diff --git a/docs/discover/context.asciidoc b/docs/discover/context.asciidoc index 2c85358f84d52..9049109d6124d 100644 --- a/docs/discover/context.asciidoc +++ b/docs/discover/context.asciidoc @@ -3,7 +3,7 @@ For certain applications it can be useful to inspect a window of documents surrounding a specific event. The context view enables you to do just that for -index patterns that are configured to contain time-based events. +<> that are configured to contain time-based events. To show the context surrounding an anchor document, click the *Expand* button image:images/ExpandButton.jpg[Expand Button] to the left of the document's diff --git a/docs/discover/document-data.asciidoc b/docs/discover/document-data.asciidoc index a85489a947cea..dc6a45dc5ad7e 100644 --- a/docs/discover/document-data.asciidoc +++ b/docs/discover/document-data.asciidoc @@ -5,7 +5,7 @@ When you submit a search query, the 500 most recent documents that match the que are listed in the Documents table. You can configure the number of documents shown in the table by setting the `discover:sampleSize` property in <>. By default, the table shows the localized version of the time -field configured for the selected index pattern and the document `_source`. You can +field configured for the selected <> and the document `_source`. You can <> from the Fields list. You can <> by any indexed field that's included in the table. diff --git a/docs/discover/field-filter.asciidoc b/docs/discover/field-filter.asciidoc index 98a3b90617a71..5646fe079401e 100644 --- a/docs/discover/field-filter.asciidoc +++ b/docs/discover/field-filter.asciidoc @@ -14,7 +14,8 @@ To add a filter from the Fields list: . Click the name of the field you want to filter on. This displays the top five values for that field. + -image::images/filter-field.jpg[] +[role="screenshot"] +image::images/filter-field.png[height=317] . To add a positive filter, click the *Positive Filter* button image:images/PositiveFilter.jpg[Positive Filter]. This includes only those documents that contain that value in the field. @@ -43,8 +44,7 @@ field name. This includes only those documents that contain the field. To manually add a filter: . Click *Add Filter*. A popup will be displayed for you to create the filter. -+ -image::images/add_filter.png[] + . Choose a field to filter by. This list of fields will include fields from the index pattern you are currently querying against. + @@ -78,26 +78,26 @@ turn off the suggestions by setting the advanced setting, `filterEditor:suggestV [[filter-pinning]] === Managing Filters -To modify a filter, hover over it and click one of the action buttons. +To modify a filter, click on it and click one of the action buttons. image::images/filter-allbuttons.png[]   -image:images/filter-enable.png[] Enable Filter :: Disable the filter without -removing it. Click again to reenable the filter. Diagonal stripes indicate -that a filter is disabled. -image:images/filter-pin.png[] Pin Filter :: Pin the filter. Pinned filters +Pin across all apps :: Pinned filters persist when you switch contexts in Kibana. For example, you can pin a filter in Discover and it remains in place when you switch to Visualize. Note that a filter is based on a particular index field--if the indices being searched don't contain the field in a pinned filter, it has no effect. -image:images/filter-toggle.png[] Invert Filter :: Switch from a positive -filter to a negative filter and vice-versa. -image:images/filter-delete.png[] Remove Filter :: Remove the filter. -image:images/filter-custom.png[] Edit Filter :: <> definition. Enables you to manually update the filter and specify a label for the filter. +Exclude results :: Switch from a positive +filter to a negative filter and vice-versa. +Temporarily disable :: Disable the filter without +removing it. Click again to reenable the filter. Diagonal stripes indicate +that a filter is disabled. +Remove Filter :: Remove the filter. To apply a filter action to all of the applied filters, click *Actions* and select the action. diff --git a/docs/discover/search.asciidoc b/docs/discover/search.asciidoc index cfca4f2fc092b..9c4e406455c27 100644 --- a/docs/discover/search.asciidoc +++ b/docs/discover/search.asciidoc @@ -1,7 +1,7 @@ [[search]] == Searching your data -You can search the indices that match the current index pattern by entering -your search criteria in the Query bar. By default you can use Kibana's standard query language +You can search the indices that match the current <> by entering +your search criteria in the Query bar. By default you can use Kibana's <> which features autocomplete and a simple, easy to use syntax. Kibana's legacy query language (based on Lucene https://lucene.apache.org/core/2_9_4/queryparsersyntax.html[query syntax]) is still available for the time being under the options menu in the Query Bar. When this diff --git a/docs/discover/set-time-filter.asciidoc b/docs/discover/set-time-filter.asciidoc index c2d366cdcbbb6..c53850b38a2b0 100644 --- a/docs/discover/set-time-filter.asciidoc +++ b/docs/discover/set-time-filter.asciidoc @@ -1,7 +1,7 @@ [[set-time-filter]] == Setting the time filter If your index contains time-based events, and a time-field is configured for the -selected index pattern, set a time filter that displays only the data within the +selected <>, set a time filter that displays only the data within the specified time range. You can use the time filter to change the time range, or select a specific time diff --git a/docs/discover/viewing-field-stats.asciidoc b/docs/discover/viewing-field-stats.asciidoc index d9fd3b9eb033b..96a26c78596e2 100644 --- a/docs/discover/viewing-field-stats.asciidoc +++ b/docs/discover/viewing-field-stats.asciidoc @@ -11,4 +11,4 @@ they are available in the side bar if we uncheck "Hide missing fields". To view field data statistics, click the name of a field in the Fields list. -image:images/filter-field.jpg[Field Statistics] \ No newline at end of file +image:images/filter-field.png[Field Statistics,height=317] \ No newline at end of file diff --git a/docs/images/add-bucket.png b/docs/images/add-bucket.png new file mode 100644 index 0000000000000..acfba7366363e Binary files /dev/null and b/docs/images/add-bucket.png differ diff --git a/docs/images/add_filter.png b/docs/images/add_filter.png deleted file mode 100644 index 0591472c5c9ea..0000000000000 Binary files a/docs/images/add_filter.png and /dev/null differ diff --git a/docs/images/add_filter_field.png b/docs/images/add_filter_field.png index f2093ab94e727..2052559cf5273 100644 Binary files a/docs/images/add_filter_field.png and b/docs/images/add_filter_field.png differ diff --git a/docs/images/add_filter_operator.png b/docs/images/add_filter_operator.png index dc2355e8cb2b1..fd7d42a9d1b98 100644 Binary files a/docs/images/add_filter_operator.png and b/docs/images/add_filter_operator.png differ diff --git a/docs/images/add_filter_value.png b/docs/images/add_filter_value.png index 15eeab73943c6..d357c6e5a3013 100644 Binary files a/docs/images/add_filter_value.png and b/docs/images/add_filter_value.png differ diff --git a/docs/images/bar-terms-agg.jpg b/docs/images/bar-terms-agg.jpg deleted file mode 100644 index dc815cc0030b9..0000000000000 Binary files a/docs/images/bar-terms-agg.jpg and /dev/null differ diff --git a/docs/images/bar-terms-agg.png b/docs/images/bar-terms-agg.png new file mode 100644 index 0000000000000..b0b62b9e53213 Binary files /dev/null and b/docs/images/bar-terms-agg.png differ diff --git a/docs/images/bar-terms-subagg.jpg b/docs/images/bar-terms-subagg.jpg deleted file mode 100644 index 7c8e5e5c0be31..0000000000000 Binary files a/docs/images/bar-terms-subagg.jpg and /dev/null differ diff --git a/docs/images/bar-terms-subagg.png b/docs/images/bar-terms-subagg.png new file mode 100644 index 0000000000000..37cf5486eff1e Binary files /dev/null and b/docs/images/bar-terms-subagg.png differ diff --git a/docs/images/color-picker.png b/docs/images/color-picker.png index a1148d3f4b1df..ebfa49b5c0442 100644 Binary files a/docs/images/color-picker.png and b/docs/images/color-picker.png differ diff --git a/docs/images/edit_filter_query.png b/docs/images/edit_filter_query.png index 5a0612f17eaf9..367a2a8578b8b 100644 Binary files a/docs/images/edit_filter_query.png and b/docs/images/edit_filter_query.png differ diff --git a/docs/images/edit_filter_query_json.png b/docs/images/edit_filter_query_json.png index 242f4610e097f..0dfc3e8df8763 100644 Binary files a/docs/images/edit_filter_query_json.png and b/docs/images/edit_filter_query_json.png differ diff --git a/docs/images/filter-allbuttons.png b/docs/images/filter-allbuttons.png index 8bb86f53a5631..3d6951812daa7 100644 Binary files a/docs/images/filter-allbuttons.png and b/docs/images/filter-allbuttons.png differ diff --git a/docs/images/filter-custom.png b/docs/images/filter-custom.png deleted file mode 100644 index d871b4c52970b..0000000000000 Binary files a/docs/images/filter-custom.png and /dev/null differ diff --git a/docs/images/filter-delete.png b/docs/images/filter-delete.png deleted file mode 100644 index 13845303c491d..0000000000000 Binary files a/docs/images/filter-delete.png and /dev/null differ diff --git a/docs/images/filter-enable.png b/docs/images/filter-enable.png deleted file mode 100644 index 48d9bb3e1cb49..0000000000000 Binary files a/docs/images/filter-enable.png and /dev/null differ diff --git a/docs/images/filter-field.jpg b/docs/images/filter-field.jpg deleted file mode 100644 index 9b30e30df4638..0000000000000 Binary files a/docs/images/filter-field.jpg and /dev/null differ diff --git a/docs/images/filter-field.png b/docs/images/filter-field.png new file mode 100644 index 0000000000000..dd6ee72df93c9 Binary files /dev/null and b/docs/images/filter-field.png differ diff --git a/docs/images/filter-pin.png b/docs/images/filter-pin.png deleted file mode 100644 index 4f7eef0a3ae42..0000000000000 Binary files a/docs/images/filter-pin.png and /dev/null differ diff --git a/docs/images/filter-toggle.png b/docs/images/filter-toggle.png deleted file mode 100644 index 7f47a681c05b5..0000000000000 Binary files a/docs/images/filter-toggle.png and /dev/null differ diff --git a/docs/images/gauge.png b/docs/images/gauge.png new file mode 100644 index 0000000000000..b20d99f55268b Binary files /dev/null and b/docs/images/gauge.png differ diff --git a/docs/images/goal.png b/docs/images/goal.png new file mode 100644 index 0000000000000..04f16e8cd3e74 Binary files /dev/null and b/docs/images/goal.png differ diff --git a/docs/images/visualize-date-histogram-split-1.png b/docs/images/visualize-date-histogram-split-1.png new file mode 100644 index 0000000000000..3036d82a01759 Binary files /dev/null and b/docs/images/visualize-date-histogram-split-1.png differ diff --git a/docs/images/visualize-date-histogram-split-2.png b/docs/images/visualize-date-histogram-split-2.png new file mode 100644 index 0000000000000..4bc6e4b49c813 Binary files /dev/null and b/docs/images/visualize-date-histogram-split-2.png differ diff --git a/docs/images/visualize-date-histogram.png b/docs/images/visualize-date-histogram.png new file mode 100644 index 0000000000000..4380ea9703f12 Binary files /dev/null and b/docs/images/visualize-date-histogram.png differ diff --git a/docs/images/visualize-drag-reorder.png b/docs/images/visualize-drag-reorder.png new file mode 100644 index 0000000000000..a886a19c69f88 Binary files /dev/null and b/docs/images/visualize-drag-reorder.png differ diff --git a/docs/user/discover.asciidoc b/docs/user/discover.asciidoc index e37f08d0c2692..fa583918703f3 100644 --- a/docs/user/discover.asciidoc +++ b/docs/user/discover.asciidoc @@ -4,7 +4,7 @@ [partintro] -- *Discover* enables you to explore your data with {kib}'s data discovery functions. -You have access to every document in every index that matches the selected index pattern. +You have access to every document in every index that matches the selected <>. You can submit search queries, filter the search results, and view document data. You can also see the number of documents that match the search query and get field value statistics. If a time field is configured for the selected index pattern, the distribution of diff --git a/docs/user/visualize.asciidoc b/docs/user/visualize.asciidoc index ed74525d22e7c..e69d62daf7435 100644 --- a/docs/user/visualize.asciidoc +++ b/docs/user/visualize.asciidoc @@ -3,58 +3,49 @@ [partintro] -- -_Visualize_ enables you to create visualizations of the data in your -Elasticsearch indices. You can then build <> that -display related visualizations. +_Visualize_ enables you to create visualizations of the data from your Elasticsearch indices, which you can then add to dashboards for analysis. -Kibana visualizations are based on Elasticsearch queries. By using a -series of Elasticsearch {ref}/search-aggregations.html[aggregations] -to extract and process your data, you can create charts that show -you the trends, spikes, and dips you need to know about. +{kib} visualizations are based on Elasticsearch queries. By using a series of {es} {ref}/search-aggregations.html[aggregations] to extract and process your data, you can create charts that show you the trends, spikes, and dips you need to know about. -You can create visualizations from a search saved from <> -or start with a new search query. --- - -[[createvis]] -== Creating a Visualization +[float] +[[create-a-visualization]] +== Create visualizations -To create a visualization: - -. Click on *Visualize* in the side navigation. -. Click the *Create new visualization* button or the **+** button. +. Open *Visualize*. +. Click *Create new visualization*. . Choose the visualization type: - ++ * *Basic charts* -[horizontal] <>:: Quickly build several types of basic visualizations by simply dragging and dropping the data fields you want to display. -<>:: Compare different series in X/Y charts. -<>:: Shade cells within a matrix. -<>:: Display each source's contribution to a total. -* *Data* +* *<>* [horizontal] -<>:: Display the raw data of a composed aggregation. -<>:: Display a single number. -<>:: Display a gauge. -* *Maps* -[horizontal] -<>:: Associate the results of an aggregation with geographic locations. -<>:: Thematic maps where a shape's color intensity corresponds to a metric's value. -locations. -* *Time Series* +Line, area, and bar charts:: Compare different series in X/Y charts. +Pie chart:: Display each source contribution to a total. +Data table:: Flattens aggregations into table format. +Metric:: Display a single number. +Goal and gauge:: Display a number with progress indicators. +Heat maps:: Display shaded cells within a matrix. +Tag cloud:: Display words in a cloud, where the size of the word corresponds to its importance. +* *Time series optimized* [horizontal] +<>:: Visualize time series data using pipeline aggregations. <>:: Compute and combine data from multiple time series data sets. -<>:: Visualize time series data using pipeline aggregations. -* *Other* +* *Maps* +[horizontal] +<>:: The most powerful way of visualizing map data in {kib}. +<>:: Displays points on a map using a geohash aggregation. +<>:: Merge any structured map data onto a shape. +* *<>* +[horizontal] +<>:: Provides the ability to add interactive inputs to a Dashboard. +<>:: Display free-form information or instructions. +* *For developers* [horizontal] -<>:: Controls provide the ability to add interactive inputs to Kibana Dashboards. -<>:: Display free-form information or -instructions. -<>:: Display words as a cloud in which the size of the word correspond to its importance. -<>:: Support for user-defined graphs, external data sources, images, and user-defined interactivity. +<>:: Complete control over query and display. + . Specify a search query to retrieve the data for your visualization: -** To enter new search criteria, select the index pattern for the indices that +** To enter new search criteria, select the <> for the indices that contain the data you want to visualize. This opens the visualization builder with a wildcard query that matches all of the documents in the selected indices. @@ -67,110 +58,23 @@ modifications to the saved search are automatically reflected in the visualization. To disable automatic updates, you can disconnect a visualization from the saved search. -. In the visualization builder, choose the metric aggregation for the -visualization's Y axis: - -* *Metric Aggregations*: - -* {ref}/search-aggregations-metrics-valuecount-aggregation.html[count] -* {ref}/search-aggregations-metrics-avg-aggregation.html[average] -* {ref}/search-aggregations-metrics-sum-aggregation.html[sum] -* {ref}/search-aggregations-metrics-min-aggregation.html[min] -* {ref}/search-aggregations-metrics-max-aggregation.html[max] -* {ref}/search-aggregations-metrics-stats-aggregation.html[standard deviation] -* {ref}/search-aggregations-metrics-cardinality-aggregation.html[unique count] -* {ref}/search-aggregations-metrics-percentile-aggregation.html[median] (50th percentile) -* {ref}/search-aggregations-metrics-percentile-aggregation.html[percentiles] -* {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[percentile ranks] -* {ref}/search-aggregations-metrics-top-hits-aggregation.html[top hit] -* {ref}/search-aggregations-metrics-geocentroid-aggregation.html[geo centroid] - - -* *Parent Pipeline Aggregations*: - -* {ref}/search-aggregations-pipeline-derivative-aggregation.html[derivative] -* {ref}/search-aggregations-pipeline-cumulative-sum-aggregation.html[cumulative sum] -* {ref}/search-aggregations-pipeline-movavg-aggregation.html[moving average] -* {ref}/search-aggregations-pipeline-serialdiff-aggregation.html[serial diff] - - -* *Sibling Pipeline Aggregations*: - -* {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[average bucket] -* {ref}/search-aggregations-pipeline-sum-bucket-aggregation.html[sum bucket] -* {ref}/search-aggregations-pipeline-min-bucket-aggregation.html[min bucket] -* {ref}/search-aggregations-pipeline-max-bucket-aggregation.html[max bucket] - - -. For the visualizations X axis, select a bucket aggregation: -+ -* {ref}/search-aggregations-bucket-datehistogram-aggregation.html[date histogram] -* {ref}/search-aggregations-bucket-range-aggregation.html[range] -* {ref}/search-aggregations-bucket-terms-aggregation.html[terms] -* {ref}/search-aggregations-bucket-filters-aggregation.html[filters] -* {ref}/search-aggregations-bucket-significantterms-aggregation.html[significant terms] - -For example, if you're indexing Apache server logs, you could build bar chart -that shows the distribution of incoming requests by geographic location by -specifying a terms aggregation on the `geo.src` field: - -image::images/bar-terms-agg.jpg[] - -The y-axis shows the number of requests received from each country, and the -countries are displayed across the x-axis. - -Bar, line, or area chart visualizations use _metrics_ for the y-axis and -_buckets_ for the x-axis. Buckets are analogous to SQL `GROUP BY` -statements. Pie charts, use the metric for the slice size and the bucket -for the number of slices. - -You can further break down the data by specifying sub aggregations. The first -aggregation determines the data set for any subsequent aggregations. Sub -aggregations are applied in order--you can drag the aggregations to change the -order in which they're applied. - -For example, you could add a terms sub aggregation on the `geo.dest` field to -the Country of Origin bar chart to see the locations those requests were -targeting. - -image::images/bar-terms-subagg.jpg[] - -For more information about working with sub aggregations, see -https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana, -Aggregation Execution Order, and You]. - -include::{kib-repo-dir}/visualize/saving.asciidoc[] - +-- include::{kib-repo-dir}/visualize/visualize_rollup_data.asciidoc[] include::{kib-repo-dir}/visualize/lens.asciidoc[] -include::{kib-repo-dir}/visualize/xychart.asciidoc[] - -include::{kib-repo-dir}/visualize/controls.asciidoc[] - -include::{kib-repo-dir}/visualize/datatable.asciidoc[] +include::{kib-repo-dir}/visualize/most-frequent.asciidoc[] -include::{kib-repo-dir}/visualize/markdown.asciidoc[] - -include::{kib-repo-dir}/visualize/metric.asciidoc[] - -include::{kib-repo-dir}/visualize/goal.asciidoc[] - -include::{kib-repo-dir}/visualize/pie.asciidoc[] +include::{kib-repo-dir}/visualize/tsvb.asciidoc[] +include::{kib-repo-dir}/visualize/timelion.asciidoc[] include::{kib-repo-dir}/visualize/tilemap.asciidoc[] - include::{kib-repo-dir}/visualize/regionmap.asciidoc[] -include::{kib-repo-dir}/visualize/timelion.asciidoc[] - -include::{kib-repo-dir}/visualize/tsvb.asciidoc[] - -include::{kib-repo-dir}/visualize/tagcloud.asciidoc[] - -include::{kib-repo-dir}/visualize/heatmap.asciidoc[] +include::{kib-repo-dir}/visualize/for-dashboard.asciidoc[] include::{kib-repo-dir}/visualize/vega.asciidoc[] +include::{kib-repo-dir}/visualize/saving.asciidoc[] + include::{kib-repo-dir}/visualize/inspector.asciidoc[] diff --git a/docs/visualize/aggregations.asciidoc b/docs/visualize/aggregations.asciidoc new file mode 100644 index 0000000000000..36ddb0063dfc3 --- /dev/null +++ b/docs/visualize/aggregations.asciidoc @@ -0,0 +1,136 @@ +[[supported-aggregations]] +=== Supported aggregations + +The most frequently used visualizations support the following aggregations. + +[float] +[[visualize-metric-aggregations]] +==== Metric aggregations + +The *Count* metric lets you visualize the number of documents in a bucket. +If there are no bucket aggregations defined, this is the total number of documents that match the query. +It is the default selection. + +All other metric aggregations require a field selection, which will read from the indexed values. Alternatively, +you can override field values with a script using the <>. The +other metric aggregations are: + +{ref}/search-aggregations-metrics-avg-aggregation.html[Average]:: The mean value. +{ref}/search-aggregations-metrics-max-aggregation.html[Maximum]:: The highest value. +{ref}/search-aggregations-metrics-percentile-aggregation.html[Median]:: The value that is in the 50% percentile. +{ref}/search-aggregations-metrics-min-aggregation.html[Minimum]:: The lowest value. +{ref}/search-aggregations-metrics-sum-aggregation.html[Sum]:: The total value. + +Unique Count:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[Cardinality] of the field within the bucket. +Supports any data type. + +Standard Deviation:: Requires a numeric field. Uses the {ref}/search-aggregations-metrics-extendedstats-aggregation.html[_extended stats_] aggregation. + +{ref}/search-aggregations-metrics-top-hits-aggregation.html[Top Hit]:: Returns a sample of individual documents. When the Top Hit aggregation is matched to more than one document, you must choose a technique for combining the values. Techniques include average, minimum, maximum, and sum. + +{ref}/search-aggregations-metrics-percentile-aggregation.html[Percentiles]:: Divides the +values in a numeric field into specified percentile bands. Select a field from the drop-down, then specify one or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a percentile field. + +{ref}/search-aggregations-metrics-percentile-rank-aggregation.html[Percentile Rank]:: Returns the percentile rankings for the values in the specified numeric field. Select a numeric field from the drop-down, then specify one or more percentile rank values in the *Values* fields. Click the *X* to remove a values field. Click *+Add* to add a values field. + +[float] +[[visualize-sibling-pipeline-aggregations]] +==== Sibling pipeline aggregations + +For each of the sibling pipeline aggregations you have to define a bucket and metric to calculate. This +has the effect of condensing many buckets into one number. + +{ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[Average Bucket]:: Calculates the mean, or average, value of a specified metric in a sibling aggregation. + +{ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[Sum Bucket]:: Calculates the sum of the values of a specified metric in a sibling aggregation. + +{ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[Min Bucket]:: Calculates the minimum value of a specified metric in a sibling aggregation. + +{ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[Max Bucket]:: Calculates the maximum value of a specified metric in a sibling aggregation. + +[float] +[[visualize-bucket-aggregations]] +==== Bucket aggregations + +{ref}/search-aggregations-bucket-datehistogram-aggregation.html[Date Histogram]:: Splits a date field into buckets by interval. If the date field is the primary time field for the index pattern, it will pick an automatic interval for you. You can also choose a minimum time interval, or specify a custom interval frame by selecting *Custom* as the interval and +specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes, +*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision, +down to one millisecond. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch.For example, the tooltip for a monthly interval will show the first day of the month. + +{ref}/search-aggregations-bucket-histogram-aggregation.html[Histogram]:: Builds from a numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty intervals in the histogram. + +{ref}/search-aggregations-bucket-range-aggregation.html[Range]:: Specify ranges of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove a range. + +{ref}/search-aggregations-bucket-daterange-aggregation.html[Date Range]:: Reports values that are within a range of dates that you specify. You can specify the ranges for the dates using {ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints. +Click the red *(x)* symbol to remove a range. + +{ref}/search-aggregations-bucket-iprange-aggregation.html[IPv4 Range]:: Specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove a range. + +*Filters*:: Each filter creates a bucket of documents. You can specify a filter as a +<> or <> query string. Click *Add Filter* to +add another filter. Click the image:images/labelbutton.png[Label button icon] *label* button to open the label field, where +you can type in a name to display on the visualization. + +{ref}/search-aggregations-bucket-terms-aggregation.html[Terms]:: Specify the top or bottom _n_ elements of a given field to display, ordered by count or a custom metric. + +{ref}/search-aggregations-bucket-significantterms-aggregation.html[Significant Terms]:: Returns interesting or unusual occurrences of terms in a set. + +Both Terms and Significant Terms support {es} {ref}/search-aggregations-bucket-terms-aggregation.html#_filtering_values_4[exclude and include patterns] which +are available by clicking *Advanced* after selecting a field. + +Kibana only supports filtering string fields with regular expression patterns, it does not support matching with arrays or filtering numeric fields. +Patterns are case sensitive. + +Example: + +* You want to exclude the metricbeat process from your visualization of top processes: `metricbeat.*` +* You only want to show processes collecting beats: `.*beat` +* You want to exclude two specific values, the string `"empty"` and `"none"`: `empty|none` + +*Geo aggregations* + +These are only supported by the tile map and table visualizations: + +{ref}/search-aggregations-bucket-geohashgrid-aggregation.html[Geohash]:: Displays points based on a geohash. + +{ref}/search-aggregations-bucket-geotilegrid-aggregation.html[Geotile]:: Groups points based on web map tiling. + + +[float] +[[visualize-parent-pipeline-aggregations]] +==== Parent pipeline aggregations + +For each of the parent pipeline aggregations you have to define a bucket and metric to calculate. These +metrics expect the buckets to be ordered, and are especially useful for time series data. +You can also nest these aggregations. For example, if you want to produce a third derivative. + +These visualizations support parent pipeline aggregations: + +* Line, Area and Bar charts +* Data table + +{ref}/search-aggregations-pipeline-derivative-aggregation.html[Derivative]:: Calculates the derivative of specific metrics. + +{ref}/search-aggregations-pipeline-cumulative-sum-aggregation.html[Cumulative Sum]:: Calculates the cumulative sum of a specified metric in a parent histogram. + +{ref}/search-aggregations-pipeline-movavg-aggregation.html[Moving Average]:: Slides a window across the data and emits the average value of the window. + +{ref}/search-aggregations-pipeline-serialdiff-aggregation.html[Serial Diff]:: Values in a time series are subtracted from itself at different time lags or periods. + +Custom {kib} plugins can <>, which includes support for adding more aggregations. + +[float] +[[visualize-advanced-aggregation-options]] +==== Advanced aggregation options + +*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation +definition, as in the following example: + +[source,shell] +{ "script" : "doc['grade'].value * 1.2" } + +This example implements a {es} {ref}/search-aggregations.html[Script Value Source] which replaces +the value in the metric. The availability of these options varies depending on the aggregation +you choose. + +When multiple bucket aggregations are defined, you can use the drag target on each aggregation to change the priority. For more information about working with aggregation order, see https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana, Aggregation Execution Order, and You]. diff --git a/docs/visualize/datatable.asciidoc b/docs/visualize/datatable.asciidoc deleted file mode 100644 index 7a65b8cdb5fab..0000000000000 --- a/docs/visualize/datatable.asciidoc +++ /dev/null @@ -1,75 +0,0 @@ -[[data-table]] -== Data Table - -include::y-axis-aggs.asciidoc[] - -The rows of the data table are called _buckets_. You can define buckets to split the table into rows or to split -the table into additional tables. - -Each bucket type supports the following aggregations: - -*Date Histogram*:: A {ref}/search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a -numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days, -weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and -specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes, -*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision, -down to one second. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch. -For example, the tooltip for a monthly interval will show the first day of the month. -*Histogram*:: A standard {ref}/search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a -numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty -intervals in the histogram. -*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges -of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove -a range. -*Date Range*:: A {ref}/search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values -that are within a range of dates that you specify. You can specify the ranges for the dates using -{ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints. -Click the red *(/)* symbol to remove a range. -*IPv4 Range*:: The {ref}/search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to -specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to -remove a range. -*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top -or bottom _n_ elements of a given field to display, ordered by count or a custom metric. -*Filters*:: You can specify a set of {ref}/search-aggregations-bucket-filters-aggregation.html[_filters_] for the data. -You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to -add another filter. Click the image:images/labelbutton.png[] *label* button to open the label field, where you can type -in a name to display on the visualization. -*Significant Terms*:: Displays the results of the experimental -{ref}/search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. The value of the -*Size* parameter defines the number of entries this aggregation returns. -*Geohash*:: The {ref}/search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation displays points -based on the geohash coordinates. - -Once you've specified a bucket type aggregation, you can define sub-buckets to refine the visualization. Click -*+ Add sub-buckets* to define a sub-bucket, then choose *Split Rows* or *Split Table*, then select an -aggregation from the list of types. - -You can use the up or down arrows to the right of the aggregation's type to change the aggregation's priority. - -Enter a string in the *Custom Label* field to change the display label. - -You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation: - -*Exclude Pattern*:: Specify a pattern in this field to exclude from the results. -*Include Pattern*:: Specify a pattern in this field to include in the results. -*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation -definition, as in the following example: - -[source,shell] -{ "script" : "doc['grade'].value * 1.2" } - -NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable -{ref}/modules-scripting.html[dynamic Groovy scripting]. - -The availability of these options varies depending on the aggregation you choose. - -Select the *Options* tab to change the following aspects of the table: - -*Per Page*:: This field controls the pagination of the table. The default value is ten rows per page. -*Show metrics for every bucket/level*:: Check this box to display the intermediate results for each bucket aggregation. -*Show partial rows*:: Check this box to display a row even when there is no result. -*Show total*:: Check this box to display a row at the bottom of the table with each column's total value. -*Total function*:: This field controls the function used to calculate totals that you can toggle with the **Show total** checkbox. -*Percentage column*:: Select a column to add a percentage based column on the same data. - -NOTE: Enabling these behaviors may have a substantial effect on performance. diff --git a/docs/visualize/controls.asciidoc b/docs/visualize/for-dashboard.asciidoc similarity index 78% rename from docs/visualize/controls.asciidoc rename to docs/visualize/for-dashboard.asciidoc index f138044d788ef..a197998ecdc9d 100644 --- a/docs/visualize/controls.asciidoc +++ b/docs/visualize/for-dashboard.asciidoc @@ -1,17 +1,36 @@ +[[for-dashboard]] +== Markdown and controls + +[float] +[[markdown-widget]] +=== Markdown widget + +The Markdown widget is a text entry field that accepts GitHub-flavored Markdown text. Kibana renders the text you enter +in this field and displays the results on the dashboard. You can click the *Help* link to go to the +https://help.github.com/articles/github-flavored-markdown/[help page] for GitHub flavored Markdown. From the widget +you can: + +* Click *Apply* to display the rendered text in the Preview panel +* Click *Discard* to revert to a previously saved version + + +[float] [[controls]] -== Controls Visualization +=== Controls widget experimental[] +The Controls widget enables you to add interactive inputs +to a dashboard. You can create two types of inputs: -The Controls visualization enables you to add interactive inputs -to Kibana dashboards. You can create two types of inputs: -a dropdown menu and a radio slider. +* Dropdown menu +* Radio slider [role="screenshot"] image::images/controls/controls_in_dashboard.png[] +[float] [[add-input-controls]] -=== Adding Input Controls +=== Add input controls To start a *Controls* visualization, open the Visualization application and click the *+* button. Scroll to the *Others* section and @@ -20,6 +39,7 @@ select *Controls*. In the visualization builder, choose the type of control to add to your visualization. +[float] ==== Dropdown menu A dropdown menu allows users to filter content by selecting @@ -49,6 +69,7 @@ creating multiple dropdown menus. *Size*:: The number of options to include in the list. +[float] ==== Range slider A range sliders allow users to filter content within a range of numbers. @@ -73,8 +94,9 @@ specified index pattern. *Decimal Places*:: The number of decimal places. +[float] [[global-options]] -=== Global Options +=== Global options Open the *Options* tab to configure settings that apply to all input controls in a Controls visualization. diff --git a/docs/visualize/goal.asciidoc b/docs/visualize/goal.asciidoc deleted file mode 100644 index a725494117bd1..0000000000000 --- a/docs/visualize/goal.asciidoc +++ /dev/null @@ -1,38 +0,0 @@ -[[goal-chart]] -== Goal and Gauge - -A goal visualization displays how your metric progresses toward a fixed goal. A gauge visualization displays in which -predefined range falls your metric. - -include::y-axis-aggs.asciidoc[] - -Open the *Advanced* link to display more customization options: - -*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation -definition, as in the following example: - -[source,shell] -{ "script" : "doc['grade'].value * 1.2" } - -NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable -{ref}/modules-scripting.html[dynamic Groovy scripting]. - -The availability of these options varies depending on the aggregation you choose. - -Click the *Options* tab to change the following options: - -* *Gauge Type* select between arc, circle and metric display type. -* *Percentage Mode* will show all values as percentages -* *Vertical Split* will put the gauges one under another instead of one next to another -* *Show Labels* selects whether you want to show or hide the labels -* *Sub Text* text for the label that appears below the value -* *Auto Extend Range* automatically grows the gauge if value is over its extents. -* *Ranges* you can add custom ranges. Each range will get assigned a color. If value falls within that range it will get -assigned that color. -** A chart with a single range is called a *goal* chart. -** A chart with multiple ranges is called a *gauge* chart. Gauge charts are initialized with a predefined set of ranges. Adjust the ranges to fit the need of your data set and use case. -** *Caution:* Field formatters can be applied to the displayed value causing the range values and the displayed values to be different. For example: The _bytes_ field formatter applied to the Metrics field will have displayed values like "30MB". The raw value is really closer to 30,000,000. You will need to set your range values to the raw value and not the formatted value. -* *Color Options* define how to color your ranges (which color schema to use). Color options are only visible if more than -one range is defined. -* *Style - Show Scale* shows or hides the scale -* *Style - Color Labels* whether the labels should have the same color as the range where the value falls in diff --git a/docs/visualize/heatmap.asciidoc b/docs/visualize/heatmap.asciidoc deleted file mode 100644 index a8fd71a160d32..0000000000000 --- a/docs/visualize/heatmap.asciidoc +++ /dev/null @@ -1,81 +0,0 @@ -[[heatmap-chart]] -== Heatmap Chart - -A heat map is a graphical representation of data where the individual values contained in a matrix are represented as colors. -The color for each matrix position is determined by the _metrics_ aggregation. The following aggregations are available for -this chart: - -include::y-axis-aggs.asciidoc[] - -The _buckets_ aggregations determine what information is being retrieved from your data set. - -Before you choose a buckets aggregation, specify if you are defining buckets for X or Y axis within a single chart -or splitting into multiple charts. A multiple chart split must run before any other aggregations. -When you split a chart, you can change if the splits are displayed in a row or a column by clicking -the *Rows | Columns* selector. - -This chart's X and Y axis supports the following aggregations. Click the linked name of each aggregation to visit the main -Elasticsearch documentation for that aggregation. - -*Date Histogram*:: A {ref}/search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a -numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days, -weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and -specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes, -*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision, -down to one second. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch. -For example, the tooltip for a monthly interval will show the first day of the month. - -*Histogram*:: A standard {ref}/search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a -numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty -intervals in the histogram. -*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges -of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove -a range. -*Date Range*:: A {ref}/search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values -that are within a range of dates that you specify. You can specify the ranges for the dates using -{ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints. -Click the red *(x)* symbol to remove a range. -*IPv4 Range*:: The {ref}/search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to -specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to -remove a range. -*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top -or bottom _n_ elements of a given field to display, ordered by count or a custom metric. -*Filters*:: You can specify a set of {ref}/search-aggregations-bucket-filters-aggregation.html[_filters_] for the data. -You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to -add another filter. Click the image:images/labelbutton.png[Label button icon] *label* button to open the label field, where -you can type in a name to display on the visualization. -*Significant Terms*:: Displays the results of the experimental -{ref}/search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. - -Enter a string in the *Custom Label* field to change the display label. - -You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation: - -*Exclude Pattern*:: Specify a pattern in this field to exclude from the results. -*Include Pattern*:: Specify a pattern in this field to include in the results. -*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation -definition, as in the following example: - -[source,shell] -{ "script" : "doc['grade'].value * 1.2" } - -The availability of these options varies depending on the aggregation you choose. - -Select the *Options* tab to change the following aspects of the chart: - -*Show Tooltips*:: Check this box to enable the display of tooltips. -*Highlight*:: Check this box to enable highlighting of elements with same label -*Legend Position*:: You can select where to display the legend (top, left, right, bottom) - - -*Color Schema*:: You can select an existing color schema or go for custom and define your own colors in the legend -*Reverse Color Schema*:: Checking this checkbox will reverse the color schema. -*Color Scale*:: You can switch between linear, log and sqrt scales for color scale. -*Scale to Data Bounds*:: The default Y axis bounds are zero and the maximum value returned in the data. Check -this box to change both upper and lower bounds to match the values returned in the data. -*Number of Colors*:: Number of color buckets to create. Minimum is 2 and maximum is 10. -*Percentage Mode*:: Enabling this will show legend values as percentages. -*Custom Range*:: You can define custom ranges for your color buckets. For each of the color bucket you need to specify -the minimum value (inclusive) and the maximum value (exclusive) of a range. -*Show Label*:: Enables showing labels with cell values in each cell - *Rotate*:: Allows rotating the cell value label by 90 degrees. diff --git a/docs/visualize/inspector.asciidoc b/docs/visualize/inspector.asciidoc index 923d9e601e876..ed98daea211e1 100644 --- a/docs/visualize/inspector.asciidoc +++ b/docs/visualize/inspector.asciidoc @@ -1,19 +1,11 @@ [[vis-inspector]] -== Inspecting Visualizations +== Inspect visualizations -Many visualizations allow you to inspect the data behind the -visualization. +Many visualizations allow you to inspect the query and data behind the visualization. -To inspect a visualization, click the *Inspect* button in the editor or -select *Inspect* from the Dashboard panel menu. - -The initial view shows the underlying data for the visualization. You can -download the data as a comma separated values (CSV) file in -*Formatted* or *Raw* format. Formatted downloads the data in table format. -Raw downloads the data as provided -- dates are timestamps, numbers don’t have -thousand separators, and so on. - -To view the requests that collected the data, select *Requests* from the *View* -menu in the upper right. - -Which views are available depends on the inspected visualization. +. In the {kib} toolbar, click *Inspect*. +. To download the data, click *Download CSV*, then choose one of the following options: +* *Formatted CSV* - Downloads the data in table format. +* *Raw CSV* - Downloads the data as provided. +. To view the data collection requests, select *Requests* from the *View* +dropdown. diff --git a/docs/visualize/markdown.asciidoc b/docs/visualize/markdown.asciidoc deleted file mode 100644 index e4542c8cdd2dd..0000000000000 --- a/docs/visualize/markdown.asciidoc +++ /dev/null @@ -1,7 +0,0 @@ -[[markdown-widget]] -== Markdown Widget - -The Markdown widget is a text entry field that accepts GitHub-flavored Markdown text. Kibana renders the text you enter -in this field and displays the results on the dashboard. You can click the *Help* link to go to the -https://help.github.com/articles/github-flavored-markdown/[help page] for GitHub flavored Markdown. Click *Apply* to -display the rendered text in the Preview pane or *Discard* to revert to a previous version. diff --git a/docs/visualize/metric.asciidoc b/docs/visualize/metric.asciidoc index 4cb29555eea77..9cbc4a0f7a550 100644 --- a/docs/visualize/metric.asciidoc +++ b/docs/visualize/metric.asciidoc @@ -1,21 +1,4 @@ [[metric-chart]] -== Metric - -A metric visualization displays a single number for each aggregation you select: - -include::y-axis-aggs.asciidoc[] - -You can click the *Advanced* link to display more customization options: - -*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation -definition, as in the following example: - -[source,shell] -{ "script" : "doc['grade'].value * 1.2" } - -NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable -{ref}/modules-scripting.html[dynamic Groovy scripting]. - -The availability of these options varies depending on the aggregation you choose. +=== Metric Click the *Options* tab to display the font size slider. diff --git a/docs/visualize/most-frequent.asciidoc b/docs/visualize/most-frequent.asciidoc new file mode 100644 index 0000000000000..7452f1c4c3d7e --- /dev/null +++ b/docs/visualize/most-frequent.asciidoc @@ -0,0 +1,63 @@ +[[most-frequent]] +== Most frequently used visualizations + +The most frequently used visualizations allow you to plot aggregated data from a <> or <>. They all support a single level of +Elasticsearch {es} {ref}/search-aggregations-metrics.html[metric] aggregations, and one or more +levels of {es} {ref}/search-aggregations-bucket.html[bucket] aggregations. + +The most frequently used visualizations include: + +* Line, Area and Bar charts +* Pie charts +* Data table +* Metric visualization +* Goal and Gauge visualization +* Heat maps +* Tag cloud + +[float] +=== Configure your visualization + +You configure visualizations using the default editor, which is broken into *Metrics* and *Buckets*, and includes a default count +metric. Each visualization supports different configurations for what the metrics and buckets +represent. For example, a Bar chart allows you to add an X-axis: + +[role="screenshot"] +image::images/add-bucket.png["",height=478] + +A common configuration for the X-axis is to use a {es} {ref}/search-aggregations-bucket-datehistogram-aggregation.html[date histogram] aggregation: + +[role="screenshot"] +image::images/visualize-date-histogram.png[] + +To see your changes, click *Apply changes* image:images/apply-changes-button.png[] + +If it's supported by the visualization, you can add more buckets. In this example we have +added a +{es} {ref}/search-aggregations-bucket-terms-aggregation.html[terms] aggregation on the field +`geo.src` to show the top 5 sources of log traffic. + +[role="screenshot"] +image::images/visualize-date-histogram-split-1.png[] + +The new aggregation is added after the first one, so the result shows +the top 5 sources of traffic per 3 hours. If you want to change the aggregation order, you can do +so by dragging: + +[role="screenshot"] +image::images/visualize-drag-reorder.png["",width=366] + +The visualization +now shows the top 5 sources of traffic overall, and compares them in 3 hour increments: + +[role="screenshot"] +image::images/visualize-date-histogram-split-2.png[] + +For more information about how aggregations are used in visualizations, see <>. + +Each visualization also has its own customization options. Most visualizations allow you to customize the color of a specific series: + +[role="screenshot"] +image::images/color-picker.png[An array of color dots that users can select,height=267] + +include::aggregations.asciidoc[] diff --git a/docs/visualize/pie.asciidoc b/docs/visualize/pie.asciidoc deleted file mode 100644 index edaf97291cf4c..0000000000000 --- a/docs/visualize/pie.asciidoc +++ /dev/null @@ -1,86 +0,0 @@ -[[pie-chart]] -== Pie Charts - -The slice size of a pie chart is determined by the _metrics_ aggregation. The following aggregations are available for -this axis: - -*Count*:: The {ref}/search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of -the elements in the selected index pattern. -*Sum*:: The {ref}/search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric -field. Select a field from the drop-down. -*Unique Count*:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns -the number of unique values in a field. Select a field from the drop-down. - -Enter a string in the *Custom Label* field to change the display label. - -The _buckets_ aggregations determine what information is being retrieved from your data set. - -Before you choose a buckets aggregation, specify if you are splitting slices within a single chart or splitting into -multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change -if the splits are displayed in a row or a column by clicking the *Rows | Columns* selector. - -You can specify any of the following bucket aggregations for your pie chart: - -*Date Histogram*:: A {ref}/search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a -numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days, -weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and -specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes, -*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision, -down to one second. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch. -For example, the tooltip for a monthly interval will show the first day of the month. -*Histogram*:: A standard {ref}/search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a -numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty -intervals in the histogram. -*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges -of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove -a range. -*Date Range*:: A {ref}/search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values -that are within a range of dates that you specify. You can specify the ranges for the dates using -{ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints. -Click the red *(/)* symbol to remove a range. -*IPv4 Range*:: The {ref}/search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to -specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to -remove a range. -*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top -or bottom _n_ elements of a given field to display, ordered by count or a custom metric. -*Filters*:: You can specify a set of {ref}/search-aggregations-bucket-filters-aggregation.html[_filters_] for the data. -You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to -add another filter. Click the image:images/labelbutton.png[] *label* button to open the label field, where you can type -in a name to display on the visualization. -*Significant Terms*:: Displays the results of the experimental -{ref}/search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. The value of the -*Size* parameter defines the number of entries this aggregation returns. - -After defining an initial bucket aggregation, you can define sub-buckets to refine the visualization. Click *+ Add -sub-buckets* to define a sub-aggregation, then choose *Split Slices* to select a sub-bucket from the list of -types. - -When multiple aggregations are defined on a chart's axis, you can use the up or down arrows to the right of the -aggregation's type to change the aggregation's priority. - -include::color-picker.asciidoc[] - -Enter a string in the *Custom Label* field to change the display label. - -You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation: - -*Exclude Pattern*:: Specify a pattern in this field to exclude from the results. -*Include Pattern*:: Specify a pattern in this field to include in the results. -*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation -definition, as in the following example: - -[source,shell] -{ "script" : "doc['grade'].value * 1.2" } - -NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable -{ref}/modules-scripting.html[dynamic Groovy scripting]. - -The availability of these options varies depending on the aggregation you choose. - -Select the *Options* tab to change the following aspects of the table: - -*Donut*:: Display the chart as a sliced ring instead of a sliced pie. -*Show Tooltip*:: Check this box to enable the display of tooltips. - -After changing options, click the *Apply changes* button to update your visualization, or the grey *Discard -changes* button to keep your visualization in its current state. diff --git a/docs/visualize/saving.asciidoc b/docs/visualize/saving.asciidoc index 855555794a6f0..e3330446bfad1 100644 --- a/docs/visualize/saving.asciidoc +++ b/docs/visualize/saving.asciidoc @@ -1,24 +1,19 @@ [[save-visualize]] -== Saving Visualizations -Saving visualizations enables you to reload them in Visualize and use them in -<>. +== Save visualizations +To use your visualizations in <>, you must save them. -[float] -[[visualize-read-only-access]] -=== [xpack]#Read only access# -When you have insufficient privileges to save visualizations, the following indicator in Kibana will be -displayed and the *Save* button won't be visible. For more information on granting access to -Kibana see <>. +. In the {kib} toolbar, click *Save*. +. Enter the visualization *Title* and optional *Description*, then *Save* the visualization. -[role="screenshot"] -image::visualize/images/read-only-badge.png[Example of Visualize's read only access indicator in Kibana's header] +To access the saved visualization, go to *Management > {kib} > Saved Objects*. [float] -[[saving-a-visualization]] -=== Saving a Visualization -To save the current visualization: +[[save-visualization-read-only-access]] +==== Read only access +When you have insufficient privileges to save visualizations, the following indicator is +displayed and the *Save* button is not visible. -. Click *Save* in the Kibana toolbar. -. Enter a name for the visualization and click *Save*. +[role="screenshot"] +image::visualize/images/read-only-badge.png[Example of Visualize's read only access indicator in Kibana's header] -You can import, export and delete saved visualizations from *Management/Kibana/Saved Objects*. +For more information, see <>. diff --git a/docs/visualize/tagcloud.asciidoc b/docs/visualize/tagcloud.asciidoc deleted file mode 100644 index 04aef6af9df7c..0000000000000 --- a/docs/visualize/tagcloud.asciidoc +++ /dev/null @@ -1,41 +0,0 @@ -[[tagcloud-chart]] -== Tag Clouds - -A tag cloud visualization is a visual representation of text data, typically used to visualize free form text. -Tags are usually single words, and the importance of each tag is shown with font size or color. - -The font size for each word is determined by the _metrics_ aggregation. The following aggregations are available for -this chart: - -include::y-axis-aggs.asciidoc[] - - -The _buckets_ aggregations determine what information is being retrieved from your data set. - -Before you choose a buckets aggregation, select the *Split Tags* option. - -You can specify the following bucket aggregations for tag cloud visualization: - -*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top -or bottom _n_ elements of a given field to display, ordered by count or a custom metric. - -You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation: - -*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation -definition, as in the following example: - -[source,shell] -{ "script" : "doc['grade'].value * 1.2" } - -NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable -{ref}/modules-scripting.html[dynamic Groovy scripting]. - - -Select the *Options* tab to change the following aspects of the chart: - -*Text Scale*:: You can select *linear*, *log*, or *square root* scales for the text scale. You can use a log -scale to display data that varies exponentially or a square root scale to -regularize the display of data sets with variabilities that are themselves highly variable. -*Orientation*:: You can select how to orientate your text in the tag cloud. You can choose one of the following options: -Single, right angles and multiple. -*Font Size*:: Allows you to set minimum and maximum font size to use for this visualization. diff --git a/docs/visualize/tilemap.asciidoc b/docs/visualize/tilemap.asciidoc index 0e89704b8ba0b..a4d995982bdc7 100644 --- a/docs/visualize/tilemap.asciidoc +++ b/docs/visualize/tilemap.asciidoc @@ -44,7 +44,7 @@ Enter a string in the *Custom Label* field to change the display label. Coordinate maps use the {ref}/search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation. Select a field, typically coordinates, from the drop-down. -- The_Change precision on map zoom_ box is checked by default. Uncheck the box to disable this behavior. +- The _Change precision on map zoom_ box is checked by default. Uncheck the box to disable this behavior. The _Precision_ slider determines the granularity of the results displayed on the map. See the documentation for the {ref}/search-aggregations-bucket-geohashgrid-aggregation.html#_cell_dimensions_at_the_equator[geohash grid] aggregation for details on the area specified by each precision level. @@ -59,25 +59,9 @@ of the geohash grid cell. Leaving this checked generally results in a more accur Enter a string in the *Custom Label* field to change the display label. -You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation: - -*Exclude Pattern*:: Specify a pattern in this field to exclude from the results. -*Include Pattern*:: Specify a pattern in this field to include in the results. -*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation -definition, as in the following example: - -[source,shell] -{ "script" : "doc['grade'].value * 1.2" } - -NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable -{ref}/modules-scripting.html[dynamic Groovy scripting]. - -The availability of these options varies depending on the aggregation you choose. - [float] ==== Options - *Map type*:: Select one of the following options from the drop-down. *_Scaled Circle Markers_*:: Scale the size of the markers based on the metric aggregation's value. *_Shaded Circle Markers_*:: Displays the markers with different shades based on the metric aggregation's value. diff --git a/docs/visualize/visualize_rollup_data.asciidoc b/docs/visualize/visualize_rollup_data.asciidoc index c2707e2d67102..110533589cab9 100644 --- a/docs/visualize/visualize_rollup_data.asciidoc +++ b/docs/visualize/visualize_rollup_data.asciidoc @@ -1,33 +1,33 @@ [role="xpack"] [[visualize-rollup-data]] -== Using rolled up data in a visualization +== Use rolled up data in a visualization beta[] -You can visualize your rolled up data in a variety of charts, tables, maps, and -more. Most visualizations support rolled up data, with the exception of -Timelion, TSVB, and Vega visualizations. +You can visualize your rolled up data in a variety of charts, tables, maps, and +more. Most visualizations support rolled up data, with the exception of +Timelion, TSVB, and Vega visualizations. -To get started, go to *Management > Kibana > Index patterns.* -If a rollup index is detected in the cluster, *Create index pattern* -includes an item for creating a rollup index pattern. +To get started, go to *Management > Kibana > Index patterns.* +If a rollup index is detected in the cluster, *Create index pattern* +includes an item for creating a rollup index pattern. [role="screenshot"] image::images/management_create_rollup_menu.png[Create index pattern menu] -You can match an index pattern to only rolled up data, or mix both rolled up -and raw data to visualize all data together. An index pattern can match only one -rolled up index, not multiple. There is no restriction on the number of standard -indices that an index pattern can match. When matching multiple indices, -use a comma to separate the names, with no space after the comma. +You can match an index pattern to only rolled up data, or mix both rolled up +and raw data to visualize all data together. An index pattern can match only one +rolled up index, not multiple. There is no restriction on the number of standard +indices that an index pattern can match. When matching multiple indices, +use a comma to separate the names, with no space after the comma. Keep the following in mind when creating a visualization from rolled up data: -* The data in a rollup index only has summarized metrics for specific fields. -You can’t search any other field from the original raw data. -* Data is summarized into time buckets that might be split into sub buckets for -numeric field values or terms. You can ask for a time aggregation that takes -several time buckets and combines them to lower granularity. For example, +* The data in a rollup index only has summarized metrics for specific fields. +You can’t search any other field from the original raw data. +* Data is summarized into time buckets that might be split into sub buckets for +numeric field values or terms. You can ask for a time aggregation that takes +several time buckets and combines them to lower granularity. For example, if the rollup job was aggregated by hours, you can ask for buckets of days. The following visualization of rolled up data shows the date histogram @@ -36,9 +36,8 @@ interval multiple and the limited metrics aggregations. [role="screenshot"] image::images/management_rollups_visualization.png[][Rollups in visualizations] -Dashboards can have a mixture of rollup visualizations and regular visualizations, +Dashboards can have a mixture of rollup visualizations and regular visualizations, as shown in the following figure. Note that not all queries and filters support rollups. [role="screenshot"] image::images/management_rolled_dashboard.png[][Rollups in dashboards] - diff --git a/docs/visualize/x-axis-aggs.asciidoc b/docs/visualize/x-axis-aggs.asciidoc deleted file mode 100644 index 7d55ed1a98e7f..0000000000000 --- a/docs/visualize/x-axis-aggs.asciidoc +++ /dev/null @@ -1,44 +0,0 @@ -The X axis of this chart is the _buckets_ axis. You can define buckets for the X axis, for a split area on the -chart, or for split charts. - -This chart's X axis supports the following aggregations. Click the linked name of each aggregation to visit the main -Elasticsearch documentation for that aggregation. - -*Date Histogram*:: A {ref}/search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a -numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days, -weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and -specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes, -*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision, -down to one second. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch. -For example, the tooltip for a monthly interval will show the first day of the month. - -*Histogram*:: A standard {ref}/search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a -numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty -intervals in the histogram. -*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges -of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove -a range. -*Date Range*:: A {ref}/search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values -that are within a range of dates that you specify. You can specify the ranges for the dates using -{ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints. -Click the red *(x)* symbol to remove a range. -*IPv4 Range*:: The {ref}/search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to -specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to -remove a range. -*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top -or bottom _n_ elements of a given field to display, ordered by count or a custom metric. -*Filters*:: You can specify a set of {ref}/search-aggregations-bucket-filters-aggregation.html[_filters_] for the data. -You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to -add another filter. Click the image:images/labelbutton.png[Label button icon] *label* button to open the label field, where -you can type in a name to display on the visualization. -*Significant Terms*:: Displays the results of the experimental -{ref}/search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. - -Once you've specified an X axis aggregation, you can define sub-aggregations to refine the visualization. Click *+ Add -Sub Aggregation* to define a sub-aggregation, then choose *Split Area* or *Split Chart*, then select a sub-aggregation -from the list of types. - -When multiple aggregations are defined on a chart's axis, you can use the up or down arrows to the right of the -aggregation's type to change the aggregation's priority. - -Enter a string in the *Custom Label* field to change the display label. diff --git a/docs/visualize/xychart.asciidoc b/docs/visualize/xychart.asciidoc deleted file mode 100644 index 816efdef5b0b4..0000000000000 --- a/docs/visualize/xychart.asciidoc +++ /dev/null @@ -1,99 +0,0 @@ -[[xy-chart]] -== Line, Area, and Bar charts -Line, Area, and Bar charts allow you to plot your data on X/Y axis. - -First you need to select your _metrics_ which define Value axis. - -include::y-axis-aggs.asciidoc[] - -The _buckets_ aggregations determine what information is being retrieved from your data set. - -Before you choose a buckets aggregation, specify if you are splitting slices within a single chart or splitting into -multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change -if the splits are displayed in a row or a column by clicking the *Rows | Columns* selector. - -include::x-axis-aggs.asciidoc[] - -include::color-picker.asciidoc[] - -Enter a string in the *Custom Label* field to change the display label. - -You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation: - -*Exclude Pattern*:: Specify a pattern in this field to exclude from the results. -*Include Pattern*:: Specify a pattern in this field to include in the results. -*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation -definition, as in the following example: - -[source,shell] -{ "script" : "doc['grade'].value * 1.2" } - -NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable -{ref}/modules-scripting.html[dynamic Groovy scripting]. - -The availability of these options varies depending on the aggregation you choose. - -[float] -[[metrics-axes]] -=== Metrics & Axes - -Select the *Metrics & Axes* tab to change the way each individual metric is shown on the chart. -The data series are styled in the _Metrics_ section, while the axes are styled in the X and Y axis sections. - -[float] -==== Metrics -Modify how each metric from the Data panel is visualized on the chart. - -*Chart type*:: Choose between *Area*, *Line*, and *Bar* types. -*Mode*:: stack the different metrics, or plot them next to each other -*Value Axis*:: choose the axis you want to plot this data too (the properties of each are configured under Y-axes). -*Line mode*:: should the outline of lines or bars appear *smooth*, *straight*, or *stepped*. - -[float] -==== Y-axis - -Style all the Y-axes of the chart. - -*Position*:: position of the Y-axis (*left* or *right* for vertical charts, and *top* or *bottom* for horizontal charts). -*Scale type*:: scaling of the values (*linear*, *log*, or *square root*) -*Advanced Options*:: -*Labels - Show Labels*:::: Allows you to hide axis labels -*Labels - Filter Labels*:::: If filter labels is enabled some labels will be hidden in case there is not enough space to display them -*Labels - Rotate*:::: You can enter the number in degrees for how much you want to rotate labels -*Labels - Truncate*:::: You can enter the size in pixels to which the label is truncated -*Scale to Data Bounds*:::: The default Y-axis bounds are zero and the maximum value returned in the data. Check - this box to change both upper and lower bounds to match the values returned in the data. - Checking this option may cause that the bar, which value equals to the lower bounds/ - upper bounds (in case only negative values are depicted) is hidden. - To avoid that, you can define bounds margin. Via bounds margin you specify a value, - which decreases/increases the lower/upper bounds when displaying the plot. -*Custom Extents*:::: You can define custom minimum and maximum for each axis - -[float] -==== X-Axis - -*Position*:: position of the X-Axis (*left* or *right* for horizontal charts, and *top* or *bottom* for vertical charts). -*Advanced Options*:: -*Labels - Show Labels*:::: Allows you to hide axis labels -*Labels - Filter Labels*:::: If filter labels is enabled some labels will be hidden in case there is not enough spave to display them -*Labels - Rotate*:::: You can enter the number in degrees for how much you want to rotate labels -*Labels - Truncate*:::: You can enter the size in pixels to which the label is truncated - -[float] -[[panel-settings]] -=== Panel Settings - -These are options that apply to the entire chart and not just the individual data series. - -[float] -==== Common options -*Legend Position*:: Move your legend to the *left*, *right*, *top* or *bottom* -*Show Tooltip*:: Enables or disables the display of tooltip on hovering over chart objects -*Current Time Marker*:: Show a line indicating the current time - -[float] -==== Grid options -You can enable grid on the chart. By default grid is displayed on the category axis only. - -*X-axis*:: You can disable the display of grid lines on category axis -*Y-axis*:: You can choose on which (if any) of the value axes you want to display grid lines diff --git a/docs/visualize/y-axis-aggs.asciidoc b/docs/visualize/y-axis-aggs.asciidoc deleted file mode 100644 index 1b21b94b702f5..0000000000000 --- a/docs/visualize/y-axis-aggs.asciidoc +++ /dev/null @@ -1,61 +0,0 @@ -Metric Aggregations: - -*Count*:: The {ref}/search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of -the elements in the selected index pattern. -*Average*:: This aggregation returns the {ref}/search-aggregations-metrics-avg-aggregation.html[_average_] of a numeric -field. Select a field from the drop-down. -*Sum*:: The {ref}/search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric -field. Select a field from the drop-down. -*Min*:: The {ref}/search-aggregations-metrics-min-aggregation.html[_min_] aggregation returns the minimum value of a -numeric field. Select a field from the drop-down. -*Max*:: The {ref}/search-aggregations-metrics-max-aggregation.html[_max_] aggregation returns the maximum value of a -numeric field. Select a field from the drop-down. -*Unique Count*:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns -the number of unique values in a field. Select a field from the drop-down. -*Standard Deviation*:: The {ref}/search-aggregations-metrics-extendedstats-aggregation.html[_extended stats_] -aggregation returns the standard deviation of data in a numeric field. Select a field from the drop-down. -*Top Hit*:: The {ref}/search-aggregations-metrics-top-hits-aggregation.html[_top hits_] -aggregation returns one or more of the top values from a specific field in your documents. Select a field from the drop-down, -how you want to sort the documents and choose the top fields, and how many values should be returned. -*Percentiles*:: The {ref}/search-aggregations-metrics-percentile-aggregation.html[_percentile_] aggregation divides the -values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one -or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a -percentile field. -*Percentile Rank*:: The {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[_percentile ranks_] -aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field -from the drop-down, then specify one or more percentile rank values in the *Values* fields. Click the *X* to remove a -values field. Click *+Add* to add a values field. - -Parent Pipeline Aggregations: - -For each of the parent pipeline aggregations you have to define the metric for which the aggregation is calculated. -That could be one of your existing metrics or a new one. You can also nest this aggregations -(for example to produce 3rd derivative) - -*Derivative*:: The {ref}/search-aggregations-pipeline-derivative-aggregation.html[_derivative_] aggregation calculates -the derivative of specific metrics. -*Cumulative Sum*:: The {ref}/search-aggregations-pipeline-cumulative-sum-aggregation.html[_cumulative sum_] aggregation -calculates the cumulative sum of a specified metric in a parent histogram -*Moving Average*:: The {ref}/search-aggregations-pipeline-movavg-aggregation.html[_moving average_] aggregation will -slide a window across the data and emit the average value of that window -*Serial Diff*:: The {ref}/search-aggregations-pipeline-serialdiff-aggregation.html[_serial differencing_] is a technique -where values in a time series are subtracted from itself at different time lags or period - -Sibling Pipeline Aggregations: - -Just like with parent pipeline aggregations you need to provide a metric for which to calculate the sibling aggregation. -On top of that you also need to provide a bucket aggregation which will define the buckets on which the sibling -aggregation will run - -*Average Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_avg bucket_] -calculates the (mean) average value of a specified metric in a sibling aggregation -*Sum Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_sum bucket_] -calculates the sum of values of a specified metric in a sibling aggregation -*Min Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_min bucket_] -calculates the minimum value of a specified metric in a sibling aggregation -*Max Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_max bucket_] -calculates the maximum value of a specified metric in a sibling aggregation - -You can add an aggregation by clicking the *+ Add Metrics* button. - -Enter a string in the *Custom Label* field to change the display label.