Skip to content

Commit

Permalink
Docs: Cleaning up GSG to match UI. (elastic#8840)
Browse files Browse the repository at this point in the history
* Docs: Cleaning up GSG to match UI.

* Docs: Updated annotated discover screen cap.
  • Loading branch information
debadair authored and epixa committed Oct 26, 2016
1 parent 7857e05 commit c5af7a4
Show file tree
Hide file tree
Showing 20 changed files with 171 additions and 98 deletions.
19 changes: 10 additions & 9 deletions docs/getting-started.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,19 @@

[partintro]
--
Now that you have Kibana <<setup,installed>>, you can step through this tutorial to get fast hands-on experience with
key Kibana functionality. By the end of this tutorial, you will have:
Ready to get some hands-on experience with Kibana?
This tutorial shows you how to:

* Loaded a sample data set into your Elasticsearch installation
* Defined at least one index pattern
* Used the <<discover, Discover>> functionality to explore your data
* Set up some <<visualize,_visualizations_>> to graphically represent your data
* Assembled visualizations into a <<dashboard,Dashboard>>
* Load a sample data set into Elasticsearch
* Define an index pattern
* Explore the sample data with <<discover, Discover>>
* Set up <<visualize,_visualizations_>> of the sample data
* Assemble visualizations into a <<dashboard,Dashboard>>

The material in this section assumes you have a working Kibana install connected to a working Elasticsearch install.
Before you begin, make sure you've <<install, installed Kibana>> and established
a <<connect-to-elasticsearch, connection to Elasticsearch>>.

Video tutorials are also available:
You might also be interested in these video tutorials:

* https://www.elastic.co/blog/kibana-4-video-tutorials-part-1[High-level Kibana introduction, pie charts]
* https://www.elastic.co/blog/kibana-4-video-tutorials-part-2[Data discovery, bar charts, and line charts]
Expand Down
22 changes: 14 additions & 8 deletions docs/getting-started/tutorial-dashboard.asciidoc
Original file line number Diff line number Diff line change
@@ -1,14 +1,20 @@
[[tutorial-dashboard]]
== Putting it all Together with Dashboards

A Kibana dashboard is a collection of visualizations that you can arrange and share. To get started, click the
*Dashboard* tab, then the *Add Visualization* button at the far right of the search box to display the list of saved
visualizations. Select _Markdown Example_, _Pie Example_, _Bar Example_, and _Map Example_, then close the list of
visualizations by clicking the small up-arrow at the bottom of the list. You can move the containers for each
visualization by clicking and dragging the title bar. Resize the containers by dragging the lower right corner of a
visualization's container. Your sample dashboard should end up looking roughly like this:
A dashboard is a collection of visualizations that you can arrange and share.
To build a dashboard that contains the visualizations you saved during this tutorial:

. Click *Dashboard* in the side navigation.
. Click *Add* to display the list of saved visualizations.
. Click _Markdown Example_, _Pie Example_, _Bar Example_, and _Map Example_, then close the list of
visualizations by clicking the small up-arrow at the bottom of the list.

Hovering over a visualization displays the container controls that enable you to
edit, move, delete, and resize the visualization.

Your sample dashboard should end up looking roughly like this:

image::images/tutorial-dashboard.png[]

Click the *Save Dashboard* button, then name the dashboard _Tutorial Dashboard_. You can share a saved dashboard by
clicking the *Share* button to display HTML embedding code as well as a direct link.
To get a link to share or HTML code to embed the dashboard in a web page, save
the dashboard and click *Share*.
38 changes: 23 additions & 15 deletions docs/getting-started/tutorial-discovering.asciidoc
Original file line number Diff line number Diff line change
@@ -1,34 +1,42 @@
[[tutorial-discovering]]
== Discovering Your Data

Click the *Discover* image:images/discover-compass.png[Compass icon] tab to display Kibana's data discovery functions:
Click *Discover* in the side navigation to display Kibana's data discovery functions:

image::images/tutorial-discover.png[]

Right under the tab itself, there is a search box where you can search your data. Searches take a specific
{es-ref}query-dsl-query-string-query.html#query-string-syntax[query syntax] that enable you to create custom searches,
which you can save and load by clicking the buttons to the right of the search box.
In the query bar, you can enter an
{es-ref}query-dsl-query-string-query.html#query-string-syntax[Elasticsearch
query] to search your data. You can explore the results in Discover and create
visualizations of saved searches in Visualize.

Beneath the search box, the current index pattern is displayed in a drop-down. You can change the index pattern by
selecting a different pattern from the drop-down selector.
The current index pattern is displayed beneath the query bar. The index pattern
determines which indices are searched when you submit a query. To search a
different set of indices, select different pattern from the drop down menu.
To add an index pattern, go to *Management/Kibana/Index Patterns* and click
*Add New*.

You can construct searches by using the field names and the values you're interested in. With numeric fields you can
use comparison operators such as greater than (>), less than (<), or equals (=). You can link elements with the
You can construct searches by using the field names and the values you're
interested in. With numeric fields you can use comparison operators such as
greater than (>), less than (<), or equals (=). You can link elements with the
logical operators AND, OR, and NOT, all in uppercase.

Try selecting the `ba*` index pattern and putting the following search into the search box:
To try it out, select the `ba*` index pattern and enter the following query string
in the query bar:

[source,text]
account_number:<100 AND balance:>47500

This search returns all account numbers between zero and 99 with balances in excess of 47,500.

If you're using the linked sample data set, this search returns 5 results: Account numbers 8, 32, 78, 85, and 97.
This query returns all account numbers between zero and 99 with balances in
excess of 47,500. When searching the sample bank data, it returns 5 results:
Account numbers 8, 32, 78, 85, and 97.

image::images/tutorial-discover-2.png[]

To narrow the display to only the specific fields of interest, highlight each field in the list that displays under the
index pattern and click the *Add* button. Note how, in this example, adding the `account_number` field changes the
display from the full text of five records to a simple list of five account numbers:
By default, all fields are shown for each matching document. To choose which
document fields to display, hover over the Available Fields list and click the
*add* button next to each field you want include. For example, if you add
just the `account_number`, the display changes to a simple list of five
account numbers:

image::images/tutorial-discover-3.png[]
175 changes: 112 additions & 63 deletions docs/getting-started/tutorial-visualizing.asciidoc
Original file line number Diff line number Diff line change
@@ -1,28 +1,41 @@
[[tutorial-visualizing]]
== Data Visualization: Beyond Discovery
== Visualizing Your Data

The visualization tools available on the *Visualize* tab enable you to display aspects of your data sets in several
different ways.

Click on the *Visualize* image:images/visualize-icon.png[Bar chart icon] tab to start:
To start visualizing your data, click *Visualize* in the side navigation:

image::images/tutorial-visualize.png[]

Click on *Pie chart*, then *From a new search*. Select the `ba*` index pattern.
The *Visualize* tools enable you to view your data in several ways. For example,
let's use that venerable visualization, the pie chart, to get some insight
into the account balances in the sample bank account data.

Visualizations depend on Elasticsearch {es-ref}search-aggregations.html[aggregations] in two different types: _bucket_
aggregations and _metric_ aggregations. A bucket aggregation sorts your data according to criteria you specify. For
example, in our accounts data set, we can establish a range of account balances, then display what proportions of the
total fall into which range of balances.
To get started, click *Pie chart* in the list of visualizations. You can build
visualizations from saved searches, or enter new search criteria. To enter
new search criteria, you first need to select an index pattern to specify
what indices to search. We want to search the account data, so select the `ba*`
index pattern.

The whole pie displays, since we haven't specified any buckets yet.
The default search matches all documents. Initially, a single "slice"
encompasses the entire pie:

image::images/tutorial-visualize-pie-1.png[]

Select *Split Slices* from the *Select buckets type* list, then select *Range* from the *Aggregation* drop-down
selector. Select the *balance* field from the *Field* drop-down, then click on *Add Range* four times to bring the
total number of ranges to six. Enter the following ranges:

To specify what slices to display in the chart, you use an Elasticsearch
{es-ref}search-aggregations.html[bucket aggregation]. A bucket aggregation
simply sorts the documents that match your search criteria into different
categories, aka _buckets_. For example, the account data includes the balance
of each account. Using a bucket aggregation, you can establish multiple ranges
of account balances and find out how many accounts fall into each range.

To define a bucket for each range:

. Click the *Split Slices* buckets type.
. Select *Range* from the *Aggregation* list.
. Select the *balance* field from the *Field* list.
. Click *Add Range* four times to bring the
total number of ranges to six.
. Define the following ranges:
+
[source,text]
0 999
1000 2999
Expand All @@ -31,105 +44,141 @@ total number of ranges to six. Enter the following ranges:
15000 30999
31000 50000

Click the *Apply changes* button image:images/apply-changes-button.png[] to display the chart:
. Click *Apply changes* image:images/apply-changes-button.png[] to update the chart.

Now you can see what proportion of the 1000 accounts fall into each balance
range.

image::images/tutorial-visualize-pie-2.png[]

This shows you what proportion of the 1000 accounts fall in these balance ranges. To see another dimension of the data,
we're going to add another bucket aggregation. We can break down each of the balance ranges further by the account
holder's age.
Let's take a look at another dimension of the data: the account holder's
age. By adding another bucket aggregation, you can see the ages of the account
holders in each balance range:

Click *Add sub-buckets* at the bottom, then select *Split Slices*. Choose the *Terms* aggregation and the *age* field from
the drop-downs.
Click the *Apply changes* button image:images/apply-changes-button.png[] to add an external ring with the new
results.
. Click *Add sub-buckets* below the buckets list.
. Click *Split Slices* in the buckets type list.
. Select *Terms* from the aggregation list.
. Select *age* from the field list.
. Click *Apply changes* image:images/apply-changes-button.png[].

Now you can see the break down of the account holders' ages displayed
in a ring around the balance ranges.

image::images/tutorial-visualize-pie-3.png[]

Save this chart by clicking the *Save Visualization* button to the right of the search field. Name the visualization
_Pie Example_.
To save this chart so we can use it later, click *Save* and enter the name _Pie Example_.

Next, we're going to make a bar chart. Click on *New Visualization*, then *Vertical bar chart*. Select *From a new
search* and the `shakes*` index pattern. You'll see a single big bar, since we haven't defined any buckets yet:
Next, we're going to look at data in the Shakespeare data set. Let's find out how the
plays compare when it comes to the number of speaking parts and display the information
in a bar chart:

. Click *New* and select *Vertical bar chart*.
. Select the `shakes*` index pattern. Since you haven't defined any buckets yet,
you'll see a single big bar that shows the total count of documents that match
the default wildcard query.
+
image::images/tutorial-visualize-bar-1.png[]

For the Y-axis metrics aggregation, select *Unique Count*, with *speaker* as the field. For Shakespeare plays, it might
be useful to know which plays have the lowest number of distinct speaking parts, if your theater company is short on
actors. For the X-Axis buckets, select the *Terms* aggregation with the *play_name* field. For the *Order*, select
*Ascending*, leaving the *Size* at 5. Write a description for the axes in the *Custom Label* fields.
. To show the number of speaking parts per play along the y-axis, you need to
configure the Y-axis {es-ref}search-aggregations.html[metric aggregation]. A metric
aggregation computes metrics based on values extracted from the search results.
To get the number of speaking parts per play, select the *Unique Count*
aggregation and choose *speaker* from the field list. You can also give the
axis a custom label, _Speaking Parts_.

Leave the other elements at their default values and click the *Apply changes* button
image:images/apply-changes-button.png[]. Your chart should now look like this:
. To show the different plays long the x-axis, select the X-Axis buckets type,
select *Terms* from the aggregation list, and choose *play_name* from the field
list. To list them alphabetically, select *Ascending* order. You can also give
the axis a custom label, _Play Name_.

. Click *Apply changes* image:images/apply-changes-button.png[] to view the
results.

image::images/tutorial-visualize-bar-2.png[]

Notice how the individual play names show up as whole phrases, instead of being broken down into individual words. This
is the result of the mapping we did at the beginning of the tutorial, when we marked the *play_name* field as 'not
analyzed'.

Hovering on each bar shows you the number of speaking parts for each play as a tooltip. You can turn this behavior off,
as well as change many other options for your visualizations, by clicking the *Options* tab in the top left.
Hovering over each bar shows you the number of speaking parts for each play as a tooltip. To turn tooltips
off and configure other options for your visualizations, select the Visualization builder's *Options* tab.

Now that you have a list of the smallest casts for Shakespeare plays, you might also be curious to see which of these
plays makes the greatest demands on an individual actor by showing the maximum number of speeches for a given part. Add
a Y-axis aggregation with the *Add metrics* button, then choose the *Max* aggregation for the *speech_number* field. In
the *Options* tab, change the *Bar Mode* drop-down to *grouped*, then click the *Apply changes* button
image:images/apply-changes-button.png[]. Your chart should now look like this:
plays makes the greatest demands on an individual actor by showing the maximum number of speeches for a given part.

. Click *Add metrics* to add a Y-axis aggregation.
. Choose the *Max* aggregation and select the *speech_number* field.
. Click *Options* and change the *Bar Mode* to *grouped*.
. Click *Apply changes* image:images/apply-changes-button.png[]. Your chart should now look like this:

image::images/tutorial-visualize-bar-3.png[]

As you can see, _Love's Labours Lost_ has an unusually high maximum speech number, compared to the other plays, and
might therefore make more demands on an actor's memory.

Note how the *Number of speaking parts* Y-axis starts at zero, but the bars don't begin to differentiate until 18. To
make the differences stand out, starting the Y-axis at a value closer to the minimum, check the
*Scale Y-Axis to data bounds* box in the *Options* tab.
make the differences stand out, starting the Y-axis at a value closer to the minimum, go to Options and select
*Scale Y-Axis to data bounds*.

Save this chart with the name _Bar Example_.

Next, we're going to make a tile map chart to visualize some geographic data. Click on *New Visualization*, then
*Tile map*. Select *From a new search* and the `logstash-*` index pattern. Define the time window for the events
we're exploring by clicking the time selector at the top right of the Kibana interface. Click on *Absolute*, then set
the start time to May 18, 2015 and the end time for the range to May 20, 2015:
Next, we're going to use a tile map chart to visualize geographic information in our log file sample data.

. Click *New*.
. Select *Tile map*.
. Select the `logstash-*` index pattern.
. Set the time window for the events we're exploring:
. Click the time picker in the Kibana toolbar.
. Click *Absolute*.
. Set the start time to May 18, 2015 and the end time to May 20, 2015.
+
image::images/tutorial-timepicker.png[]

Once you've got the time range set up, click the *Go* button, then close the time picker by clicking the small up arrow
at the bottom. You'll see a map of the world, since we haven't defined any buckets yet:
. Once you've got the time range set up, click the *Go* button and close the time picker by
clicking the small up arrow in the bottom right corner.

You'll see a map of the world, since we haven't defined any buckets yet:

image::images/tutorial-visualize-map-1.png[]

Select *Geo Coordinates* as the bucket, then click the *Apply changes* button image:images/apply-changes-button.png[].
To map the geo coordinates from the log files select *Geo Coordinates* as
the bucket and click *Apply changes* image:images/apply-changes-button.png[].
Your chart should now look like this:

image::images/tutorial-visualize-map-2.png[]

You can navigate the map by clicking and dragging, zoom with the image:images/viz-zoom.png[] buttons, or hit the *Fit
Data Bounds* image:images/viz-fit-bounds.png[] button to zoom to the lowest level that includes all the points. You can
also create a filter to define a rectangle on the map, either to include or exclude, by clicking the
*Latitude/Longitude Filter* image:images/viz-lat-long-filter.png[] button and drawing a bounding box on the map.
A green oval with the filter definition displays right under the query box:
You can navigate the map by clicking and dragging, zoom with the
image:images/viz-zoom.png[] buttons, or hit the *Fit Data Bounds*
image:images/viz-fit-bounds.png[] button to zoom to the lowest level that
includes all the points. You can also include or exclude a rectangular area
by clicking the *Latitude/Longitude Filter* image:images/viz-lat-long-filter.png[]
button and drawing a bounding box on the map. Applied filters are displayed
below the query bar. Hovering over a filter displays controls to toggle,
pin, invert, or delete the filter.

image::images/tutorial-visualize-map-3.png[]

Hover on the filter to display the controls to toggle, pin, invert, or delete the filter. Save this chart with the name
_Map Example_.
Save this map with the name _Map Example_.

Finally, we're going to define a sample Markdown widget to display on our dashboard. Click on *New Visualization*, then
*Markdown widget*, to display a very simple Markdown entry field:

image::images/tutorial-visualize-md-1.png[]

Write the following text in the field:
Finally, create a Markdown widget to display extra information:

. Click *New*.
. Select *Markdown widget*.
. Enter the following text in the field:
+
[source,markdown]
# This is a tutorial dashboard!
The Markdown widget uses **markdown** syntax.
> Blockquotes in Markdown use the > character.

Click the *Apply changes* button image:images/apply-changes-button.png[] to display the rendered Markdown in the
preview pane:
. Click *Apply changes* image:images/apply-changes-button.png[] render the Markdown in the
preview pane.
+
image::images/tutorial-visualize-md-1.png[]





image::images/tutorial-visualize-md-2.png[]

Expand Down
13 changes: 11 additions & 2 deletions docs/getting-started/wrapping-up.asciidoc
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
[[wrapping-up]]
== Wrapping Up

Now that you've handled the basic aspects of Kibana's functionality, you're ready to explore Kibana in further detail.
Take a look at the rest of the documentation for more details!
Now that you have a handle on the basics, you're ready to start exploring
your own data with Kibana.

* See <<discover, Discover>> for more information about searching and filtering
your data.
* See <<visualize, Visualize>> for information about all of the visualization
types Kibana has to offer.
* See <<management, Management>> for information about configuring Kibana
and managing your saved objects.
* See <<console-kibana, Console>> for information about the interactive
console UI you can use to submit REST requests to Elasticsearch.
Binary file modified docs/images/Discover-Start-Annotated.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-dashboard.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-discover-2.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-discover-3.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-discover.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-visualize-bar-1.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-visualize-bar-2.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-visualize-bar-3.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-visualize-map-1.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-visualize-map-2.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-visualize-map-3.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-visualize-pie-1.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-visualize-pie-2.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/images/tutorial-visualize.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion docs/setup.asciidoc
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
[[setup]]
= Setup Kibana
= Set Up Kibana

[partintro]
--
Expand Down

0 comments on commit c5af7a4

Please sign in to comment.