diff --git a/docs/discover/set-time-filter.asciidoc b/docs/discover/set-time-filter.asciidoc index 6dfb050389532..c53850b38a2b0 100644 --- a/docs/discover/set-time-filter.asciidoc +++ b/docs/discover/set-time-filter.asciidoc @@ -1,7 +1,7 @@ [[set-time-filter]] == Setting the time filter If your index contains time-based events, and a time-field is configured for the -selected <>, set a time filter that displays only the data within the +selected <>, set a time filter that displays only the data within the specified time range. You can use the time filter to change the time range, or select a specific time diff --git a/docs/images/add-bucket.png b/docs/images/add-bucket.png new file mode 100644 index 0000000000000..acfba7366363e Binary files /dev/null and b/docs/images/add-bucket.png differ diff --git a/docs/images/color-picker.png b/docs/images/color-picker.png index a1148d3f4b1df..ebfa49b5c0442 100644 Binary files a/docs/images/color-picker.png and b/docs/images/color-picker.png differ diff --git a/docs/images/gauge.png b/docs/images/gauge.png new file mode 100644 index 0000000000000..b20d99f55268b Binary files /dev/null and b/docs/images/gauge.png differ diff --git a/docs/images/goal.png b/docs/images/goal.png new file mode 100644 index 0000000000000..04f16e8cd3e74 Binary files /dev/null and b/docs/images/goal.png differ diff --git a/docs/images/visualize-date-histogram-split-1.png b/docs/images/visualize-date-histogram-split-1.png new file mode 100644 index 0000000000000..3036d82a01759 Binary files /dev/null and b/docs/images/visualize-date-histogram-split-1.png differ diff --git a/docs/images/visualize-date-histogram-split-2.png b/docs/images/visualize-date-histogram-split-2.png new file mode 100644 index 0000000000000..4bc6e4b49c813 Binary files /dev/null and b/docs/images/visualize-date-histogram-split-2.png differ diff --git a/docs/images/visualize-date-histogram.png b/docs/images/visualize-date-histogram.png new file mode 100644 index 0000000000000..4380ea9703f12 Binary files /dev/null and b/docs/images/visualize-date-histogram.png differ diff --git a/docs/images/visualize-drag-reorder.png b/docs/images/visualize-drag-reorder.png new file mode 100644 index 0000000000000..a886a19c69f88 Binary files /dev/null and b/docs/images/visualize-drag-reorder.png differ diff --git a/docs/user/discover.asciidoc b/docs/user/discover.asciidoc index 0460013d10b8b..fa583918703f3 100644 --- a/docs/user/discover.asciidoc +++ b/docs/user/discover.asciidoc @@ -4,7 +4,7 @@ [partintro] -- *Discover* enables you to explore your data with {kib}'s data discovery functions. -You have access to every document in every index that matches the selected <>. +You have access to every document in every index that matches the selected <>. You can submit search queries, filter the search results, and view document data. You can also see the number of documents that match the search query and get field value statistics. If a time field is configured for the selected index pattern, the distribution of diff --git a/docs/user/visualize.asciidoc b/docs/user/visualize.asciidoc index 226028f6955e6..f08b853d4d8b0 100644 --- a/docs/user/visualize.asciidoc +++ b/docs/user/visualize.asciidoc @@ -13,41 +13,37 @@ to extract and process your data, you can create charts that show you the trends, spikes, and dips you need to know about. You can create visualizations from a search saved from <> -or start with a new search query. --- - -[[createvis]] -== Creating a Visualization +or start from an <>. -To create a visualization: +**Creating a Visualization** . Click on *Visualize* in the side navigation. . Click the *Create new visualization* button or the **+** button. . Choose the visualization type: + -* *Most frequently used visualizations* +* *<>* [horizontal] -<>:: Compare different series in X/Y charts. -<>:: Display each source's contribution to a total. -<>:: Flattens aggregations into table format. -<>:: Display a single number. -<>:: Display a number with more decoration. -<>:: Shade cells within a matrix. -<>:: Display words as a cloud in which the size of the word correspond to its importance. +<>:: Compare different series in X/Y charts. +<>:: Display each source's contribution to a total. +<>:: Flattens aggregations into table format. +<>:: Display a single number. +<>:: Display a number with more decoration. +<>:: Shade cells within a matrix. +<>:: Display words as a cloud in which the size of the word correspond to its importance. * *Time Series optimized* [horizontal] <>:: Visualize time series data using pipeline aggregations. -<>:: Compute and combine data from multiple time series -data sets. +<>:: Compute and combine data from multiple time series +data sets. Hidden by default. * *Maps* [horizontal] <>:: Elastic maps is the most powerful way of visualizing map data in Kibana <>:: Displays points on a map using a geohash aggregation. <>:: Merge any structured map data onto a shape -* *For use in dashboards* +* *<>* [horizontal] -<>:: Controls provide the ability to add interactive inputs to Kibana Dashboards. -<>:: Display free-form information or instructions. +<>:: Controls provide the ability to add interactive inputs to Kibana Dashboards. +<>:: Display free-form information or instructions. * *For developers* [horizontal] <>:: Complete control over query and display. @@ -66,65 +62,30 @@ modifications to the saved search are automatically reflected in the visualization. To disable automatic updates, you can disconnect a visualization from the saved search. -For example, if you're indexing Apache server logs, you could build bar chart -that shows the distribution of incoming requests by geographic location by -specifying a terms aggregation on the `geo.src` field: - -image::images/bar-terms-agg.png[] - -The y-axis shows the number of requests received from each country, and the -countries are displayed across the x-axis. - -Bar, line, or area chart visualizations use _metrics_ for the y-axis and -_buckets_ for the x-axis. Buckets are analogous to SQL `GROUP BY` -statements. Pie charts, use the metric for the slice size and the bucket -for the number of slices. - -You can further break down the data by specifying sub aggregations. The first -aggregation determines the data set for any subsequent aggregations. Sub -aggregations are applied in order--you can drag the aggregations to change the -order in which they're applied. - -For example, you could add a terms sub aggregation on the `geo.dest` field to -the Country of Origin bar chart to see the locations those requests were -targeting. - -image::images/bar-terms-subagg.png[] - -For more information about working with sub aggregations, see -https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana, -Aggregation Execution Order, and You]. +-- include::{kib-repo-dir}/visualize/saving.asciidoc[] -include::{kib-repo-dir}/visualize/visualize_rollup_data.asciidoc[] - -include::{kib-repo-dir}/visualize/xychart.asciidoc[] - -include::{kib-repo-dir}/visualize/controls.asciidoc[] +include::{kib-repo-dir}/visualize/most-frequent.asciidoc[] -include::{kib-repo-dir}/visualize/datatable.asciidoc[] +// include::{kib-repo-dir}/visualize/xychart.asciidoc[] +// include::{kib-repo-dir}/visualize/pie.asciidoc[] +// include::{kib-repo-dir}/visualize/datatable.asciidoc[] +// include::{kib-repo-dir}/visualize/metric.asciidoc[] +// include::{kib-repo-dir}/visualize/goal.asciidoc[] +// include::{kib-repo-dir}/visualize/heatmap.asciidoc[] +// include::{kib-repo-dir}/visualize/tagcloud.asciidoc[] -include::{kib-repo-dir}/visualize/markdown.asciidoc[] - -include::{kib-repo-dir}/visualize/metric.asciidoc[] - -include::{kib-repo-dir}/visualize/goal.asciidoc[] - -include::{kib-repo-dir}/visualize/pie.asciidoc[] +include::{kib-repo-dir}/visualize/tsvb.asciidoc[] +include::{kib-repo-dir}/visualize/timelion.asciidoc[] include::{kib-repo-dir}/visualize/tilemap.asciidoc[] - include::{kib-repo-dir}/visualize/regionmap.asciidoc[] -include::{kib-repo-dir}/visualize/timelion.asciidoc[] - -include::{kib-repo-dir}/visualize/tsvb.asciidoc[] - -include::{kib-repo-dir}/visualize/tagcloud.asciidoc[] - -include::{kib-repo-dir}/visualize/heatmap.asciidoc[] +include::{kib-repo-dir}/visualize/for-dashboard.asciidoc[] include::{kib-repo-dir}/visualize/vega.asciidoc[] include::{kib-repo-dir}/visualize/inspector.asciidoc[] + +include::{kib-repo-dir}/visualize/visualize_rollup_data.asciidoc[] diff --git a/docs/visualize/aggregations.asciidoc b/docs/visualize/aggregations.asciidoc new file mode 100644 index 0000000000000..c723c4c9a8cf1 --- /dev/null +++ b/docs/visualize/aggregations.asciidoc @@ -0,0 +1,101 @@ +[[supported-aggregations]] +=== Supported aggregations + +All of these visualizations support: + +**Metric Aggregations:** + +* {ref}/search-aggregations-metrics-avg-aggregation.html[Average] +* {ref}/search-aggregations-metrics-valuecount-aggregation.html[Count] +* {ref}/search-aggregations-metrics-max-aggregation.html[Maximum] +* *{ref}/search-aggregations-metrics-percentile-aggregation.html[Median]*: The value that is in the 50% percentile. +* {ref}/search-aggregations-metrics-min-aggregation.html[Minimum] +* {ref}/search-aggregations-metrics-sum-aggregation.html[Sum] +* Unique Count: Uses the {ref}/search-aggregations-metrics-cardinality-aggregation.html[Cardinality] aggregation. +* Standard Deviation: Uses the {ref}/search-aggregations-metrics-extendedstats-aggregation.html[_extended stats_] +aggregation. +* Top Hit: Uses the {ref}/search-aggregations-metrics-top-hits-aggregation.html[_top hits_] +aggregation to return a sample of individual documents. If more than one document is matched by this aggregation, you must choose a technique for combining the values. These techniques are average, min, max, and sum. +* Percentiles: The {ref}/search-aggregations-metrics-percentile-aggregation.html[_percentile_] aggregation divides the +values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one +or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a +percentile field. +* Percentile Rank: The {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[_percentile ranks_] +aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field +from the drop-down, then specify one or more percentile rank values in the *Values* fields. Click the *X* to remove a +values field. Click *+Add* to add a values field. + +**Sibling Pipeline Aggregations:** + +For each of the sibling pipeline aggregations you have to define a bucket and metric to calculate. This +has the effect of condensing many buckets into one number. + +*Average Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_avg bucket_] +calculates the (mean) average value of a specified metric in a sibling aggregation +*Sum Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_sum bucket_] +calculates the sum of values of a specified metric in a sibling aggregation +*Min Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_min bucket_] +calculates the minimum value of a specified metric in a sibling aggregation +*Max Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_max bucket_]calculates the maximum value of a specified metric in a sibling aggregation + +**Bucket Aggregations:** + +*Date Histogram*:: A {ref}/search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] splits a date field into buckets by interval. If the date field is the primary time field for the index pattern, it will pick an automatic interval for you. You can also choose a minimum time interval. You can also specify a custom interval frame by selecting *Custom* as the interval and +specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes, +*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision, +down to one millisecond. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch.For example, the tooltip for a monthly interval will show the first day of the month. + +*Histogram*:: A standard {ref}/search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a +numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty +intervals in the histogram. +*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges +of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove +a range. +*Date Range*:: A {ref}/search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values +that are within a range of dates that you specify. You can specify the ranges for the dates using +{ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints. +Click the red *(x)* symbol to remove a range. +*IPv4 Range*:: The {ref}/search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to +specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to +remove a range. +*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top +or bottom _n_ elements of a given field to display, ordered by count or a custom metric. +*Filters*:: Each filter creates a bucket of documents. You can specify a filter as a +<> or <> query string. Click *Add Filter* to +add another filter. Click the image:images/labelbutton.png[Label button icon] *label* button to open the label field, where +you can type in a name to display on the visualization. +*Significant Terms*:: An aggregation that returns interesting or unusual occurrences of terms in a set. Uses the{ref}/search-aggregations-bucket-significantterms-aggregation.html[Significant terms] aggregation. + + +These visualizations support parent pipeline aggregations: + +* Line, Area and Bar charts +* Data table + +**Parent Pipeline Aggregations:** + +For each of the parent pipeline aggregations you have to define a bucket and metric to calculate. These +metrics expect the buckets to be ordered, and are especially useful for time series data. +You can also nest these aggregations, for example to produce a 3rd derivative. + +* Derivative: The {ref}/search-aggregations-pipeline-derivative-aggregation.html[_derivative_] aggregation calculates +the derivative of specific metrics. +* Cumulative Sum: The {ref}/search-aggregations-pipeline-cumulative-sum-aggregation.html[_cumulative sum_] aggregation +calculates the cumulative sum of a specified metric in a parent histogram +* Moving Average: The {ref}/search-aggregations-pipeline-movavg-aggregation.html[_moving average_] aggregation will +slide a window across the data and emit the average value of that window +* Serial Diff: The {ref}/search-aggregations-pipeline-serialdiff-aggregation.html[_serial differencing_] is a technique +where values in a time series are subtracted from itself at different time lags or period + + +Custom Kibana plugins can <> +which includes support for adding more aggregations. + +Most aggregations have extra options under the *Advanced* link: + +include::json-input.asciidoc[] + +When multiple bucket aggregations are defined, you can use the drag target on each aggregation to change +the aggregation's priority. For more information about working with aggregation order, see +https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana, +Aggregation Execution Order, and You]. diff --git a/docs/visualize/bucket-aggs.asciidoc b/docs/visualize/bucket-aggs.asciidoc deleted file mode 100644 index 1e4611e9c6805..0000000000000 --- a/docs/visualize/bucket-aggs.asciidoc +++ /dev/null @@ -1,27 +0,0 @@ -*Date Histogram*:: A {ref}/search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] splits a date field into buckets by interval. If the date field is the primary time field for the index pattern, it will pick an automatic interval for you. You can also choose a minimum time interval. You can also specify a custom interval frame by selecting *Custom* as the interval and -specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes, -*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision, -down to one millisecond. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch. -For example, the tooltip for a monthly interval will show the first day of the month. - -*Histogram*:: A standard {ref}/search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a -numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty -intervals in the histogram. -*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges -of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove -a range. -*Date Range*:: A {ref}/search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values -that are within a range of dates that you specify. You can specify the ranges for the dates using -{ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints. -Click the red *(x)* symbol to remove a range. -*IPv4 Range*:: The {ref}/search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to -specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to -remove a range. -*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top -or bottom _n_ elements of a given field to display, ordered by count or a custom metric. -*Filters*:: Each filter creates a bucket of documents. You can specify a filter as a -<> or <> query string. Click *Add Filter* to -add another filter. Click the image:images/labelbutton.png[Label button icon] *label* button to open the label field, where -you can type in a name to display on the visualization. -*Significant Terms*:: An aggregation that returns interesting or unusual occurrences of terms in a set. Uses the -{ref}/search-aggregations-bucket-significantterms-aggregation.html[Significant terms] aggregation. \ No newline at end of file diff --git a/docs/visualize/datatable.asciidoc b/docs/visualize/datatable.asciidoc index 11f3090bf09a0..1736a491ab214 100644 --- a/docs/visualize/datatable.asciidoc +++ b/docs/visualize/datatable.asciidoc @@ -1,36 +1,21 @@ [[data-table]] -== Data Table +=== Data Table -Datatable visualizations allow you to plot aggregated data from a saved query or index pattern. -Datatables support multiple levels of {es} {ref}/search-aggregations-bucket.html[bucket] -aggregations, and one level of {es} {ref}/search-aggregations-metrics.html[metric] aggregations. - -. The nested structure of Elasticsearch responses is flattened into a table. +The nested structure of Elasticsearch responses is flattened into a table. Multiple tables can be displayed by configuring a bucket as a "Split table". -Tables support these metrics which can be displayed in each row. If more than one metric is selected, -you can use parent pipeline aggregations: - -include::metric-aggs.asciidoc[] -include::parent-pipeline-aggs.asciidoc[] -include::sibling-pipeline-aggs.asciidoc[] - -To add more rows to the table, or to create multiple tables, you need to use one of these bucket aggregations: +The table visualization has support for bucket aggregations beyond other visualizations: -Each bucket type supports the following aggregations: - -include::bucket-aggs.asciidoc[] *Geohash*:: The {ref}/search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation displays points based on a geohash. -*Geotile*:: The {ref}/search-aggregations-bucket-geotilegrid-aggregation.html[_geotile] aggregation groups points +*Geotile*:: The {ref}/search-aggregations-bucket-geotilegrid-aggregation.html[_geotile_] aggregation groups points based on web map tiling. +Tables can Once you've specified a bucket type aggregation, you can define sub-buckets to refine the visualization. Click *+ Add* to define a sub-bucket, then choose *Split rows* or *Split table*, then select an aggregation from the list of types. -You can use the up or down arrows to the right of the aggregation's type to change the aggregation's priority. - Enter a string in the *Custom Label* field to change the display label. You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation: diff --git a/docs/visualize/controls.asciidoc b/docs/visualize/for-dashboard.asciidoc similarity index 83% rename from docs/visualize/controls.asciidoc rename to docs/visualize/for-dashboard.asciidoc index f138044d788ef..3e71feb65fed6 100644 --- a/docs/visualize/controls.asciidoc +++ b/docs/visualize/for-dashboard.asciidoc @@ -1,8 +1,21 @@ +[[for-dashboard]] +== Markdown and Dashboard Controls + +[float] +[[markdown-widget]] +=== Markdown Widget + +The Markdown widget is a text entry field that accepts GitHub-flavored Markdown text. Kibana renders the text you enter +in this field and displays the results on the dashboard. You can click the *Help* link to go to the +https://help.github.com/articles/github-flavored-markdown/[help page] for GitHub flavored Markdown. Click *Apply* to +display the rendered text in the Preview pane or *Discard* to revert to a previous version. + + +[float] [[controls]] -== Controls Visualization +=== Dashboard Controls Visualization experimental[] - The Controls visualization enables you to add interactive inputs to Kibana dashboards. You can create two types of inputs: a dropdown menu and a radio slider. @@ -10,6 +23,7 @@ a dropdown menu and a radio slider. [role="screenshot"] image::images/controls/controls_in_dashboard.png[] +[float] [[add-input-controls]] === Adding Input Controls @@ -20,6 +34,7 @@ select *Controls*. In the visualization builder, choose the type of control to add to your visualization. +[float] ==== Dropdown menu A dropdown menu allows users to filter content by selecting @@ -49,6 +64,7 @@ creating multiple dropdown menus. *Size*:: The number of options to include in the list. +[float] ==== Range slider A range sliders allow users to filter content within a range of numbers. @@ -73,6 +89,7 @@ specified index pattern. *Decimal Places*:: The number of decimal places. +[float] [[global-options]] === Global Options diff --git a/docs/visualize/goal.asciidoc b/docs/visualize/goal.asciidoc index e46ac98499bbc..d01f6f72a3c16 100644 --- a/docs/visualize/goal.asciidoc +++ b/docs/visualize/goal.asciidoc @@ -1,16 +1,12 @@ [[goal-chart]] -== Goal and Gauge +=== Goal and Gauge -A goal visualization displays how your metric progresses toward a fixed goal. A gauge visualization displays in which -predefined range falls your metric. +A goal visualization displays how your metric progresses toward a fixed goal. A gauge visualization displays in which predefined range falls your metric. -include::metric-aggs.asciidoc[] -include::parent-pipeline-aggs.asciidoc[] -include::sibling-pipeline-aggs.asciidoc[] - -Open the *Advanced* link to display more customization options: - -include::json-input.asciidoc[] +[role="screenshot"] +image::images/goal.png[Goal visualization showing 5 days of data colored by their percentage] +[role="screenshot"] +image::images/gauge.png[Goal visualization showing 5 days of data colored by their percentage] Click the *Options* tab to change the following options: diff --git a/docs/visualize/heatmap.asciidoc b/docs/visualize/heatmap.asciidoc index 45b5fb888728a..30eebeedb8ef0 100644 --- a/docs/visualize/heatmap.asciidoc +++ b/docs/visualize/heatmap.asciidoc @@ -1,27 +1,7 @@ [[heatmap-chart]] -== Heatmap Chart +=== Heatmap Chart -A heat map is a graphical representation of data where the individual values contained in a matrix are represented as colors. -The color for each matrix position is determined by the _metrics_ aggregation. The following aggregations are available for -this chart: - -include::metric-aggs.asciidoc[] - -The _buckets_ aggregations determine what information is being retrieved from your data set. - -Before you choose a buckets aggregation, specify if you are defining buckets for X or Y axis within a single chart -or splitting into multiple charts. A multiple chart split must run before any other aggregations. -When you split a chart, you can change if the splits are displayed in a row or a column by clicking -the *Rows | Columns* selector. - -This chart's X and Y axis supports the following aggregations. Click the linked name of each aggregation to visit the main -Elasticsearch documentation for that aggregation. - -include::bucket-aggs.asciidoc[] -include::parent-pipeline-aggs.asciidoc[] -include::sibling-pipeline-aggs.asciidoc[] - -Enter a string in the *Custom Label* field to change the display label. +A heat map displays X and Y data in a matrix of cells, where each cell is shaded by a metric. You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation: diff --git a/docs/visualize/inspector.asciidoc b/docs/visualize/inspector.asciidoc index 98a8682e4231e..d03b55d31350d 100644 --- a/docs/visualize/inspector.asciidoc +++ b/docs/visualize/inspector.asciidoc @@ -1,8 +1,7 @@ [[vis-inspector]] == Inspecting Visualizations -Many visualizations allow you to inspect the query and data behind the -visualization. +Many visualizations allow you to inspect the query and data behind the visualization. To inspect a visualization, click the *Inspect* button in the editor or select *Inspect* from the Dashboard panel menu. diff --git a/docs/visualize/markdown.asciidoc b/docs/visualize/markdown.asciidoc deleted file mode 100644 index e4542c8cdd2dd..0000000000000 --- a/docs/visualize/markdown.asciidoc +++ /dev/null @@ -1,7 +0,0 @@ -[[markdown-widget]] -== Markdown Widget - -The Markdown widget is a text entry field that accepts GitHub-flavored Markdown text. Kibana renders the text you enter -in this field and displays the results on the dashboard. You can click the *Help* link to go to the -https://help.github.com/articles/github-flavored-markdown/[help page] for GitHub flavored Markdown. Click *Apply* to -display the rendered text in the Preview pane or *Discard* to revert to a previous version. diff --git a/docs/visualize/metric-aggs.asciidoc b/docs/visualize/metric-aggs.asciidoc deleted file mode 100644 index ad0c14bac48ea..0000000000000 --- a/docs/visualize/metric-aggs.asciidoc +++ /dev/null @@ -1,26 +0,0 @@ -**Metric Aggregations:** - -* {ref}/search-aggregations-metrics-valuecount-aggregation.html[Count] -* {ref}/search-aggregations-metrics-avg-aggregation.html[Average] -* {ref}/search-aggregations-metrics-sum-aggregation.html[Sum] -* {ref}/search-aggregations-metrics-min-aggregation.html[Minimum] -* {ref}/search-aggregations-metrics-max-aggregation.html[Maximum] -* {ref}/search-aggregations-metrics-max-aggregation.html[Maximum] -* *{ref}/search-aggregations-metrics-percentile-aggregation.html[Median]*: The value that is in the 50% percentile. -* *Unique Count*: Uses the {ref}/search-aggregations-metrics-cardinality-aggregation.html[Cardinality] aggregation. -* *Standard Deviation*: Uses the {ref}/search-aggregations-metrics-extendedstats-aggregation.html[_extended stats_] -aggregation. -* *Top Hit*: Uses the {ref}/search-aggregations-metrics-top-hits-aggregation.html[_top hits_] -aggregation to return a sample of individual documents. If more than one document is matched by this aggregation, you must choose a technique for combining the values. These techniques are average, min, max, and sum. -* *Percentiles*: The {ref}/search-aggregations-metrics-percentile-aggregation.html[_percentile_] aggregation divides the -values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one -or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a -percentile field. -* *Percentile Rank*: The {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[_percentile ranks_] -aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field -from the drop-down, then specify one or more percentile rank values in the *Values* fields. Click the *X* to remove a -values field. Click *+Add* to add a values field. - -You can add an aggregation by clicking the *+ Add Metrics* button. - -Enter a string in the *Custom Label* field to change the display label. diff --git a/docs/visualize/metric.asciidoc b/docs/visualize/metric.asciidoc index bcfb6cdbbef21..9cbc4a0f7a550 100644 --- a/docs/visualize/metric.asciidoc +++ b/docs/visualize/metric.asciidoc @@ -1,13 +1,4 @@ [[metric-chart]] -== Metric - -A metric visualization displays a single number for each aggregation you select: - -include::metric-aggs.asciidoc[] -include::sibling-pipeline-aggs.asciidoc[] - -You can click the *Advanced* link to display more customization options: - -include::json-input.asciidoc[] +=== Metric Click the *Options* tab to display the font size slider. diff --git a/docs/visualize/most-frequent.asciidoc b/docs/visualize/most-frequent.asciidoc new file mode 100644 index 0000000000000..b44afdf641a0c --- /dev/null +++ b/docs/visualize/most-frequent.asciidoc @@ -0,0 +1,73 @@ +[[most-frequent]] +== Most frequently used visualizations + +These are: + +* Line, Area and Bar charts +* Pie charts +* Data table +* Metric visualization +* Goal and Gauge visualization +* Heat maps +* Tag cloud + +These visualizations allow you to plot aggregated data from a <> or <>. They all support a single level of +Elasticsearch {es} {ref}/search-aggregations-metrics.html[metric] aggregations, and one or more +levels of {es} {ref}/search-aggregations-bucket.html[bucket] aggregations. + +[float] +=== Configuring your visualization + +Once you have selected a visualization and data source, you will see the default editor. +This editor is broken into *Metrics* and *Buckets*, and includes a default count +metric. Each visualization supports different configurations for what the metrics and buckets +represent. For example, a Bar chart would allow you to add an X axis: + +[role="screenshot"] +image::images/add-bucket.png["",height=478] + +A common configuration for the X axis is to use a {es} {ref}/search-aggregations-bucket-datehistogram-aggregation.html[date histogram] aggregation: + +[role="screenshot"] +image::images/visualize-date-histogram.png[] + +After adding a metric or bucket, you will need to *Apply changes* image:images/apply-changes-button.png[] + +If it's supported by the visualization, you can add more buckets. In this example we have +added a +{es} {ref}/search-aggregations-bucket-terms-aggregation.html[terms] aggregation on the field +`geo.src` to show the top 5 sources of log traffic. + +[role="screenshot"] +image::images/visualize-date-histogram-split-1.png[] + +As you can see in the image above, the new aggregation was added after the first one, so the result show +the top 5 sources of traffic per 3 hours. If you want to change the aggregation order, you can do +so by dragging: + +[role="screenshot"] +image::images/visualize-drag-reorder.png["",width=366] + +After dragging the terms aggregation to the top of the buckets panel, you see that the visualization +now shows the top 5 sources of traffic overall, and compares them in 3 hour increments: + +[role="screenshot"] +image::images/visualize-date-histogram-split-2.png[] + +Read more about how aggregations can be used in visualizations in <>. + +Each visualization also has its own customization options documented in the following pages. +Most of these visualizations allow you to customize the color of a specific series: + +[role="screenshot"] +image::images/color-picker.png[An array of color dots that users can select,height=267] + +include::aggregations.asciidoc[] + +include::xychart.asciidoc[] +include::pie.asciidoc[] +include::datatable.asciidoc[] +include::metric.asciidoc[] +include::goal.asciidoc[] +include::heatmap.asciidoc[] +include::tagcloud.asciidoc[] diff --git a/docs/visualize/parent-pipeline-aggs.asciidoc b/docs/visualize/parent-pipeline-aggs.asciidoc deleted file mode 100644 index 7e5599e043fe2..0000000000000 --- a/docs/visualize/parent-pipeline-aggs.asciidoc +++ /dev/null @@ -1,14 +0,0 @@ -**Parent Pipeline Aggregations:** - -For each of the parent pipeline aggregations you have to define the metric for which the aggregation is calculated. -That could be one of your existing metrics or a new one. You can also nest this aggregations -(for example to produce 3rd derivative) - -*Derivative*: The {ref}/search-aggregations-pipeline-derivative-aggregation.html[_derivative_] aggregation calculates -the derivative of specific metrics. -*Cumulative Sum*: The {ref}/search-aggregations-pipeline-cumulative-sum-aggregation.html[_cumulative sum_] aggregation -calculates the cumulative sum of a specified metric in a parent histogram -*Moving Average*: The {ref}/search-aggregations-pipeline-movavg-aggregation.html[_moving average_] aggregation will -slide a window across the data and emit the average value of that window -*Serial Diff*: The {ref}/search-aggregations-pipeline-serialdiff-aggregation.html[_serial differencing_] is a technique -where values in a time series are subtracted from itself at different time lags or period diff --git a/docs/visualize/pie.asciidoc b/docs/visualize/pie.asciidoc index a4d1ccf69498b..ce66213d6743f 100644 --- a/docs/visualize/pie.asciidoc +++ b/docs/visualize/pie.asciidoc @@ -1,14 +1,9 @@ [[pie-chart]] -== Pie Charts - -Pie charts allow you to plot aggregated data from a saved query or index pattern. -Pie charts support multiple levels of {es} {ref}/search-aggregations-bucket.html[bucket] -aggregations and base their slice size at each lavel on a -{es} {ref}/search-aggregations-metrics.html[metric] aggregations. +=== Pie Charts Pie charts do not support {es} {ref}/search-aggregations-pipeline.html[pipeline] aggregations. -The slice size can be based off these aggregations: +The slice size can be based off a limited set of aggregations, specifically: * {ref}/search-aggregations-metrics-valuecount-aggregation.html[Count] * {ref}/search-aggregations-metrics-sum-aggregation.html[Sum] @@ -16,29 +11,6 @@ The slice size can be based off these aggregations: * *Top Hit*: Uses the {ref}/search-aggregations-metrics-top-hits-aggregation.html[_top hits_] aggregation to return a sample of individual documents. If more than one document is matched by this aggregation, you must choose a technique for combining the values. These techniques are average, min, max, and sum. -Enter a string in the *Custom Label* field to change the display label. - -The _buckets_ aggregations determine what information is being retrieved from your data set. - -Before you choose a buckets aggregation, specify if you are splitting slices within a single chart or splitting into -multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change -if the splits are displayed in a row or a column by clicking the *Rows | Columns* selector. - -You can specify any of the following bucket aggregations for your pie chart: - -include::bucket-aggs.asciidoc[] - -After defining an initial bucket aggregation, you can define sub-buckets to refine the visualization. Click *+ Add* -to define a sub-aggregation, then choose *Split Slices* to select a sub-bucket from the list of -types. - -When multiple aggregations are defined on a chart's axis, you can use the up or down arrows to the right of the -aggregation's type to change the aggregation's priority. - -include::color-picker.asciidoc[] - -Enter a string in the *Custom Label* field to change the display label. - You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation: *Exclude Pattern*:: Specify a pattern in this field to exclude from the results. diff --git a/docs/visualize/saving.asciidoc b/docs/visualize/saving.asciidoc index 855555794a6f0..c244121965095 100644 --- a/docs/visualize/saving.asciidoc +++ b/docs/visualize/saving.asciidoc @@ -21,4 +21,4 @@ To save the current visualization: . Click *Save* in the Kibana toolbar. . Enter a name for the visualization and click *Save*. -You can import, export and delete saved visualizations from *Management/Kibana/Saved Objects*. +You can import, export and delete saved visualizations from *<>*. diff --git a/docs/visualize/sibling-pipeline-aggs.asciidoc b/docs/visualize/sibling-pipeline-aggs.asciidoc deleted file mode 100644 index d96a00086ca55..0000000000000 --- a/docs/visualize/sibling-pipeline-aggs.asciidoc +++ /dev/null @@ -1,14 +0,0 @@ -**Sibling Pipeline Aggregations:** - -Just like with parent pipeline aggregations you need to provide a metric for which to calculate the sibling aggregation. -On top of that you also need to provide a bucket aggregation which will define the buckets on which the sibling -aggregation will run - -*Average Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_avg bucket_] -calculates the (mean) average value of a specified metric in a sibling aggregation -*Sum Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_sum bucket_] -calculates the sum of values of a specified metric in a sibling aggregation -*Min Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_min bucket_] -calculates the minimum value of a specified metric in a sibling aggregation -*Max Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_max bucket_] -calculates the maximum value of a specified metric in a sibling aggregation diff --git a/docs/visualize/tagcloud.asciidoc b/docs/visualize/tagcloud.asciidoc index 8617574568f0e..ec24076604b43 100644 --- a/docs/visualize/tagcloud.asciidoc +++ b/docs/visualize/tagcloud.asciidoc @@ -1,20 +1,10 @@ [[tagcloud-chart]] -== Tag Clouds +=== Tag Clouds A tag cloud visualization is a visual representation of text data, typically used to visualize free form text. Tags are usually single words, and the importance of each tag is shown with font size or color. -The font size for each word is determined by the _metrics_ aggregation. The following aggregations are available for -this chart: - -include::metric-aggs.asciidoc[] - - -The _buckets_ aggregations determine what information is being retrieved from your data set. - -Before you choose a buckets aggregation, select the *Split Tags* option. - -You can specify the following bucket aggregations for tag cloud visualization: +The tag cloud only supports one type of bucket aggregation: *Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top or bottom _n_ elements of a given field to display, ordered by count or a custom metric. diff --git a/docs/visualize/xychart.asciidoc b/docs/visualize/xychart.asciidoc index 02e628b817b68..c2c124f67be98 100644 --- a/docs/visualize/xychart.asciidoc +++ b/docs/visualize/xychart.asciidoc @@ -1,43 +1,8 @@ [[xy-chart]] -== Line, Area, and Bar charts +=== Line, Area, and Bar charts -Line, Area, and Bar charts allow you to plot aggregated data from a saved query or index pattern. -These visualizations support multiple levels of {es} {ref}/search-aggregations-bucket.html[bucket] -or {es} {ref}/search-aggregations-pipeline.html[pipeline] aggregations, and one level of -{es} {ref}/search-aggregations-metrics.html[metric] aggregations. - -Charts are expected to contain a single X axis, but you can split charts into multiple smaller Line, Area, or Bar charts using the Split Charts feature. - -image::images/bar-terms-subagg.png[] - -The chart's X axis supports the following aggregations. Click the linked name of each aggregation to visit the main -Elasticsearch documentation for that aggregation. - -include::bucket-aggs.asciidoc[] - -Once you've specified an X axis aggregation, you can define sub-aggregations to refine the visualization. Click *+ Add -* to define a sub-aggregation, then choose *Split Series* or *Split Chart*, then select a sub-aggregation -from the list of types. - -When multiple aggregations are defined on a chart's axis, you can use the up or down arrows to the right of the -aggregation's type to change the aggregation's priority. - -Enter a string in the *Custom Label* field to change the display label. - - -First you need to select your _metrics_ which define Value axis. - -include::metric-aggs.asciidoc[] - -The _buckets_ aggregations determine what information is being retrieved from your data set. - -Before you choose a buckets aggregation, specify if you are splitting slices within a single chart or splitting into -multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change -if the splits are displayed in a row or a column by clicking the *Rows | Columns* selector. - -include::color-picker.asciidoc[] - -Enter a string in the *Custom Label* field to change the display label. +Charts are expected to contain a single X axis, but you can split charts into multiple smaller Line, Area, or Bar +charts using the Split Charts feature. You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation: @@ -47,13 +12,13 @@ include::json-input.asciidoc[] [float] [[metrics-axes]] -=== Metrics & Axes +==== Metrics & Axes Select the *Metrics & Axes* tab to change the way each individual metric is shown on the chart. The data series are styled in the _Metrics_ section, while the axes are styled in the X and Y axis sections. [float] -==== Metrics +===== Metrics Modify how each metric from the Data panel is visualized on the chart. *Chart type*:: Choose between *Area*, *Line*, and *Bar* types. @@ -62,7 +27,7 @@ Modify how each metric from the Data panel is visualized on the chart. *Line mode*:: should the outline of lines or bars appear *smooth*, *straight*, or *stepped*. [float] -==== Y-axis +===== Y-axis Style all the Y-axes of the chart. @@ -82,7 +47,7 @@ Style all the Y-axes of the chart. *Custom Extents*:::: You can define custom minimum and maximum for each axis [float] -==== X-Axis +===== X-Axis *Position*:: position of the X-Axis (*left* or *right* for horizontal charts, and *top* or *bottom* for vertical charts). *Advanced Options*:: @@ -93,18 +58,18 @@ Style all the Y-axes of the chart. [float] [[panel-settings]] -=== Panel Settings +==== Panel Settings These are options that apply to the entire chart and not just the individual data series. [float] -==== Common options +===== Common options *Legend Position*:: Move your legend to the *left*, *right*, *top* or *bottom* *Show Tooltip*:: Enables or disables the display of tooltip on hovering over chart objects *Current Time Marker*:: Show a line indicating the current time [float] -==== Grid options +===== Grid options You can enable grid on the chart. By default grid is displayed on the category axis only. *X-axis*:: You can disable the display of grid lines on category axis