maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/docs/getting-started/tutorial-sample-data.asciidoc
Kaarina Tungseth 896b9cddbc
[DOCS] Updates for navigation redesign (#68709) 
* [DOCS] Updates for navigation redesign

* Getting started

* Set up text

* Discover

* Dashboard, Graph, ML, Maps, APM, SIEM, Dev tools

* Dev Tools, Stack Monitoring, Management

* Management

* Final changes

* [DOCS] Updates for navigation redesign

* [DOCS] Updates CCR monitoring screenshots

* updates SIEM screenshot and Cases overview text

* Added Brandon's APM image

* [DOCS] Refines CCR shard screenshot

* Removed merge conflict image file

Co-authored-by: lcawl <lcawley@elastic.co>
Co-authored-by: Ben Skelker <ben.skelker@elastic.co>
2020-06-12 09:39:36 -05:00

208 lines
6.7 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[[tutorial-sample-data]]
== Explore {kib} using sample data
Ready to get some hands-on experience with Kibana?
In this tutorial, youll work
with Kibana sample data and learn to:
* <<tutorial-sample-filter, Filter and query data in visualizations>>
* <<tutorial-sample-discover, Discover and explore your documents>>
* <<tutorial-sample-edit, Edit a visualization>>
* <<tutorial-sample-inspect, Inspect the data behind a visualization>>
NOTE: If security is enabled, you must have `read`, `write`, and `manage` privileges
on the `kibana_sample_data_*` indices. See
{ref}/security-privileges.html[Security privileges] for more information.
[float]
=== Add sample data
Install the Flights sample data set, if you haven't already.
. On the home page, click *Load a data set and a {kib} dashboard*.
. On the *Sample flight data* card, click *Add data*.
. Once the data is added, click *View data > Dashboard*.
+
Youre taken to the *Global Flight* dashboard, a collection of charts, graphs,
maps, and other visualizations of the the data in the `kibana_sample_data_flights` index.
+
[role="screenshot"]
image::getting-started/images/tutorial-sample-dashboard.png[]
[float]
[[tutorial-sample-filter]]
=== Filter and query the data
You can use filters and queries to
narrow the view of the data.
For more detailed information on these actions, see
{ref}/query-filter-context.html[Query and filter context].
[float]
==== Filter the data
. In the *Controls* visualization, select an *Origin City* and a *Destination City*.
. Click *Apply changes*.
+
The `OriginCityName` and the `DestCityName` fields filter the data on the dasbhoard to match
the data you specified.
+
For example, the following dashboard shows the data for flights from London to Milan.
+
[role="screenshot"]
image::getting-started/images/tutorial-sample-filter.png[]
. To add a filter manually, click *Add filter*,
then specify the data you want to view.
. When you are finished experimenting, remove all filters.
[float]
[[tutorial-sample-query]]
==== Query the data
. To find all flights out of Rome, enter this query in the query bar and click *Update*:
+
[source,text]
OriginCityName:Rome
. For a more complex query with AND and OR, try this:
+
[source,text]
OriginCityName:Rome AND (Carrier:JetBeats OR "Kibana Airlines")
+
The dashboard updates to show data for the flights out of Rome on JetBeats and
{kib} Airlines.
+
[role="screenshot"]
image::getting-started/images/tutorial-sample-query.png[]
. When you are finished exploring the dashboard, remove the query by
clearing the contents in the query bar and clicking *Update*.
[float]
[[tutorial-sample-discover]]
=== Discover the data
In Discover, you have access to every document in every index that
matches the selected index pattern. The index pattern tells {kib} which {es} index you are currently
exploring. You can submit search queries, filter the
search results, and view document data.
. From the menu, click *Discover*.
. Ensure `kibana_sample_data_flights` is the current index pattern.
You might need to click *New* in the menu bar to refresh the data.
+
You'll see a histogram that shows the distribution of
documents over time. A table lists the fields for
each matching document. By default, all fields are shown.
+
[role="screenshot"]
image::getting-started/images/tutorial-sample-discover1.png[]
. To choose which fields to display,
hover the pointer over the list of *Available fields*, and then click *add* next
to each field you want include as a column in the table.
+
For example, if you add the `DestAirportID` and `DestWeather` fields,
the display includes columns for those two fields.
+
[role="screenshot"]
image::getting-started/images/tutorial-sample-discover2.png[]
[float]
[[tutorial-sample-edit]]
=== Edit a visualization
You have edit permissions for the *Global Flight* dashboard, so you can change
the appearance and behavior of the visualizations. For example, you might want
to see which airline has the lowest average fares.
. In the side navigation, click *Recently viewed* and open the *Global Flight Dashboard*.
. In the menu bar, click *Edit*.
. In the *Average Ticket Price* visualization, click the gear icon in
the upper right.
. From the *Options* menu, select *Edit visualization*.
+
*Average Ticket Price* is a metric visualization.
To specify which groups to display
in this visualization, you use an {es} {ref}/search-aggregations.html[bucket aggregation].
This aggregation sorts the documents that match your search criteria into different
categories, or buckets.
[float]
==== Create a bucket aggregation
. In the *Buckets* pane, select *Add > Split group*.
. In the *Aggregation* dropdown, select *Terms*.
. In the *Field* dropdown, select *Carrier*.
. Set *Descending* to *4*.
. Click *Apply changes* image:images/apply-changes-button.png[].
+
You now see the average ticket price for all four airlines.
+
[role="screenshot"]
image::getting-started/images/tutorial-sample-edit1.png[]
[float]
==== Save the visualization
. In the menu bar, click *Save*.
. Leave the visualization name as is and confirm the save.
. Go to the *Global Flight* dashboard and scroll the *Average Ticket Price* visualization to see the four prices.
. Optionally, edit the dashboard. Resize the panel
for the *Average Ticket Price* visualization by dragging the
handle in the lower right. You can also rearrange the visualizations by clicking
the header and dragging. Be sure to save the dashboard.
+
[role="screenshot"]
image::getting-started/images/tutorial-sample-edit2.png[]
[float]
[[tutorial-sample-inspect]]
=== Inspect the data
Seeing visualizations of your data is great,
but sometimes you need to look at the actual data to
understand what's really going on. You can inspect the data behind any visualization
and view the {es} query used to retrieve it.
. In the dashboard, hover the pointer over the pie chart, and then click the icon in the upper right.
. From the *Options* menu, select *Inspect*.
+
The initial view shows the document count.
+
[role="screenshot"]
image::getting-started/images/tutorial-sample-inspect1.png[]
. To look at the query used to fetch the data for the visualization, select *View > Requests*
in the upper right of the Inspect pane.
[float]
[[tutorial-sample-remove]]
=== Remove the sample data set
When youre done experimenting with the sample data set, you can remove it.
. Go to the *Sample data* page.
. On the *Sample flight data* card, click *Remove*.
[float]
=== Next steps
Now that you have a handle on the {kib} basics, you might be interested in the
tutorial <<tutorial-build-dashboard, Build your own dashboard>>, where you'll learn to:
* Load data
* Define an index pattern
* Discover and explore data
* Create visualizations
* Add visualizations to a dashboard
Reference in a new issue View git blame Copy permalink