1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
[[visualize]]
= Visualize
[partintro]
--
_Visualize_ enables you to create visualizations of the data in your
Elasticsearch indices. You can then build <<dashboard, dashboards>> that
display related visualizations.
Kibana visualizations are based on Elasticsearch queries. By using a
series of Elasticsearch {ref}/search-aggregations.html[aggregations]
to extract and process your data, you can create charts that show
you the trends, spikes, and dips you need to know about.
You can create visualizations from a search saved from <<discover, Discover>>
or start with a new search query.
--
[[createvis]]
== Creating a Visualization
To create a visualization:
. Click on *Visualize* in the side navigation.
. Click the *Create new visualization* button or the **+** button.
. Choose the visualization type:
+
* *Basic charts*
[horizontal]
<<xy-chart,Line, Area and Bar charts>>:: Compare different series in X/Y charts.
<<heatmap-chart,Heat maps>>:: Shade cells within a matrix.
<<pie-chart,Pie chart>>:: Display each source's contribution to a total.
* *Data*
[horizontal]
<<data-table,Data table>>:: Display the raw data of a composed aggregation.
<<metric-chart,Metric>>:: Display a single number.
<<goal-chart,Goal and Gauge>>:: Display a gauge.
* *Maps*
[horizontal]
<<tilemap,Coordinate map>>:: Associate the results of an aggregation with geographic locations.
<<regionmap,Region map>>:: Thematic maps where a shape's color intensity corresponds to a metric's value.
locations.
* *Time Series*
[horizontal]
<<timelion-getting-started,Timelion>>:: Compute and combine data from multiple time series
data sets.
<<time-series-visual-builder,Time Series Visual Builder>>:: Visualize time series data using pipeline aggregations.
* *Other*
[horizontal]
<<controls,Controls>>:: Controls provide the ability to add interactive inputs to Kibana Dashboards.
<<markdown-widget,Markdown widget>>:: Display free-form information or
instructions.
<<tagcloud-chart,Tag cloud>>:: Display words as a cloud in which the size of the word correspond to its importance.
<<vega-graph,Vega graph>>:: Support for user-defined graphs, external data sources, images, and user-defined interactivity.
. Specify a search query to retrieve the data for your visualization:
** To enter new search criteria, select the index pattern for the indices that
contain the data you want to visualize. This opens the visualization builder
with a wildcard query that matches all of the documents in the selected
indices.
** To build a visualization from a saved search, click the name of the saved
search you want to use. This opens the visualization builder and loads the
selected query.
+
NOTE: When you build a visualization from a saved search, any subsequent
modifications to the saved search are automatically reflected in the
visualization. To disable automatic updates, you can disconnect a visualization
from the saved search.
. In the visualization builder, choose the metric aggregation for the
visualization's Y axis:
* *Metric Aggregations*:
* {ref}/search-aggregations-metrics-valuecount-aggregation.html[count]
* {ref}/search-aggregations-metrics-avg-aggregation.html[average]
* {ref}/search-aggregations-metrics-sum-aggregation.html[sum]
* {ref}/search-aggregations-metrics-min-aggregation.html[min]
* {ref}/search-aggregations-metrics-max-aggregation.html[max]
* {ref}/search-aggregations-metrics-stats-aggregation.html[standard deviation]
* {ref}/search-aggregations-metrics-cardinality-aggregation.html[unique count]
* {ref}/search-aggregations-metrics-percentile-aggregation.html[median] (50th percentile)
* {ref}/search-aggregations-metrics-percentile-aggregation.html[percentiles]
* {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[percentile ranks]
* {ref}/search-aggregations-metrics-top-hits-aggregation.html[top hit]
* {ref}/search-aggregations-metrics-geocentroid-aggregation.html[geo centroid]
* *Parent Pipeline Aggregations*:
* {ref}/search-aggregations-pipeline-derivative-aggregation.html[derivative]
* {ref}/search-aggregations-pipeline-cumulative-sum-aggregation.html[cumulative sum]
* {ref}/search-aggregations-pipeline-movavg-aggregation.html[moving average]
* {ref}/search-aggregations-pipeline-serialdiff-aggregation.html[serial diff]
* *Sibling Pipeline Aggregations*:
* {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[average bucket]
* {ref}/search-aggregations-pipeline-sum-bucket-aggregation.html[sum bucket]
* {ref}/search-aggregations-pipeline-min-bucket-aggregation.html[min bucket]
* {ref}/search-aggregations-pipeline-max-bucket-aggregation.html[max bucket]
. For the visualizations X axis, select a bucket aggregation:
+
* {ref}/search-aggregations-bucket-datehistogram-aggregation.html[date histogram]
* {ref}/search-aggregations-bucket-range-aggregation.html[range]
* {ref}/search-aggregations-bucket-terms-aggregation.html[terms]
* {ref}/search-aggregations-bucket-filters-aggregation.html[filters]
* {ref}/search-aggregations-bucket-significantterms-aggregation.html[significant terms]
For example, if you're indexing Apache server logs, you could build bar chart
that shows the distribution of incoming requests by geographic location by
specifying a terms aggregation on the `geo.src` field:
image::images/bar-terms-agg.jpg[]
The y-axis shows the number of requests received from each country, and the
countries are displayed across the x-axis.
Bar, line, or area chart visualizations use _metrics_ for the y-axis and
_buckets_ for the x-axis. Buckets are analogous to SQL `GROUP BY`
statements. Pie charts, use the metric for the slice size and the bucket
for the number of slices.
You can futher break down the data by specifying sub aggregations. The first
aggregation determines the data set for any subsequent aggregations. Sub
aggregations are applied in order--you can drag the aggregations to change the
order in which they're applied.
For example, you could add a terms sub aggregation on the `geo.dest` field to
the Country of Origin bar chart to see the locations those requests were
targeting.
image::images/bar-terms-subagg.jpg[]
For more information about working with sub aggregations, see
https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana,
Aggregation Execution Order, and You].
include::visualize/xychart.asciidoc[]
include::visualize/controls.asciidoc[]
include::visualize/datatable.asciidoc[]
include::visualize/markdown.asciidoc[]
include::visualize/metric.asciidoc[]
include::visualize/goal.asciidoc[]
include::visualize/pie.asciidoc[]
include::visualize/tilemap.asciidoc[]
include::visualize/regionmap.asciidoc[]
include::visualize/time-series-visual-builder.asciidoc[]
include::visualize/tagcloud.asciidoc[]
include::visualize/heatmap.asciidoc[]
include::visualize/visualization-raw-data.asciidoc[]
include::visualize/vega.asciidoc[]
|
