7 KibanaVisualization and dashboards
Visual page
In Kibana, all visual components are built on top of Elasticsearch aggregation. Kibana also supports multi-level aggregation for all kinds of useful data analysis
Create a visualization
- There are three steps to creating a visualization
- Select visual type
- Select the data source (using a new or saved search)
- Configure visual aggregation properties (measures and buckets) on the edit page
Types of visualization
- Regional figure
- A data graph
- The line chart
MarkdownThe widget- To measure the
- The pie chart
- Slice map
- Vertical bar chart
Measurement and bucket aggregation
The metrics and bucket profiles come from Elasticsearch’s aggregation capabilities, and these two concepts play a crucial role in Kibana when designing visualizations for datasets
barrel
- Bucking helps distribute documents to multiple buckets that contain subsets of indexed documents. Bucket function with
SQLtheGROUP BYVery similar. Buckets are used to group documents according to specific criteria, and metrics are calculated for the grouped documents - Buckets usually represent
KibanaThe X axis of the chart can also be added to buckets KibanaX axis supports the following bucket types
- Date histogram (
Data Histogram) - Histogram (
Histogram) - Range (
Range) - Date range (
Date Range) IPV4Range (IPV4 Range)- Phrase (
Terms) - Filters (
Filters) - Key phrases (
Sginifiant Terms)
Date histogram
A date-type field and time interval configuration is required. Documents are grouped by specified fields and time intervals. For example, if you specify the @TIMESTAMP field as a bucket with a time interval of one week, documents are grouped based on weekly data, and metrics such as counting, averaging, and so on can be calculated for the grouped documents
histogram
Histograms are similar to date histograms except that fields and ranges specified are numeric. The histogram buckets the document in the specified interval on the selected field. This is equivalent to range aggregation in equal intervals
The scope of
Similar to histograms, but different levels can be manually configured as required. For example, for field counting, buckets can be divided into 0 1000, 1000 5000, and 5000 to 15000
Date range
The date range requires a date field and a custom date range is specified for each bucket
The phrase
Phrases can be used to GROUP documents based on the value of any field, much like the GROUP BY statement in SQL. Phrase aggregation can also optionally specify Top or Bottom N, or it can specify an order based on metrics. For example, you can group by product type and get the top five for each product type
To measure the
- Measurement is a calculation of the values of the fields in each bucket
For example, calculate the total number, average, minimum, or maximum of documents. Measures usually represent the Y-axis of area plots, vertical bar plots, and line plots. The available types of metrics are as follows
Count(count)Average(Average)Sum(sum)Unique Count(Unique value count)Min(Minimum value)Max(Maximum value)Percentile(percentage)Percenntile Ranks(Percentage level)
Count
Is a very important metric aggregation function whose main purpose is to calculate the number of field values in each bucket in a bucket aggregation. For example, to count the number of visitors for each product category, you can specify the product category field as bucket aggregation and then perform the count metric aggregation calculation
Average,Sum,MinandMax
Similar to the Count aggregation, Average, Sum, Min, and Max compute the Average, Sum, minimum, and maximum values for the numeric fields in the aggregation accordingly
Unique Count
Similar to the COUNT (DISTINCT FieldName) function in SQL, calculate the number of unique values for a field
Advanced options
- Buckets and metric aggregation have advanced options that can be added
JSONInput asKibanaUnderstand the derived fields described in the data. The followingJSONScripts are an example
{ "script" : "doc['volume'].value * 100" }
Copy the code
A visual page looks like this, with a toolbar at the top, measures and buckets on the left, and a preview pane on the right
visualization
Regional figure
Useful for creating cumulative timelines or distributed data
Y-axis: measurement
X-axis: barrels. Subaggregations can also be defined in buckets to implement Split Charts (divided into multiple Charts based on different aggregations) or Split areas (Split areas based on different aggregations)
The data table
Presenting aggregate data in tabular form helps to identify aggregations of the Top N type. For example, use the data fail visualization below to get the top five most clicked customers
The line chart
It works well with dense time series and is useful when comparing two series
MarkdownThe widget
Used to display information or instructions in the dashboard, can display any required Markdown format text
To measure the
Analysis of a single numeric type used to display a field. Can be used to calculate the total hits, total, or average of a field. For example, the following metric can be used to show the average response time of an application over time
The pie chart
Usually used to show parts of a whole or their percentage relationships. The slices in the pie chart represent the distribution of data. The values of the slices in the pie chart are determined by aggregate measures, such as Count, Sum, or Unique Count. Bucket aggregation defines the data types in the chart. For example, the pie chart below can be used to show the distribution of different response codes for an application
Slice map
Slice maps are used to locate geographical locations according to GEO coordinates. This is based on the Geohash bucket aggregation, which groups groups of coordinates into a bucket
Vertical bar chart
Performs well for both time-based and non-time-based fields. Vertical bars can be individual bars or cumulative bars. The Y-axis is metric, and the X-axis is bucket aggregation. For example, the vertical bar chart below can be used to display the count of HTTP response codes
