Create a new section for default editor docs

docs/discover/set-time-filter.asciidoc

@@ -1,7 +1,7 @@
 [[set-time-filter]]
 == Setting the time filter
 If your index contains time-based events, and a time-field is configured for the 
-selected <<index-patterns, index pattern>>, set a time filter that displays only the data within the 
+selected <<index-patterns, index pattern>>, set a time filter that displays only the data within the
 specified time range.
 
 You can use the time filter to change the time range, or select a specific time 

docs/user/discover.asciidoc

@@ -4,7 +4,7 @@
 [partintro]
 --
 *Discover* enables you to explore your data with {kib}'s data discovery functions. 
-You have access to every document in every index that matches the selected <<index-patterns, index pattern>>. 
+You have access to every document in every index that matches the selected <<index-patterns, index pattern>>.
 You can submit search queries, filter the search results, and view document data.
 You can also see the number of documents that match the search query and get field value statistics. 
 If a time field is configured for the selected index pattern, the distribution of 

docs/user/visualize.asciidoc

@@ -13,41 +13,37 @@ to extract and process your data, you can create charts that show
 you the trends, spikes, and dips you need to know about.
 
 You can create visualizations from a search saved from <<discover, Discover>>
-or start with a new search query.
---
-
-[[createvis]]
-== Creating a Visualization
+or start from an <<index-patterns, index pattern>>.
 
-To create a visualization:
+**Creating a Visualization**
 
 . Click on *Visualize* in the side navigation.
 . Click the *Create new visualization* button or the **+** button.
 . Choose the visualization type:
 +
-* *Most frequently used visualizations*
+* *<<most-frequent,Most frequently used visualizations>>*
 [horizontal]
-<<xy-chart,Line&comma; Area and Bar charts>>:: Compare different series in X/Y charts.
-<<pie-chart,Pie chart>>:: Display each source's contribution to a total.
-<<data-table,Data table>>:: Flattens aggregations into table format.
-<<metric-chart,Metric>>:: Display a single number.
-<<goal-chart,Goal and Gauge>>:: Display a number with more decoration.
-<<heatmap-chart,Heat maps>>:: Shade cells within a matrix.
-<<tagcloud-chart,Tag cloud>>:: Display words as a cloud in which the size of the word correspond to its importance.
+<<most-frequent,Line&comma; Area and Bar charts>>:: Compare different series in X/Y charts.
+<<most-frequent,Pie chart>>:: Display each source's contribution to a total.
+<<most-frequent,Data table>>:: Flattens aggregations into table format.
+<<most-frequent,Metric>>:: Display a single number.
+<<most-frequent,Goal and Gauge>>:: Display a number with more decoration.
+<<most-frequent,Heat maps>>:: Shade cells within a matrix.
+<<most-frequent,Tag cloud>>:: Display words as a cloud in which the size of the word correspond to its importance.
 * *Time Series optimized*
 [horizontal]
 <<TSVB,TSVB>>:: Visualize time series data using pipeline aggregations.
-<<timelion,Timelion>>:: Compute and combine data from multiple time series
-data sets.
+<<timelion,_Timelion_>>:: Compute and combine data from multiple time series
+data sets. Hidden by default.
 * *Maps*
 [horizontal]
 <<maps, Elastic maps>>:: Elastic maps is the most powerful way of visualizing map data in Kibana
 <<tilemap,_Coordinate map_>>:: Displays points on a map using a geohash aggregation.
 <<regionmap,_Region map_>>:: Merge any structured map data onto a shape
-* *For use in dashboards*
+* *<<for-dashboard, For use in dashboards>>*
 [horizontal]
-<<controls,Controls>>:: Controls provide the ability to add interactive inputs to Kibana Dashboards.
-<<markdown-widget,Markdown widget>>:: Display free-form information or instructions.
+<<for-dashboard,Controls>>:: Controls provide the ability to add interactive inputs to Kibana Dashboards.
+<<for-dashboard,Markdown widget>>:: Display free-form information or instructions.
 * *For developers*
 [horizontal]
 <<vega-graph,Vega>>:: Complete control over query and display.
@@ -66,65 +62,30 @@ modifications to the saved search are automatically reflected in the
 visualization. To disable automatic updates, you can disconnect a visualization
 from the saved search.
 
-For example, if you're indexing Apache server logs, you could build bar chart
-that shows the distribution of incoming requests by geographic location by
-specifying a terms aggregation on the `geo.src` field:
-
-image::images/bar-terms-agg.png[]
-
-The y-axis shows the number of requests received from each country, and the
-countries are displayed across the x-axis.
-
-Bar, line, or area chart visualizations use _metrics_ for the y-axis and
-_buckets_ for the x-axis. Buckets are analogous to SQL `GROUP BY`
-statements. Pie charts, use the metric for the slice size and the bucket
-for the number of slices.
-
-You can further break down the data by specifying sub aggregations. The first
-aggregation determines the data set for any subsequent aggregations. Sub
-aggregations are applied in order--you can drag the aggregations to change the
-order in which they're applied.
-
-For example, you could add a terms sub aggregation on the `geo.dest` field to
-the Country of Origin bar chart to see the locations those requests were
-targeting.
-
-image::images/bar-terms-subagg.png[]
-
-For more information about working with sub aggregations, see
-https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana,
-Aggregation Execution Order, and You].
+--
 
 include::{kib-repo-dir}/visualize/saving.asciidoc[]
 
-include::{kib-repo-dir}/visualize/visualize_rollup_data.asciidoc[]
-
-include::{kib-repo-dir}/visualize/xychart.asciidoc[]
-
-include::{kib-repo-dir}/visualize/controls.asciidoc[]
+include::{kib-repo-dir}/visualize/most-frequent.asciidoc[]
 
-include::{kib-repo-dir}/visualize/datatable.asciidoc[]
+// include::{kib-repo-dir}/visualize/xychart.asciidoc[]
+// include::{kib-repo-dir}/visualize/pie.asciidoc[]
+// include::{kib-repo-dir}/visualize/datatable.asciidoc[]
+// include::{kib-repo-dir}/visualize/metric.asciidoc[]
+// include::{kib-repo-dir}/visualize/goal.asciidoc[]
+// include::{kib-repo-dir}/visualize/heatmap.asciidoc[]
+// include::{kib-repo-dir}/visualize/tagcloud.asciidoc[]
 
-include::{kib-repo-dir}/visualize/markdown.asciidoc[]
-
-include::{kib-repo-dir}/visualize/metric.asciidoc[]
-
-include::{kib-repo-dir}/visualize/goal.asciidoc[]
-
-include::{kib-repo-dir}/visualize/pie.asciidoc[]
+include::{kib-repo-dir}/visualize/tsvb.asciidoc[]
+include::{kib-repo-dir}/visualize/timelion.asciidoc[]
 
 include::{kib-repo-dir}/visualize/tilemap.asciidoc[]
-
 include::{kib-repo-dir}/visualize/regionmap.asciidoc[]
 
-include::{kib-repo-dir}/visualize/timelion.asciidoc[]
-
-include::{kib-repo-dir}/visualize/tsvb.asciidoc[]
-
-include::{kib-repo-dir}/visualize/tagcloud.asciidoc[]
-
-include::{kib-repo-dir}/visualize/heatmap.asciidoc[]
+include::{kib-repo-dir}/visualize/for-dashboard.asciidoc[]
 
 include::{kib-repo-dir}/visualize/vega.asciidoc[]
 
 include::{kib-repo-dir}/visualize/inspector.asciidoc[]
+
+include::{kib-repo-dir}/visualize/visualize_rollup_data.asciidoc[]

docs/visualize/aggregations.asciidoc

@@ -0,0 +1,101 @@
+[[supported-aggregations]]
+=== Supported aggregations
+
+All of these visualizations support:
+
+**Metric Aggregations:**
+
+* {ref}/search-aggregations-metrics-avg-aggregation.html[Average]
+* {ref}/search-aggregations-metrics-valuecount-aggregation.html[Count]
+* {ref}/search-aggregations-metrics-max-aggregation.html[Maximum]
+* *{ref}/search-aggregations-metrics-percentile-aggregation.html[Median]*: The value that is in the 50% percentile.
+* {ref}/search-aggregations-metrics-min-aggregation.html[Minimum]
+* {ref}/search-aggregations-metrics-sum-aggregation.html[Sum]
+* Unique Count: Uses the {ref}/search-aggregations-metrics-cardinality-aggregation.html[Cardinality] aggregation.
+* Standard Deviation: Uses the {ref}/search-aggregations-metrics-extendedstats-aggregation.html[_extended stats_]
+aggregation.
+* Top Hit: Uses the {ref}/search-aggregations-metrics-top-hits-aggregation.html[_top hits_]
+aggregation to return a sample of individual documents. If more than one document is matched by this aggregation, you must choose a technique for combining the values. These techniques are average, min, max, and sum.
+* Percentiles: The {ref}/search-aggregations-metrics-percentile-aggregation.html[_percentile_] aggregation divides the
+values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one
+or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a
+percentile field.
+* Percentile Rank: The {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[_percentile ranks_]
+aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field
+from the drop-down, then specify one or more percentile rank values in the *Values* fields. Click the *X* to remove a
+values field. Click *+Add* to add a values field.
+
+**Sibling Pipeline Aggregations:**
+
+For each of the sibling pipeline aggregations you have to define a bucket and metric to calculate. This
+has the effect of condensing many buckets into one number.
+
+*Average Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_avg bucket_]
+calculates the (mean) average value of a specified metric in a sibling aggregation
+*Sum Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_sum bucket_]
+calculates the sum of values of a specified metric in a sibling aggregation
+*Min Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_min bucket_]
+calculates the minimum value of a specified metric in a sibling aggregation
+*Max Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_max bucket_]calculates the maximum value of a specified metric in a sibling aggregation
+
+**Bucket Aggregations:**
+
+*Date Histogram*:: A {ref}/search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] splits a date field into buckets by interval. If the date field is the primary time field for the index pattern, it will pick an automatic interval for you. You can also choose a minimum time interval. You can also specify a custom interval frame by selecting *Custom* as the interval and
+specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
+*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
+down to one millisecond. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch.For example, the tooltip for a monthly interval will show the first day of the month.
+
+*Histogram*:: A standard {ref}/search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
+numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
+intervals in the histogram.
+*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
+of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
+a range.
+*Date Range*:: A {ref}/search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
+that are within a range of dates that you specify. You can specify the ranges for the dates using
+{ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
+Click the red *(x)* symbol to remove a range.
+*IPv4 Range*:: The {ref}/search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to
+specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to
+remove a range.
+*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
+or bottom _n_ elements of a  given field to display, ordered by count or a custom metric.
+*Filters*:: Each filter creates a bucket of documents. You can specify a filter as a
+<<kuery-query, KQL>> or <<lucene-query, Lucene>> query string. Click *Add Filter* to
+add another filter. Click the image:images/labelbutton.png[Label button icon] *label* button to open the label field, where
+you can type in a name to display on the visualization.
+*Significant Terms*:: An aggregation that returns interesting or unusual occurrences of terms in a set. Uses the{ref}/search-aggregations-bucket-significantterms-aggregation.html[Significant terms] aggregation.
+
+
+These visualizations support parent pipeline aggregations:
+
+* Line, Area and Bar charts
+* Data table
+
+**Parent Pipeline Aggregations:**
+
+For each of the parent pipeline aggregations you have to define a bucket and metric to calculate. These
+metrics expect the buckets to be ordered, and are especially useful for time series data.
+You can also nest these aggregations, for example to produce a 3rd derivative.
+
+* Derivative: The {ref}/search-aggregations-pipeline-derivative-aggregation.html[_derivative_] aggregation calculates
+the derivative of specific metrics.
+* Cumulative Sum: The {ref}/search-aggregations-pipeline-cumulative-sum-aggregation.html[_cumulative sum_] aggregation
+calculates the cumulative sum of a specified metric in a parent histogram
+* Moving Average: The {ref}/search-aggregations-pipeline-movavg-aggregation.html[_moving average_] aggregation  will
+slide a window across the data and emit the average value of that window
+* Serial Diff: The {ref}/search-aggregations-pipeline-serialdiff-aggregation.html[_serial differencing_] is a technique
+where values in a time series are subtracted from itself at different time lags or period
+
+
+Custom Kibana plugins can <<development-visualize-index, add more capabilities to the default editor>>
+which includes support for adding more aggregations.
+
+Most aggregations have extra options under the *Advanced* link:
+
+include::json-input.asciidoc[]
+
+When multiple bucket aggregations are defined, you can use the drag target on each aggregation to change
+the aggregation's priority. For more information about working with aggregation order, see
+https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana,
+Aggregation Execution Order, and You].

docs/visualize/datatable.asciidoc

@@ -1,36 +1,21 @@
 [[data-table]]
-== Data Table
+=== Data Table
 
-Datatable visualizations allow you to plot aggregated data from a saved query or index pattern.
-Datatables support multiple levels of {es} {ref}/search-aggregations-bucket.html[bucket]
-aggregations, and one level of {es} {ref}/search-aggregations-metrics.html[metric] aggregations.
-
-. The nested structure of Elasticsearch responses is flattened into a table.
+The nested structure of Elasticsearch responses is flattened into a table.
 Multiple tables can be displayed by configuring a bucket as a "Split table".
 
-Tables support these metrics which can be displayed in each row. If more than one metric is selected,
-you can use parent pipeline aggregations:
-
-include::metric-aggs.asciidoc[]
-include::parent-pipeline-aggs.asciidoc[]
-include::sibling-pipeline-aggs.asciidoc[]
-
-To add more rows to the table, or to create multiple tables, you need to use one of these bucket aggregations:
+The table visualization has support for bucket aggregations beyond other visualizations:
 
-Each bucket type supports the following aggregations:
-
-include::bucket-aggs.asciidoc[]
 *Geohash*:: The {ref}/search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation displays points
 based on a geohash.
-*Geotile*:: The {ref}/search-aggregations-bucket-geotilegrid-aggregation.html[_geotile] aggregation groups points
+*Geotile*:: The {ref}/search-aggregations-bucket-geotilegrid-aggregation.html[_geotile_] aggregation groups points
 based on web map tiling.
 
+Tables can 
 Once you've specified a bucket type aggregation, you can define sub-buckets to refine the visualization. Click
 *+ Add* to define a sub-bucket, then choose *Split rows* or *Split table*, then select an
 aggregation from the list of types.
 
-You can use the up or down arrows to the right of the aggregation's type to change the aggregation's priority.
-
 Enter a string in the *Custom Label* field to change the display label.
 
 You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation: