github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Docs] Update and improve docs for Visualize and Discover (#49810)

Browse source 
* [Docs] Update and improve docs for Visualize and Discover

* Create a new section for default editor docs

* Fix significant terms link

* Writer changes

* Remove pages that aren't helpful to users

* More writer changes
This commit is contained in:
Wylie Conlon 2019-11-21 14:57:21 -05:00 committed by Kaarina Tungseth
parent 989489ebf3
commit 5f2a326d89
51 changed files with 325 additions and 779 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/discover/context.asciidoc
View file

@ -3,7 +3,7 @@
For certain applications it can be useful to inspect a window of documents
surrounding a specific event. The context view enables you to do just that for
index patterns that are configured to contain time-based events.
<<index-patterns, index patterns>> that are configured to contain time-based events.
To show the context surrounding an anchor document, click the *Expand* button
image:images/ExpandButton.jpg[Expand Button] to the left of the document's

2
docs/discover/document-data.asciidoc
View file

@ -5,7 +5,7 @@ When you submit a search query, the 500 most recent documents that match the que
are listed in the Documents table. You can configure the number of documents shown
in the table by setting the `discover:sampleSize` property in <<advanced-options,
Advanced Settings>>. By default, the table shows the localized version of the time
field configured for the selected index pattern and the document `_source`. You can
field configured for the selected <<index-patterns, index pattern>> and the document `_source`. You can
<<adding-columns, add fields to the Documents table>> from the Fields list.
You can <<sorting, sort the listed documents>> by any indexed field that's included
in the table.

24
docs/discover/field-filter.asciidoc
View file

@ -14,7 +14,8 @@ To add a filter from the Fields list:
. Click the name of the field you want to filter on. This displays the top
five values for that field.
+
image::images/filter-field.jpg[]
[role="screenshot"]
image::images/filter-field.png[height=317]
. To add a positive filter, click the *Positive Filter* button
image:images/PositiveFilter.jpg[Positive Filter].
This includes only those documents that contain that value in the field.
@ -43,8 +44,7 @@ field name. This includes only those documents that contain the field.
To manually add a filter:
. Click *Add Filter*. A popup will be displayed for you to create the filter.
+
image::images/add_filter.png[]
. Choose a field to filter by. This list of fields will include fields from the
index pattern you are currently querying against.
+
@ -78,26 +78,26 @@ turn off the suggestions by setting the advanced setting, `filterEditor:suggestV
[[filter-pinning]]
=== Managing Filters
To modify a filter, hover over it and click one of the action buttons.
To modify a filter, click on it and click one of the action buttons.
image::images/filter-allbuttons.png[]
&nbsp;
image:images/filter-enable.png[] Enable Filter :: Disable the filter without
removing it. Click again to reenable the filter. Diagonal stripes indicate
that a filter is disabled.
image:images/filter-pin.png[] Pin Filter :: Pin the filter. Pinned filters
Pin across all apps :: Pinned filters
persist when you switch contexts in Kibana. For example, you can pin a filter
in Discover and it remains in place when you switch to Visualize.
Note that a filter is based on a particular index field--if the indices being
searched don't contain the field in a pinned filter, it has no effect.
image:images/filter-toggle.png[] Invert Filter :: Switch from a positive
filter to a negative filter and vice-versa.
image:images/filter-delete.png[] Remove Filter :: Remove the filter.
image:images/filter-custom.png[] Edit Filter :: <<filter-edit, Edit the
Edit Filter :: <<filter-edit, Edit the
filter>> definition. Enables you to manually update the filter and
specify a label for the filter.
Exclude results :: Switch from a positive
filter to a negative filter and vice-versa.
Temporarily disable :: Disable the filter without
removing it. Click again to reenable the filter. Diagonal stripes indicate
that a filter is disabled.
Remove Filter :: Remove the filter.
To apply a filter action to all of the applied filters,
click *Actions* and select the action.

4
docs/discover/search.asciidoc
View file

@ -1,7 +1,7 @@
[[search]]
== Searching your data
You can search the indices that match the current index pattern by entering
your search criteria in the Query bar. By default you can use Kibana's standard query language
You can search the indices that match the current <<index-patterns, index pattern>> by entering
your search criteria in the Query bar. By default you can use Kibana's <<kuery-query, standard query language>>
which features autocomplete and a simple, easy to use syntax. Kibana's legacy query
language (based on Lucene https://lucene.apache.org/core/2_9_4/queryparsersyntax.html[query syntax])
is still available for the time being under the options menu in the Query Bar. When this

2
docs/discover/set-time-filter.asciidoc
View file

@ -1,7 +1,7 @@
[[set-time-filter]]
== Setting the time filter
If your index contains time-based events, and a time-field is configured for the
selected index pattern, set a time filter that displays only the data within the
selected <<index-patterns, index pattern>>, set a time filter that displays only the data within the
specified time range.
You can use the time filter to change the time range, or select a specific time

2
docs/discover/viewing-field-stats.asciidoc
View file

@ -11,4 +11,4 @@ they are available in the side bar if we uncheck "Hide missing fields".
To view field data statistics, click the name of a field in the Fields list.
image:images/filter-field.jpg[Field Statistics]
image:images/filter-field.png[Field Statistics,height=317]

BIN
docs/images/add-bucket.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
docs/images/add_filter.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 19 KiB

BIN
docs/images/add_filter_field.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 108 KiB

After

Width:  |  Height:  |  Size: 63 KiB

Before After
Before After

BIN
docs/images/add_filter_operator.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 128 KiB

After

Width:  |  Height:  |  Size: 46 KiB

Before After
Before After

BIN
docs/images/add_filter_value.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 88 KiB

After

Width:  |  Height:  |  Size: 48 KiB

Before After
Before After

BIN
docs/images/bar-terms-agg.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 179 KiB

BIN
docs/images/bar-terms-agg.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 65 KiB

BIN
docs/images/bar-terms-subagg.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 258 KiB

BIN
docs/images/bar-terms-subagg.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 82 KiB

BIN
docs/images/color-picker.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 23 KiB

Before After
Before After

BIN
docs/images/edit_filter_query.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 30 KiB

After

Width:  |  Height:  |  Size: 38 KiB

Before After
Before After

BIN
docs/images/edit_filter_query_json.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 125 KiB

After

Width:  |  Height:  |  Size: 47 KiB

Before After
Before After

BIN
docs/images/filter-allbuttons.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 30 KiB

Before After
Before After

BIN
docs/images/filter-custom.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3 KiB

BIN
docs/images/filter-delete.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3.1 KiB

BIN
docs/images/filter-enable.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3 KiB

BIN
docs/images/filter-field.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 30 KiB

BIN
docs/images/filter-field.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
docs/images/filter-pin.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 631 B

BIN
docs/images/filter-toggle.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 3.3 KiB

BIN
docs/images/gauge.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 46 KiB

BIN
docs/images/goal.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 49 KiB

BIN
docs/images/visualize-date-histogram-split-1.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 212 KiB

BIN
docs/images/visualize-date-histogram-split-2.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 186 KiB

BIN
docs/images/visualize-date-histogram.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 156 KiB

BIN
docs/images/visualize-drag-reorder.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 20 KiB

2
docs/user/discover.asciidoc
View file

@ -4,7 +4,7 @@
[partintro]
--
*Discover* enables you to explore your data with {kib}'s data discovery functions.
You have access to every document in every index that matches the selected index pattern.
You have access to every document in every index that matches the selected <<index-patterns, index pattern>>.
You can submit search queries, filter the search results, and view document data.
You can also see the number of documents that match the search query and get field value statistics.
If a time field is configured for the selected index pattern, the distribution of

174
docs/user/visualize.asciidoc
View file

@ -3,58 +3,49 @@
[partintro]
--
_Visualize_ enables you to create visualizations of the data in your
Elasticsearch indices. You can then build <<dashboard, dashboards>> that
display related visualizations.
_Visualize_ enables you to create visualizations of the data from your Elasticsearch indices, which you can then add to dashboards for analysis.
Kibana visualizations are based on Elasticsearch queries. By using a
series of Elasticsearch {ref}/search-aggregations.html[aggregations]
to extract and process your data, you can create charts that show
you the trends, spikes, and dips you need to know about.
{kib} visualizations are based on Elasticsearch queries. By using a series of {es} {ref}/search-aggregations.html[aggregations] to extract and process your data, you can create charts that show you the trends, spikes, and dips you need to know about.
You can create visualizations from a search saved from <<discover, Discover>>
or start with a new search query.
--
[float]
[[create-a-visualization]]
== Create visualizations
[[createvis]]
== Creating a Visualization
To create a visualization:
. Click on *Visualize* in the side navigation.
. Click the *Create new visualization* button or the **+** button.
. Open *Visualize*.
. Click *Create new visualization*.
. Choose the visualization type:
+
* *Basic charts*
[horizontal]
<<lens,Lens>>:: Quickly build several types of basic visualizations by simply dragging and dropping the data fields you want to display.
<<xy-chart,Line&comma; Area and Bar charts>>:: Compare different series in X/Y charts.
<<heatmap-chart,Heat maps>>:: Shade cells within a matrix.
<<pie-chart,Pie chart>>:: Display each source's contribution to a total.
* *Data*
* *<<most-frequent,Most frequently used visualizations>>*
[horizontal]
<<data-table,Data table>>:: Display the raw data of a composed aggregation.
<<metric-chart,Metric>>:: Display a single number.
<<goal-chart,Goal and Gauge>>:: Display a gauge.
* *Maps*
[horizontal]
<<tilemap,Coordinate map>>:: Associate the results of an aggregation with geographic locations.
<<regionmap,Region map>>:: Thematic maps where a shape's color intensity corresponds to a metric's value.
locations.
* *Time Series*
Line&comma; area, and bar charts:: Compare different series in X/Y charts.
Pie chart:: Display each source contribution to a total.
Data table:: Flattens aggregations into table format.
Metric:: Display a single number.
Goal and gauge:: Display a number with progress indicators.
Heat maps:: Display shaded cells within a matrix.
Tag cloud:: Display words in a cloud, where the size of the word corresponds to its importance.
* *Time series optimized*
[horizontal]
<<TSVB,TSVB>>:: Visualize time series data using pipeline aggregations.
<<timelion,Timelion>>:: Compute and combine data from multiple time series
data sets.
<<TSVB,TSVB>>:: Visualize time series data using pipeline aggregations.
* *Other*
* *Maps*
[horizontal]
<<controls,Controls>>:: Controls provide the ability to add interactive inputs to Kibana Dashboards.
<<markdown-widget,Markdown widget>>:: Display free-form information or
instructions.
<<tagcloud-chart,Tag cloud>>:: Display words as a cloud in which the size of the word correspond to its importance.
<<vega-graph,Vega graph>>:: Support for user-defined graphs, external data sources, images, and user-defined interactivity.
<<maps, Elastic maps>>:: The most powerful way of visualizing map data in {kib}.
<<tilemap,_Coordinate map_>>:: Displays points on a map using a geohash aggregation.
<<regionmap,_Region map_>>:: Merge any structured map data onto a shape.
* *<<for-dashboard, For use in dashboards>>*
[horizontal]
<<for-dashboard,Controls>>:: Provides the ability to add interactive inputs to a Dashboard.
<<for-dashboard,Markdown widget>>:: Display free-form information or instructions.
* *For developers*
[horizontal]
<<vega-graph,Vega>>:: Complete control over query and display.
. Specify a search query to retrieve the data for your visualization:
** To enter new search criteria, select the index pattern for the indices that
** To enter new search criteria, select the <<index-patterns, index pattern>> for the indices that
contain the data you want to visualize. This opens the visualization builder
with a wildcard query that matches all of the documents in the selected
indices.
@ -67,110 +58,23 @@ modifications to the saved search are automatically reflected in the
visualization. To disable automatic updates, you can disconnect a visualization
from the saved search.
. In the visualization builder, choose the metric aggregation for the
visualization's Y axis:
* *Metric Aggregations*:
* {ref}/search-aggregations-metrics-valuecount-aggregation.html[count]
* {ref}/search-aggregations-metrics-avg-aggregation.html[average]
* {ref}/search-aggregations-metrics-sum-aggregation.html[sum]
* {ref}/search-aggregations-metrics-min-aggregation.html[min]
* {ref}/search-aggregations-metrics-max-aggregation.html[max]
* {ref}/search-aggregations-metrics-stats-aggregation.html[standard deviation]
* {ref}/search-aggregations-metrics-cardinality-aggregation.html[unique count]
* {ref}/search-aggregations-metrics-percentile-aggregation.html[median] (50th percentile)
* {ref}/search-aggregations-metrics-percentile-aggregation.html[percentiles]
* {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[percentile ranks]
* {ref}/search-aggregations-metrics-top-hits-aggregation.html[top hit]
* {ref}/search-aggregations-metrics-geocentroid-aggregation.html[geo centroid]
* *Parent Pipeline Aggregations*:
* {ref}/search-aggregations-pipeline-derivative-aggregation.html[derivative]
* {ref}/search-aggregations-pipeline-cumulative-sum-aggregation.html[cumulative sum]
* {ref}/search-aggregations-pipeline-movavg-aggregation.html[moving average]
* {ref}/search-aggregations-pipeline-serialdiff-aggregation.html[serial diff]
* *Sibling Pipeline Aggregations*:
* {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[average bucket]
* {ref}/search-aggregations-pipeline-sum-bucket-aggregation.html[sum bucket]
* {ref}/search-aggregations-pipeline-min-bucket-aggregation.html[min bucket]
* {ref}/search-aggregations-pipeline-max-bucket-aggregation.html[max bucket]
. For the visualizations X axis, select a bucket aggregation:
+
* {ref}/search-aggregations-bucket-datehistogram-aggregation.html[date histogram]
* {ref}/search-aggregations-bucket-range-aggregation.html[range]
* {ref}/search-aggregations-bucket-terms-aggregation.html[terms]
* {ref}/search-aggregations-bucket-filters-aggregation.html[filters]
* {ref}/search-aggregations-bucket-significantterms-aggregation.html[significant terms]
For example, if you're indexing Apache server logs, you could build bar chart
that shows the distribution of incoming requests by geographic location by
specifying a terms aggregation on the `geo.src` field:
image::images/bar-terms-agg.jpg[]
The y-axis shows the number of requests received from each country, and the
countries are displayed across the x-axis.
Bar, line, or area chart visualizations use _metrics_ for the y-axis and
_buckets_ for the x-axis. Buckets are analogous to SQL `GROUP BY`
statements. Pie charts, use the metric for the slice size and the bucket
for the number of slices.
You can further break down the data by specifying sub aggregations. The first
aggregation determines the data set for any subsequent aggregations. Sub
aggregations are applied in order--you can drag the aggregations to change the
order in which they're applied.
For example, you could add a terms sub aggregation on the `geo.dest` field to
the Country of Origin bar chart to see the locations those requests were
targeting.
image::images/bar-terms-subagg.jpg[]
For more information about working with sub aggregations, see
https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana,
Aggregation Execution Order, and You].
include::{kib-repo-dir}/visualize/saving.asciidoc[]
--
include::{kib-repo-dir}/visualize/visualize_rollup_data.asciidoc[]
include::{kib-repo-dir}/visualize/lens.asciidoc[]
include::{kib-repo-dir}/visualize/xychart.asciidoc[]
include::{kib-repo-dir}/visualize/controls.asciidoc[]
include::{kib-repo-dir}/visualize/datatable.asciidoc[]
include::{kib-repo-dir}/visualize/markdown.asciidoc[]
include::{kib-repo-dir}/visualize/metric.asciidoc[]
include::{kib-repo-dir}/visualize/goal.asciidoc[]
include::{kib-repo-dir}/visualize/pie.asciidoc[]
include::{kib-repo-dir}/visualize/tilemap.asciidoc[]
include::{kib-repo-dir}/visualize/regionmap.asciidoc[]
include::{kib-repo-dir}/visualize/timelion.asciidoc[]
include::{kib-repo-dir}/visualize/most-frequent.asciidoc[]
include::{kib-repo-dir}/visualize/tsvb.asciidoc[]
include::{kib-repo-dir}/visualize/timelion.asciidoc[]
include::{kib-repo-dir}/visualize/tagcloud.asciidoc[]
include::{kib-repo-dir}/visualize/tilemap.asciidoc[]
include::{kib-repo-dir}/visualize/regionmap.asciidoc[]
include::{kib-repo-dir}/visualize/heatmap.asciidoc[]
include::{kib-repo-dir}/visualize/for-dashboard.asciidoc[]
include::{kib-repo-dir}/visualize/vega.asciidoc[]
include::{kib-repo-dir}/visualize/saving.asciidoc[]
include::{kib-repo-dir}/visualize/inspector.asciidoc[]

136
docs/visualize/aggregations.asciidoc Normal file
View file

@ -0,0 +1,136 @@
[[supported-aggregations]]
=== Supported aggregations
The most frequently used visualizations support the following aggregations.
[float]
[[visualize-metric-aggregations]]
==== Metric aggregations
The *Count* metric lets you visualize the number of documents in a bucket.
If there are no bucket aggregations defined, this is the total number of documents that match the query.
It is the default selection.
All other metric aggregations require a field selection, which will read from the indexed values. Alternatively,
you can override field values with a script using the <<visualize-advanced-aggregation-options, JSON input>>. The
other metric aggregations are:
{ref}/search-aggregations-metrics-avg-aggregation.html[Average]:: The mean value.
{ref}/search-aggregations-metrics-max-aggregation.html[Maximum]:: The highest value.
{ref}/search-aggregations-metrics-percentile-aggregation.html[Median]:: The value that is in the 50% percentile.
{ref}/search-aggregations-metrics-min-aggregation.html[Minimum]:: The lowest value.
{ref}/search-aggregations-metrics-sum-aggregation.html[Sum]:: The total value.
Unique Count:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[Cardinality] of the field within the bucket.
Supports any data type.
Standard Deviation:: Requires a numeric field. Uses the {ref}/search-aggregations-metrics-extendedstats-aggregation.html[_extended stats_] aggregation.
{ref}/search-aggregations-metrics-top-hits-aggregation.html[Top Hit]:: Returns a sample of individual documents. When the Top Hit aggregation is matched to more than one document, you must choose a technique for combining the values. Techniques include average, minimum, maximum, and sum.
{ref}/search-aggregations-metrics-percentile-aggregation.html[Percentiles]:: Divides the
values in a numeric field into specified percentile bands. Select a field from the drop-down, then specify one or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a percentile field.
{ref}/search-aggregations-metrics-percentile-rank-aggregation.html[Percentile Rank]:: Returns the percentile rankings for the values in the specified numeric field. Select a numeric field from the drop-down, then specify one or more percentile rank values in the *Values* fields. Click the *X* to remove a values field. Click *+Add* to add a values field.
[float]
[[visualize-sibling-pipeline-aggregations]]
==== Sibling pipeline aggregations
For each of the sibling pipeline aggregations you have to define a bucket and metric to calculate. This
has the effect of condensing many buckets into one number.
{ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[Average Bucket]:: Calculates the mean, or average, value of a specified metric in a sibling aggregation.
{ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[Sum Bucket]:: Calculates the sum of the values of a specified metric in a sibling aggregation.
{ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[Min Bucket]:: Calculates the minimum value of a specified metric in a sibling aggregation.
{ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[Max Bucket]:: Calculates the maximum value of a specified metric in a sibling aggregation.
[float]
[[visualize-bucket-aggregations]]
==== Bucket aggregations
{ref}/search-aggregations-bucket-datehistogram-aggregation.html[Date Histogram]:: Splits a date field into buckets by interval. If the date field is the primary time field for the index pattern, it will pick an automatic interval for you. You can also choose a minimum time interval, or specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
down to one millisecond. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch.For example, the tooltip for a monthly interval will show the first day of the month.
{ref}/search-aggregations-bucket-histogram-aggregation.html[Histogram]:: Builds from a numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty intervals in the histogram.
{ref}/search-aggregations-bucket-range-aggregation.html[Range]:: Specify ranges of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove a range.
{ref}/search-aggregations-bucket-daterange-aggregation.html[Date Range]:: Reports values that are within a range of dates that you specify. You can specify the ranges for the dates using {ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
Click the red *(x)* symbol to remove a range.
{ref}/search-aggregations-bucket-iprange-aggregation.html[IPv4 Range]:: Specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove a range.
*Filters*:: Each filter creates a bucket of documents. You can specify a filter as a
<<kuery-query, KQL>> or <<lucene-query, Lucene>> query string. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[Label button icon] *label* button to open the label field, where
you can type in a name to display on the visualization.
{ref}/search-aggregations-bucket-terms-aggregation.html[Terms]:: Specify the top or bottom _n_ elements of a given field to display, ordered by count or a custom metric.
{ref}/search-aggregations-bucket-significantterms-aggregation.html[Significant Terms]:: Returns interesting or unusual occurrences of terms in a set.
Both Terms and Significant Terms support {es} {ref}/search-aggregations-bucket-terms-aggregation.html#_filtering_values_4[exclude and include patterns] which
are available by clicking *Advanced* after selecting a field.
Kibana only supports filtering string fields with regular expression patterns, it does not support matching with arrays or filtering numeric fields.
Patterns are case sensitive.
Example:
* You want to exclude the metricbeat process from your visualization of top processes: `metricbeat.*`
* You only want to show processes collecting beats: `.*beat`
* You want to exclude two specific values, the string `"empty"` and `"none"`: `empty|none`
*Geo aggregations*
These are only supported by the tile map and table visualizations:
{ref}/search-aggregations-bucket-geohashgrid-aggregation.html[Geohash]:: Displays points based on a geohash.
{ref}/search-aggregations-bucket-geotilegrid-aggregation.html[Geotile]:: Groups points based on web map tiling.
[float]
[[visualize-parent-pipeline-aggregations]]
==== Parent pipeline aggregations
For each of the parent pipeline aggregations you have to define a bucket and metric to calculate. These
metrics expect the buckets to be ordered, and are especially useful for time series data.
You can also nest these aggregations. For example, if you want to produce a third derivative.
These visualizations support parent pipeline aggregations:
* Line, Area and Bar charts
* Data table
{ref}/search-aggregations-pipeline-derivative-aggregation.html[Derivative]:: Calculates the derivative of specific metrics.
{ref}/search-aggregations-pipeline-cumulative-sum-aggregation.html[Cumulative Sum]:: Calculates the cumulative sum of a specified metric in a parent histogram.
{ref}/search-aggregations-pipeline-movavg-aggregation.html[Moving Average]:: Slides a window across the data and emits the average value of the window.
{ref}/search-aggregations-pipeline-serialdiff-aggregation.html[Serial Diff]:: Values in a time series are subtracted from itself at different time lags or periods.
Custom {kib} plugins can <<development-visualize-index, add more capabilities to the default editor>>, which includes support for adding more aggregations.
[float]
[[visualize-advanced-aggregation-options]]
==== Advanced aggregation options
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
This example implements a {es} {ref}/search-aggregations.html[Script Value Source] which replaces
the value in the metric. The availability of these options varies depending on the aggregation
you choose.
When multiple bucket aggregations are defined, you can use the drag target on each aggregation to change the priority. For more information about working with aggregation order, see https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[Kibana, Aggregation Execution Order, and You].

75
docs/visualize/datatable.asciidoc
View file

@ -1,75 +0,0 @@
[[data-table]]
== Data Table
include::y-axis-aggs.asciidoc[]
The rows of the data table are called _buckets_. You can define buckets to split the table into rows or to split
the table into additional tables.
Each bucket type supports the following aggregations:
*Date Histogram*:: A {ref}/search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
down to one second. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch.
For example, the tooltip for a monthly interval will show the first day of the month.
*Histogram*:: A standard {ref}/search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
intervals in the histogram.
*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
a range.
*Date Range*:: A {ref}/search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
Click the red *(/)* symbol to remove a range.
*IPv4 Range*:: The {ref}/search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to
remove a range.
*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
or bottom _n_ elements of a given field to display, ordered by count or a custom metric.
*Filters*:: You can specify a set of {ref}/search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[] *label* button to open the label field, where you can type
in a name to display on the visualization.
*Significant Terms*:: Displays the results of the experimental
{ref}/search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. The value of the
*Size* parameter defines the number of entries this aggregation returns.
*Geohash*:: The {ref}/search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation displays points
based on the geohash coordinates.
Once you've specified a bucket type aggregation, you can define sub-buckets to refine the visualization. Click
*+ Add sub-buckets* to define a sub-bucket, then choose *Split Rows* or *Split Table*, then select an
aggregation from the list of types.
You can use the up or down arrows to the right of the aggregation's type to change the aggregation's priority.
Enter a string in the *Custom Label* field to change the display label.
You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation:
*Exclude Pattern*:: Specify a pattern in this field to exclude from the results.
*Include Pattern*:: Specify a pattern in this field to include in the results.
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.
Select the *Options* tab to change the following aspects of the table:
*Per Page*:: This field controls the pagination of the table. The default value is ten rows per page.
*Show metrics for every bucket/level*:: Check this box to display the intermediate results for each bucket aggregation.
*Show partial rows*:: Check this box to display a row even when there is no result.
*Show total*:: Check this box to display a row at the bottom of the table with each column's total value.
*Total function*:: This field controls the function used to calculate totals that you can toggle with the **Show total** checkbox.
*Percentage column*:: Select a column to add a percentage based column on the same data.
NOTE: Enabling these behaviors may have a substantial effect on performance.

34
docs/visualize/controls.asciidoc → docs/visualize/for-dashboard.asciidoc
View file

@ -1,17 +1,36 @@
[[for-dashboard]]
== Markdown and controls
[float]
[[markdown-widget]]
=== Markdown widget
The Markdown widget is a text entry field that accepts GitHub-flavored Markdown text. Kibana renders the text you enter
in this field and displays the results on the dashboard. You can click the *Help* link to go to the
https://help.github.com/articles/github-flavored-markdown/[help page] for GitHub flavored Markdown. From the widget
you can:
* Click *Apply* to display the rendered text in the Preview panel
* Click *Discard* to revert to a previously saved version
[float]
[[controls]]
== Controls Visualization
=== Controls widget
experimental[]
The Controls widget enables you to add interactive inputs
to a dashboard. You can create two types of inputs:
The Controls visualization enables you to add interactive inputs
to Kibana dashboards. You can create two types of inputs:
a dropdown menu and a radio slider.
* Dropdown menu
* Radio slider
[role="screenshot"]
image::images/controls/controls_in_dashboard.png[]
[float]
[[add-input-controls]]
=== Adding Input Controls
=== Add input controls
To start a *Controls* visualization, open the Visualization application
and click the *+* button. Scroll to the *Others* section and
@ -20,6 +39,7 @@ select *Controls*.
In the visualization builder, choose the type of control to add to
your visualization.
[float]
==== Dropdown menu
A dropdown menu allows users to filter content by selecting
@ -49,6 +69,7 @@ creating multiple dropdown menus.
*Size*:: The number of options to include in the list.
[float]
==== Range slider
A range sliders allow users to filter content within a range of numbers.
@ -73,8 +94,9 @@ specified index pattern.
*Decimal Places*:: The number of decimal places.
[float]
[[global-options]]
=== Global Options
=== Global options
Open the *Options* tab to configure settings that apply to all input
controls in a Controls visualization.

38
docs/visualize/goal.asciidoc
View file

@ -1,38 +0,0 @@
[[goal-chart]]
== Goal and Gauge
A goal visualization displays how your metric progresses toward a fixed goal. A gauge visualization displays in which
predefined range falls your metric.
include::y-axis-aggs.asciidoc[]
Open the *Advanced* link to display more customization options:
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.
Click the *Options* tab to change the following options:
* *Gauge Type* select between arc, circle and metric display type.
* *Percentage Mode* will show all values as percentages
* *Vertical Split* will put the gauges one under another instead of one next to another
* *Show Labels* selects whether you want to show or hide the labels
* *Sub Text* text for the label that appears below the value
* *Auto Extend Range* automatically grows the gauge if value is over its extents.
* *Ranges* you can add custom ranges. Each range will get assigned a color. If value falls within that range it will get
assigned that color.
** A chart with a single range is called a *goal* chart.
** A chart with multiple ranges is called a *gauge* chart. Gauge charts are initialized with a predefined set of ranges. Adjust the ranges to fit the need of your data set and use case.
** *Caution:* Field formatters can be applied to the displayed value causing the range values and the displayed values to be different. For example: The _bytes_ field formatter applied to the Metrics field will have displayed values like "30MB". The raw value is really closer to 30,000,000. You will need to set your range values to the raw value and not the formatted value.
* *Color Options* define how to color your ranges (which color schema to use). Color options are only visible if more than
one range is defined.
* *Style - Show Scale* shows or hides the scale
* *Style - Color Labels* whether the labels should have the same color as the range where the value falls in

81
docs/visualize/heatmap.asciidoc
View file

@ -1,81 +0,0 @@
[[heatmap-chart]]
== Heatmap Chart
A heat map is a graphical representation of data where the individual values contained in a matrix are represented as colors.
The color for each matrix position is determined by the _metrics_ aggregation. The following aggregations are available for
this chart:
include::y-axis-aggs.asciidoc[]
The _buckets_ aggregations determine what information is being retrieved from your data set.
Before you choose a buckets aggregation, specify if you are defining buckets for X or Y axis within a single chart
or splitting into multiple charts. A multiple chart split must run before any other aggregations.
When you split a chart, you can change if the splits are displayed in a row or a column by clicking
the *Rows | Columns* selector.
This chart's X and Y axis supports the following aggregations. Click the linked name of each aggregation to visit the main
Elasticsearch documentation for that aggregation.
*Date Histogram*:: A {ref}/search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
down to one second. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch.
For example, the tooltip for a monthly interval will show the first day of the month.
*Histogram*:: A standard {ref}/search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
intervals in the histogram.
*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
a range.
*Date Range*:: A {ref}/search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
Click the red *(x)* symbol to remove a range.
*IPv4 Range*:: The {ref}/search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to
remove a range.
*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
or bottom _n_ elements of a given field to display, ordered by count or a custom metric.
*Filters*:: You can specify a set of {ref}/search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[Label button icon] *label* button to open the label field, where
you can type in a name to display on the visualization.
*Significant Terms*:: Displays the results of the experimental
{ref}/search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation.
Enter a string in the *Custom Label* field to change the display label.
You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation:
*Exclude Pattern*:: Specify a pattern in this field to exclude from the results.
*Include Pattern*:: Specify a pattern in this field to include in the results.
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
The availability of these options varies depending on the aggregation you choose.
Select the *Options* tab to change the following aspects of the chart:
*Show Tooltips*:: Check this box to enable the display of tooltips.
*Highlight*:: Check this box to enable highlighting of elements with same label
*Legend Position*:: You can select where to display the legend (top, left, right, bottom)
*Color Schema*:: You can select an existing color schema or go for custom and define your own colors in the legend
*Reverse Color Schema*:: Checking this checkbox will reverse the color schema.
*Color Scale*:: You can switch between linear, log and sqrt scales for color scale.
*Scale to Data Bounds*:: The default Y axis bounds are zero and the maximum value returned in the data. Check
this box to change both upper and lower bounds to match the values returned in the data.
*Number of Colors*:: Number of color buckets to create. Minimum is 2 and maximum is 10.
*Percentage Mode*:: Enabling this will show legend values as percentages.
*Custom Range*:: You can define custom ranges for your color buckets. For each of the color bucket you need to specify
the minimum value (inclusive) and the maximum value (exclusive) of a range.
*Show Label*:: Enables showing labels with cell values in each cell
*Rotate*:: Allows rotating the cell value label by 90 degrees.

24
docs/visualize/inspector.asciidoc
View file

@ -1,19 +1,11 @@
[[vis-inspector]]
== Inspecting Visualizations
== Inspect visualizations
Many visualizations allow you to inspect the data behind the
visualization.
Many visualizations allow you to inspect the query and data behind the visualization.
To inspect a visualization, click the *Inspect* button in the editor or
select *Inspect* from the Dashboard panel menu.
The initial view shows the underlying data for the visualization. You can
download the data as a comma separated values (CSV) file in
*Formatted* or *Raw* format. Formatted downloads the data in table format.
Raw downloads the data as provided -- dates are timestamps, numbers dont have
thousand separators, and so on.
To view the requests that collected the data, select *Requests* from the *View*
menu in the upper right.
Which views are available depends on the inspected visualization.
. In the {kib} toolbar, click *Inspect*.
. To download the data, click *Download CSV*, then choose one of the following options:
* *Formatted CSV* - Downloads the data in table format.
* *Raw CSV* - Downloads the data as provided.
. To view the data collection requests, select *Requests* from the *View*
dropdown.

7
docs/visualize/markdown.asciidoc
View file

@ -1,7 +0,0 @@
[[markdown-widget]]
== Markdown Widget
The Markdown widget is a text entry field that accepts GitHub-flavored Markdown text. Kibana renders the text you enter
in this field and displays the results on the dashboard. You can click the *Help* link to go to the
https://help.github.com/articles/github-flavored-markdown/[help page] for GitHub flavored Markdown. Click *Apply* to
display the rendered text in the Preview pane or *Discard* to revert to a previous version.

19
docs/visualize/metric.asciidoc
View file

@ -1,21 +1,4 @@
[[metric-chart]]
== Metric
A metric visualization displays a single number for each aggregation you select:
include::y-axis-aggs.asciidoc[]
You can click the *Advanced* link to display more customization options:
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.
=== Metric
Click the *Options* tab to display the font size slider.

63
docs/visualize/most-frequent.asciidoc Normal file
View file

@ -0,0 +1,63 @@
[[most-frequent]]
== Most frequently used visualizations
The most frequently used visualizations allow you to plot aggregated data from a <<save-open-search, saved search>> or <<index-patterns, index pattern>>. They all support a single level of
Elasticsearch {es} {ref}/search-aggregations-metrics.html[metric] aggregations, and one or more
levels of {es} {ref}/search-aggregations-bucket.html[bucket] aggregations.
The most frequently used visualizations include:
* Line, Area and Bar charts
* Pie charts
* Data table
* Metric visualization
* Goal and Gauge visualization
* Heat maps
* Tag cloud
[float]
=== Configure your visualization
You configure visualizations using the default editor, which is broken into *Metrics* and *Buckets*, and includes a default count
metric. Each visualization supports different configurations for what the metrics and buckets
represent. For example, a Bar chart allows you to add an X-axis:
[role="screenshot"]
image::images/add-bucket.png["",height=478]
A common configuration for the X-axis is to use a {es} {ref}/search-aggregations-bucket-datehistogram-aggregation.html[date histogram] aggregation:
[role="screenshot"]
image::images/visualize-date-histogram.png[]
To see your changes, click *Apply changes* image:images/apply-changes-button.png[]
If it's supported by the visualization, you can add more buckets. In this example we have
added a
{es} {ref}/search-aggregations-bucket-terms-aggregation.html[terms] aggregation on the field
`geo.src` to show the top 5 sources of log traffic.
[role="screenshot"]
image::images/visualize-date-histogram-split-1.png[]
The new aggregation is added after the first one, so the result shows
the top 5 sources of traffic per 3 hours. If you want to change the aggregation order, you can do
so by dragging:
[role="screenshot"]
image::images/visualize-drag-reorder.png["",width=366]
The visualization
now shows the top 5 sources of traffic overall, and compares them in 3 hour increments:
[role="screenshot"]
image::images/visualize-date-histogram-split-2.png[]
For more information about how aggregations are used in visualizations, see <<supported-aggregations, supported aggregations>>.
Each visualization also has its own customization options. Most visualizations allow you to customize the color of a specific series:
[role="screenshot"]
image::images/color-picker.png[An array of color dots that users can select,height=267]
include::aggregations.asciidoc[]

86
docs/visualize/pie.asciidoc
View file

@ -1,86 +0,0 @@
[[pie-chart]]
== Pie Charts
The slice size of a pie chart is determined by the _metrics_ aggregation. The following aggregations are available for
this axis:
*Count*:: The {ref}/search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
the elements in the selected index pattern.
*Sum*:: The {ref}/search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
field. Select a field from the drop-down.
*Unique Count*:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
the number of unique values in a field. Select a field from the drop-down.
Enter a string in the *Custom Label* field to change the display label.
The _buckets_ aggregations determine what information is being retrieved from your data set.
Before you choose a buckets aggregation, specify if you are splitting slices within a single chart or splitting into
multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change
if the splits are displayed in a row or a column by clicking the *Rows | Columns* selector.
You can specify any of the following bucket aggregations for your pie chart:
*Date Histogram*:: A {ref}/search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
down to one second. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch.
For example, the tooltip for a monthly interval will show the first day of the month.
*Histogram*:: A standard {ref}/search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
intervals in the histogram.
*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
a range.
*Date Range*:: A {ref}/search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
Click the red *(/)* symbol to remove a range.
*IPv4 Range*:: The {ref}/search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to
remove a range.
*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
or bottom _n_ elements of a given field to display, ordered by count or a custom metric.
*Filters*:: You can specify a set of {ref}/search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[] *label* button to open the label field, where you can type
in a name to display on the visualization.
*Significant Terms*:: Displays the results of the experimental
{ref}/search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. The value of the
*Size* parameter defines the number of entries this aggregation returns.
After defining an initial bucket aggregation, you can define sub-buckets to refine the visualization. Click *+ Add
sub-buckets* to define a sub-aggregation, then choose *Split Slices* to select a sub-bucket from the list of
types.
When multiple aggregations are defined on a chart's axis, you can use the up or down arrows to the right of the
aggregation's type to change the aggregation's priority.
include::color-picker.asciidoc[]
Enter a string in the *Custom Label* field to change the display label.
You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation:
*Exclude Pattern*:: Specify a pattern in this field to exclude from the results.
*Include Pattern*:: Specify a pattern in this field to include in the results.
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.
Select the *Options* tab to change the following aspects of the table:
*Donut*:: Display the chart as a sliced ring instead of a sliced pie.
*Show Tooltip*:: Check this box to enable the display of tooltips.
After changing options, click the *Apply changes* button to update your visualization, or the grey *Discard
changes* button to keep your visualization in its current state.

29
docs/visualize/saving.asciidoc
View file

@ -1,24 +1,19 @@
[[save-visualize]]
== Saving Visualizations
Saving visualizations enables you to reload them in Visualize and use them in
<<dashboard, dashboards>>.
== Save visualizations
To use your visualizations in <<dashboard, dashboards>>, you must save them.
. In the {kib} toolbar, click *Save*.
. Enter the visualization *Title* and optional *Description*, then *Save* the visualization.
To access the saved visualization, go to *Management > {kib} > Saved Objects*.
[float]
[[visualize-read-only-access]]
=== [xpack]#Read only access#
When you have insufficient privileges to save visualizations, the following indicator in Kibana will be
displayed and the *Save* button won't be visible. For more information on granting access to
Kibana see <<xpack-security-authorization>>.
[[save-visualization-read-only-access]]
==== Read only access
When you have insufficient privileges to save visualizations, the following indicator is
displayed and the *Save* button is not visible.
[role="screenshot"]
image::visualize/images/read-only-badge.png[Example of Visualize's read only access indicator in Kibana's header]
[float]
[[saving-a-visualization]]
=== Saving a Visualization
To save the current visualization:
. Click *Save* in the Kibana toolbar.
. Enter a name for the visualization and click *Save*.
You can import, export and delete saved visualizations from *Management/Kibana/Saved Objects*.
For more information, see <<xpack-security-authorization>>.

41
docs/visualize/tagcloud.asciidoc
View file

@ -1,41 +0,0 @@
[[tagcloud-chart]]
== Tag Clouds
A tag cloud visualization is a visual representation of text data, typically used to visualize free form text.
Tags are usually single words, and the importance of each tag is shown with font size or color.
The font size for each word is determined by the _metrics_ aggregation. The following aggregations are available for
this chart:
include::y-axis-aggs.asciidoc[]
The _buckets_ aggregations determine what information is being retrieved from your data set.
Before you choose a buckets aggregation, select the *Split Tags* option.
You can specify the following bucket aggregations for tag cloud visualization:
*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
or bottom _n_ elements of a given field to display, ordered by count or a custom metric.
You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation:
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
Select the *Options* tab to change the following aspects of the chart:
*Text Scale*:: You can select *linear*, *log*, or *square root* scales for the text scale. You can use a log
scale to display data that varies exponentially or a square root scale to
regularize the display of data sets with variabilities that are themselves highly variable.
*Orientation*:: You can select how to orientate your text in the tag cloud. You can choose one of the following options:
Single, right angles and multiple.
*Font Size*:: Allows you to set minimum and maximum font size to use for this visualization.

18
docs/visualize/tilemap.asciidoc
View file

@ -44,7 +44,7 @@ Enter a string in the *Custom Label* field to change the display label.
Coordinate maps use the {ref}/search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation. Select a field, typically coordinates, from the
drop-down.
- The_Change precision on map zoom_ box is checked by default. Uncheck the box to disable this behavior.
- The _Change precision on map zoom_ box is checked by default. Uncheck the box to disable this behavior.
The _Precision_ slider determines the granularity of the results displayed on the map. See the documentation
for the {ref}/search-aggregations-bucket-geohashgrid-aggregation.html#_cell_dimensions_at_the_equator[geohash grid]
aggregation for details on the area specified by each precision level.
@ -59,25 +59,9 @@ of the geohash grid cell. Leaving this checked generally results in a more accur
Enter a string in the *Custom Label* field to change the display label.
You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation:
*Exclude Pattern*:: Specify a pattern in this field to exclude from the results.
*Include Pattern*:: Specify a pattern in this field to include in the results.
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.
[float]
==== Options
*Map type*:: Select one of the following options from the drop-down.
*_Scaled Circle Markers_*:: Scale the size of the markers based on the metric aggregation's value.
*_Shaded Circle Markers_*:: Displays the markers with different shades based on the metric aggregation's value.

37
docs/visualize/visualize_rollup_data.asciidoc
View file

@ -1,33 +1,33 @@
[role="xpack"]
[[visualize-rollup-data]]
== Using rolled up data in a visualization
== Use rolled up data in a visualization
beta[]
You can visualize your rolled up data in a variety of charts, tables, maps, and
more. Most visualizations support rolled up data, with the exception of
Timelion, TSVB, and Vega visualizations.
You can visualize your rolled up data in a variety of charts, tables, maps, and
more. Most visualizations support rolled up data, with the exception of
Timelion, TSVB, and Vega visualizations.
To get started, go to *Management > Kibana > Index patterns.*
If a rollup index is detected in the cluster, *Create index pattern*
includes an item for creating a rollup index pattern.
To get started, go to *Management > Kibana > Index patterns.*
If a rollup index is detected in the cluster, *Create index pattern*
includes an item for creating a rollup index pattern.
[role="screenshot"]
image::images/management_create_rollup_menu.png[Create index pattern menu]
You can match an index pattern to only rolled up data, or mix both rolled up
and raw data to visualize all data together. An index pattern can match only one
rolled up index, not multiple. There is no restriction on the number of standard
indices that an index pattern can match. When matching multiple indices,
use a comma to separate the names, with no space after the comma.
You can match an index pattern to only rolled up data, or mix both rolled up
and raw data to visualize all data together. An index pattern can match only one
rolled up index, not multiple. There is no restriction on the number of standard
indices that an index pattern can match. When matching multiple indices,
use a comma to separate the names, with no space after the comma.
Keep the following in mind when creating a visualization from rolled up data:
* The data in a rollup index only has summarized metrics for specific fields.
You cant search any other field from the original raw data.
* Data is summarized into time buckets that might be split into sub buckets for
numeric field values or terms. You can ask for a time aggregation that takes
several time buckets and combines them to lower granularity. For example,
* The data in a rollup index only has summarized metrics for specific fields.
You cant search any other field from the original raw data.
* Data is summarized into time buckets that might be split into sub buckets for
numeric field values or terms. You can ask for a time aggregation that takes
several time buckets and combines them to lower granularity. For example,
if the rollup job was aggregated by hours, you can ask for buckets of days.
The following visualization of rolled up data shows the date histogram
@ -36,9 +36,8 @@ interval multiple and the limited metrics aggregations.
[role="screenshot"]
image::images/management_rollups_visualization.png[][Rollups in visualizations]
Dashboards can have a mixture of rollup visualizations and regular visualizations,
Dashboards can have a mixture of rollup visualizations and regular visualizations,
as shown in the following figure. Note that not all queries and filters support rollups.
[role="screenshot"]
image::images/management_rolled_dashboard.png[][Rollups in dashboards]

44
docs/visualize/x-axis-aggs.asciidoc
View file

@ -1,44 +0,0 @@
The X axis of this chart is the _buckets_ axis. You can define buckets for the X axis, for a split area on the
chart, or for split charts.
This chart's X axis supports the following aggregations. Click the linked name of each aggregation to visit the main
Elasticsearch documentation for that aggregation.
*Date Histogram*:: A {ref}/search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
down to one second. Intervals are labeled at the start of the interval, using the date-key returned by Elasticsearch.
For example, the tooltip for a monthly interval will show the first day of the month.
*Histogram*:: A standard {ref}/search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
intervals in the histogram.
*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
a range.
*Date Range*:: A {ref}/search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}/common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
Click the red *(x)* symbol to remove a range.
*IPv4 Range*:: The {ref}/search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to
remove a range.
*Terms*:: A {ref}/search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
or bottom _n_ elements of a given field to display, ordered by count or a custom metric.
*Filters*:: You can specify a set of {ref}/search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[Label button icon] *label* button to open the label field, where
you can type in a name to display on the visualization.
*Significant Terms*:: Displays the results of the experimental
{ref}/search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation.
Once you've specified an X axis aggregation, you can define sub-aggregations to refine the visualization. Click *+ Add
Sub Aggregation* to define a sub-aggregation, then choose *Split Area* or *Split Chart*, then select a sub-aggregation
from the list of types.
When multiple aggregations are defined on a chart's axis, you can use the up or down arrows to the right of the
aggregation's type to change the aggregation's priority.
Enter a string in the *Custom Label* field to change the display label.

99
docs/visualize/xychart.asciidoc
View file

@ -1,99 +0,0 @@
[[xy-chart]]
== Line, Area, and Bar charts
Line, Area, and Bar charts allow you to plot your data on X/Y axis.
First you need to select your _metrics_ which define Value axis.
include::y-axis-aggs.asciidoc[]
The _buckets_ aggregations determine what information is being retrieved from your data set.
Before you choose a buckets aggregation, specify if you are splitting slices within a single chart or splitting into
multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change
if the splits are displayed in a row or a column by clicking the *Rows | Columns* selector.
include::x-axis-aggs.asciidoc[]
include::color-picker.asciidoc[]
Enter a string in the *Custom Label* field to change the display label.
You can click the *Advanced* link to display more customization options for your metrics or bucket aggregation:
*Exclude Pattern*:: Specify a pattern in this field to exclude from the results.
*Include Pattern*:: Specify a pattern in this field to include in the results.
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.
[float]
[[metrics-axes]]
=== Metrics & Axes
Select the *Metrics & Axes* tab to change the way each individual metric is shown on the chart.
The data series are styled in the _Metrics_ section, while the axes are styled in the X and Y axis sections.
[float]
==== Metrics
Modify how each metric from the Data panel is visualized on the chart.
*Chart type*:: Choose between *Area*, *Line*, and *Bar* types.
*Mode*:: stack the different metrics, or plot them next to each other
*Value Axis*:: choose the axis you want to plot this data too (the properties of each are configured under Y-axes).
*Line mode*:: should the outline of lines or bars appear *smooth*, *straight*, or *stepped*.
[float]
==== Y-axis
Style all the Y-axes of the chart.
*Position*:: position of the Y-axis (*left* or *right* for vertical charts, and *top* or *bottom* for horizontal charts).
*Scale type*:: scaling of the values (*linear*, *log*, or *square root*)
*Advanced Options*::
*Labels - Show Labels*:::: Allows you to hide axis labels
*Labels - Filter Labels*:::: If filter labels is enabled some labels will be hidden in case there is not enough space to display them
*Labels - Rotate*:::: You can enter the number in degrees for how much you want to rotate labels
*Labels - Truncate*:::: You can enter the size in pixels to which the label is truncated
*Scale to Data Bounds*:::: The default Y-axis bounds are zero and the maximum value returned in the data. Check
this box to change both upper and lower bounds to match the values returned in the data.
Checking this option may cause that the bar, which value equals to the lower bounds/
upper bounds (in case only negative values are depicted) is hidden.
To avoid that, you can define bounds margin. Via bounds margin you specify a value,
which decreases/increases the lower/upper bounds when displaying the plot.
*Custom Extents*:::: You can define custom minimum and maximum for each axis
[float]
==== X-Axis
*Position*:: position of the X-Axis (*left* or *right* for horizontal charts, and *top* or *bottom* for vertical charts).
*Advanced Options*::
*Labels - Show Labels*:::: Allows you to hide axis labels
*Labels - Filter Labels*:::: If filter labels is enabled some labels will be hidden in case there is not enough spave to display them
*Labels - Rotate*:::: You can enter the number in degrees for how much you want to rotate labels
*Labels - Truncate*:::: You can enter the size in pixels to which the label is truncated
[float]
[[panel-settings]]
=== Panel Settings
These are options that apply to the entire chart and not just the individual data series.
[float]
==== Common options
*Legend Position*:: Move your legend to the *left*, *right*, *top* or *bottom*
*Show Tooltip*:: Enables or disables the display of tooltip on hovering over chart objects
*Current Time Marker*:: Show a line indicating the current time
[float]
==== Grid options
You can enable grid on the chart. By default grid is displayed on the category axis only.
*X-axis*:: You can disable the display of grid lines on category axis
*Y-axis*:: You can choose on which (if any) of the value axes you want to display grid lines

61
docs/visualize/y-axis-aggs.asciidoc
View file

@ -1,61 +0,0 @@
Metric Aggregations:
*Count*:: The {ref}/search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
the elements in the selected index pattern.
*Average*:: This aggregation returns the {ref}/search-aggregations-metrics-avg-aggregation.html[_average_] of a numeric
field. Select a field from the drop-down.
*Sum*:: The {ref}/search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
field. Select a field from the drop-down.
*Min*:: The {ref}/search-aggregations-metrics-min-aggregation.html[_min_] aggregation returns the minimum value of a
numeric field. Select a field from the drop-down.
*Max*:: The {ref}/search-aggregations-metrics-max-aggregation.html[_max_] aggregation returns the maximum value of a
numeric field. Select a field from the drop-down.
*Unique Count*:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
the number of unique values in a field. Select a field from the drop-down.
*Standard Deviation*:: The {ref}/search-aggregations-metrics-extendedstats-aggregation.html[_extended stats_]
aggregation returns the standard deviation of data in a numeric field. Select a field from the drop-down.
*Top Hit*:: The {ref}/search-aggregations-metrics-top-hits-aggregation.html[_top hits_]
aggregation returns one or more of the top values from a specific field in your documents. Select a field from the drop-down,
how you want to sort the documents and choose the top fields, and how many values should be returned.
*Percentiles*:: The {ref}/search-aggregations-metrics-percentile-aggregation.html[_percentile_] aggregation divides the
values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one
or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a
percentile field.
*Percentile Rank*:: The {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[_percentile ranks_]
aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field
from the drop-down, then specify one or more percentile rank values in the *Values* fields. Click the *X* to remove a
values field. Click *+Add* to add a values field.
Parent Pipeline Aggregations:
For each of the parent pipeline aggregations you have to define the metric for which the aggregation is calculated.
That could be one of your existing metrics or a new one. You can also nest this aggregations
(for example to produce 3rd derivative)
*Derivative*:: The {ref}/search-aggregations-pipeline-derivative-aggregation.html[_derivative_] aggregation calculates
the derivative of specific metrics.
*Cumulative Sum*:: The {ref}/search-aggregations-pipeline-cumulative-sum-aggregation.html[_cumulative sum_] aggregation
calculates the cumulative sum of a specified metric in a parent histogram
*Moving Average*:: The {ref}/search-aggregations-pipeline-movavg-aggregation.html[_moving average_] aggregation will
slide a window across the data and emit the average value of that window
*Serial Diff*:: The {ref}/search-aggregations-pipeline-serialdiff-aggregation.html[_serial differencing_] is a technique
where values in a time series are subtracted from itself at different time lags or period
Sibling Pipeline Aggregations:
Just like with parent pipeline aggregations you need to provide a metric for which to calculate the sibling aggregation.
On top of that you also need to provide a bucket aggregation which will define the buckets on which the sibling
aggregation will run
*Average Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_avg bucket_]
calculates the (mean) average value of a specified metric in a sibling aggregation
*Sum Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_sum bucket_]
calculates the sum of values of a specified metric in a sibling aggregation
*Min Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_min bucket_]
calculates the minimum value of a specified metric in a sibling aggregation
*Max Bucket*:: The {ref}/search-aggregations-pipeline-avg-bucket-aggregation.html[_max bucket_]
calculates the maximum value of a specified metric in a sibling aggregation
You can add an aggregation by clicking the *+ Add Metrics* button.
Enter a string in the *Custom Label* field to change the display label.