Overhaul of doc structure for 5.0+ (#8821) This overhaul of the docs structure puts Kibana's documentation more inline with the structure that is used in Elasticsearch. This will help us better organize the docs going forward as more docs are added. This also includes a few necessary content changes for 5.0. 2016-10-25 03:41:32 +02:00			`include::visualize/pie.asciidoc[]`
Updates to add Visualize Reference material. 2015-03-09 06:30:42 +01:00
docs: Overhaul of doc structure for 5.0+ (#8821) This overhaul of the docs structure puts Kibana's documentation more inline with the structure that is used in Elasticsearch. This will help us better organize the docs going forward as more docs are added. This also includes a few necessary content changes for 5.0. 2016-10-25 03:41:32 +02:00			`include::visualize/tilemap.asciidoc[]`
Updates to add Visualize Reference material. 2015-03-09 06:30:42 +01:00
Add Tag Cloud Visualization A tag cloud visualization is a visual representation of text data, typically used to visualize free form text. Tags are usually single words. The font size of word corresponds with its importance. 2016-11-21 23:03:25 +01:00			`include::visualize/tagcloud.asciidoc[]`
Vislib heatmap visualization (#9403) * adding UI styles (should extract) * adding heatmap vislib type * adding heatmap visualization * adding documentation * renaming heatmap options * fixing options issues * fixing color selection * fixing / adding tests * adding more color schemas * adding more options * adding cell labels * fixing selenium test * only allow to rotate labels by 90 degrees * converting color number slider to number input * hide labels if they don't fit * fixing small issues * improved range options * fixing based on Thomas' review * rebasing on master and fixing linting issues * adding selenium tests * fixing alerts * fixing padding * fixing based on review * fixing math * fixing custom range options * removing $timeout * notification in case labels were hidden * fixing tests * fixing based on last review * fixing based on thomas' review 2016-12-26 19:15:50 +01:00
			`include::visualize/heatmap.asciidoc[]`