github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

Stripped trailing whitespace throughout

Browse source 
Fixes #7655
This commit is contained in:
Paul Echeverri 2016-06-30 14:32:21 -07:00
parent 4f2cd1f7d4
commit d44fe946cd
30 changed files with 534 additions and 535 deletions
Download patch file Download diff file Expand all files Collapse all files

8
docs/access.asciidoc
View file

@ -1,11 +1,11 @@
[[access]]
== Accessing Kibana
Kibana is a web application that you access through port 5601. All you need to do is point your web browser at the
machine where Kibana is running and specify the port number. For example, `localhost:5601` or
Kibana is a web application that you access through port 5601. All you need to do is point your web browser at the
machine where Kibana is running and specify the port number. For example, `localhost:5601` or
`http://YOURDOMAIN.com:5601`.
When you access Kibana, the <<discover,Discover>> page loads by default with the default index pattern selected. The
When you access Kibana, the <<discover,Discover>> page loads by default with the default index pattern selected. The
time filter is set to the last 15 minutes and the search query is set to match-all (\*).
If you don't see any documents, try setting the time filter to a wider time range.
@ -14,7 +14,7 @@ If you still don't see any results, it's possible that you don't *have* any docu
[[status]]
=== Checking Kibana Status
You can reach the Kibana server's status page by navigating to `localhost:5601/status`. The status page displays
You can reach the Kibana server's status page by navigating to `localhost:5601/status`. The status page displays
information about the server's resource usage and lists the installed plugins.
image::images/kibana-status-page.png[]

2
docs/advanced-settings.asciidoc
View file

@ -53,7 +53,7 @@ mentioned use "_default_".
`timepicker:refreshIntervalDefaults`:: The time filter's default refresh interval.
`dashboard:defaultDarkTheme`:: Set this property to `true` to make new dashboards use the dark theme by default.
`filters:pinnedByDefault`:: Set this property to `true` to make filters have a global state by default.
`notifications:banner`:: You can specify a custom banner to display temporary notices to all users. This field supports
`notifications:banner`:: You can specify a custom banner to display temporary notices to all users. This field supports
Markdown.
`notifications:lifetime:banner`:: Specifies the duration in milliseconds for banner notification displays. The default value is 3000000. Set this field to `Infinity` to disable banner notifications.
`notifications:lifetime:error`:: Specifies the duration in milliseconds for error notification displays. The default value is 300000. Set this field to `Infinity` to disable error notifications.

2
docs/apps.asciidoc
View file

@ -1,7 +1,7 @@
[[kibana-apps]]
== Kibana Apps
The Kibana UI serves as a framework that can contain several different applications. You can switch between these
The Kibana UI serves as a framework that can contain several different applications. You can switch between these
applications by clicking the image:images/app-button.png[App Picker] *App picker* button to display the app bar:
image::images/app-picker.png[]

38
docs/area.asciidoc
View file

@ -3,32 +3,32 @@
This chart's Y axis is the _metrics_ axis. The following aggregations are available for this axis:
*Count*:: The {ref}/search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
*Count*:: The {ref}/search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
the elements in the selected index pattern.
*Average*:: This aggregation returns the {ref}/search-aggregations-metrics-avg-aggregation.html[_average_] of a numeric
*Average*:: This aggregation returns the {ref}/search-aggregations-metrics-avg-aggregation.html[_average_] of a numeric
field. Select a field from the drop-down.
*Sum*:: The {ref}/search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
*Sum*:: The {ref}/search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
field. Select a field from the drop-down.
*Min*:: The {ref}/search-aggregations-metrics-min-aggregation.html[_min_] aggregation returns the minimum value of a
*Min*:: The {ref}/search-aggregations-metrics-min-aggregation.html[_min_] aggregation returns the minimum value of a
numeric field. Select a field from the drop-down.
*Max*:: The {ref}/search-aggregations-metrics-max-aggregation.html[_max_] aggregation returns the maximum value of a
*Max*:: The {ref}/search-aggregations-metrics-max-aggregation.html[_max_] aggregation returns the maximum value of a
numeric field. Select a field from the drop-down.
*Unique Count*:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
*Unique Count*:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
the number of unique values in a field. Select a field from the drop-down.
*Percentiles*:: The {ref}/search-aggregations-metrics-percentile-aggregation.html[_percentile_] aggregation divides the
values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one
or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a
*Percentiles*:: The {ref}/search-aggregations-metrics-percentile-aggregation.html[_percentile_] aggregation divides the
values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one
or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a
percentile field.
*Percentile Rank*:: The {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[_percentile ranks_]
aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field
*Percentile Rank*:: The {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[_percentile ranks_]
aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field
from the drop-down, then specify one or more percentile rank values in the *Values* fields. Click the *X* to remove a
values field. Click *+Add* to add a values field.
You can add an aggregation by clicking the *+ Add Metrics* button.
include::x-axis-aggs.asciidoc[]
For example, a chart of dates with incident counts can display dates in chronological order, or you can raise the
priority of the incident-reporting aggregation to show the most active dates first. The chronological order might show
For example, a chart of dates with incident counts can display dates in chronological order, or you can raise the
priority of the incident-reporting aggregation to show the most active dates first. The chronological order might show
a time-dependent pattern in incident count, and sorting by active dates can reveal particular outliers in your data.
include::color-picker.asciidoc[]
@ -37,20 +37,20 @@ You can click the *Advanced* link to display more customization options for your
*Exclude Pattern*:: Specify a pattern in this field to exclude from the results.
*Include Pattern*:: Specify a pattern in this field to include in the results.
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.
Select the *Options* tab to change the following aspects of the chart:
*Chart Mode*:: When you have multiple Y-axis aggregations defined for your chart, you can use this drop-down to affect
*Chart Mode*:: When you have multiple Y-axis aggregations defined for your chart, you can use this drop-down to affect
how the aggregations display on the chart:
_stacked_:: Stacks the aggregations on top of each other.
@ -62,9 +62,9 @@ _silhouette_:: Displays each aggregation as variance from a central line.
Checkboxes are available to enable and disable the following behaviors:
*Smooth Lines*:: Check this box to curve the top boundary of the area from point to point.
*Set Y-Axis Extents*:: Check this box and enter values in the *y-max* and *y-min* fields to set the Y axis to specific
values.
*Scale Y-Axis to Data Bounds*:: The default Y axis bounds are zero and the maximum value returned in the data. Check
*Set Y-Axis Extents*:: Check this box and enter values in the *y-max* and *y-min* fields to set the Y axis to specific
values.
*Scale Y-Axis to Data Bounds*:: The default Y axis bounds are zero and the maximum value returned in the data. Check
this box to change both upper and lower bounds to match the values returned in the data.
*Show Tooltip*:: Check this box to enable the display of tooltips.

6
docs/autorefresh.asciidoc
View file

@ -1,5 +1,5 @@
=== Automatically Refreshing the Page
You can configure a refresh interval to automatically refresh the page with the latest index data. This periodically
You can configure a refresh interval to automatically refresh the page with the latest index data. This periodically
resubmits the search query.
When a refresh interval is set, it is displayed to the left of the Time Filter in the menu bar.
@ -10,10 +10,10 @@ To set the refresh interval:
. Click the *Refresh Interval* tab.
. Choose a refresh interval from the list.
To automatically refresh the data, click the image:images/autorefresh.png[] *Auto-refresh* button when the time picker
To automatically refresh the data, click the image:images/autorefresh.png[] *Auto-refresh* button when the time picker
is open and select an autorefresh interval:
image::images/autorefresh-intervals.png[]
When auto-refresh is enabled, Kibana's top bar displays a pause button and the auto-refresh interval:
When auto-refresh is enabled, Kibana's top bar displays a pause button and the auto-refresh interval:
image:images/autorefresh-pause.png[]. Click the *Pause* button to pause auto-refresh.

11
docs/color-formatter.asciidoc
View file

@ -1,11 +1,10 @@
The `Color` field formatter enables you to specify colors with specific ranges of values for a numeric field.
When you select the `Color` field formatter, Kibana displays the *Range*, *Font Color*, *Background Color*, and *Example* fields.
When you select the `Color` field formatter, Kibana displays the *Range*, *Font Color*, *Background Color*, and
*Example* fields.
Click the *Add Color* button to add a range of values to associate with a particular color. You can click in the *Font Color* and
*Background Color* fields to display a color picker. You can also enter a specific hex code value in the field. The effect of your current
color choices are displayed in the *Example* field.
Click the *Add Color* button to add a range of values to associate with a particular color. You can click in the *Font
Color* and *Background Color* fields to display a color picker. You can also enter a specific hex code value in the
field. The effect of your current color choices are displayed in the *Example* field.
image::images/colorformatter.png[]
//update image

2
docs/color-picker.asciidoc
View file

@ -1,4 +1,4 @@
You can customize the colors of your visualization by clicking the color dot next to each label to display the
You can customize the colors of your visualization by clicking the color dot next to each label to display the
_color picker_.
image::images/color-picker.png[An array of color dots that users can select]

46
docs/dashboard.asciidoc
View file

@ -1,7 +1,7 @@
[[dashboard]]
== Dashboard
A Kibana _dashboard_ displays a set of saved visualizations in groups that you can arrange freely. You can save a
A Kibana _dashboard_ displays a set of saved visualizations in groups that you can arrange freely. You can save a
dashboard to share or reload at a later time.
.Sample dashboard
@ -21,7 +21,7 @@ The first time you click the *Dashboard* tab, Kibana displays an empty dashboard
image:images/NewDashboard.png[New Dashboard screen]
Build your dashboard by adding visualizations. By default, Kibana dashboards use a light color theme. To use a dark color
Build your dashboard by adding visualizations. By default, Kibana dashboards use a light color theme. To use a dark color
theme instead, click the *Options* button and check the *Use dark theme* box.
NOTE: You can change the default theme in the *Advanced* section of the *Settings* tab.
@ -34,37 +34,37 @@ include::autorefresh.asciidoc[]
[[adding-visualizations-to-a-dashboard]]
==== Adding Visualizations to a Dashboard
To add a visualization to the dashboard, click the *Add* button in the toolbar panel. Select a saved visualization
from the list. You can filter the list of visualizations by typing a filter string into the *Visualization Filter*
To add a visualization to the dashboard, click the *Add* button in the toolbar panel. Select a saved visualization
from the list. You can filter the list of visualizations by typing a filter string into the *Visualization Filter*
field.
The visualization you select appears in a _container_ on your dashboard.
NOTE: If you see a message about the container's height or width being too small, <<resizing-containers,resize the
NOTE: If you see a message about the container's height or width being too small, <<resizing-containers,resize the
container>>.
[float]
[[saving-dashboards]]
==== Saving Dashboards
To save the dashboard, click the *Save Dashboard* button in the toolbar panel, enter a name for the dashboard in the
*Save As* field, and click the *Save* button. By default, dashboards store the time period specified in the time filter
when you save a dashboard. To disable this behavior, clear the *Store time with dashboard* box before clicking the
To save the dashboard, click the *Save Dashboard* button in the toolbar panel, enter a name for the dashboard in the
*Save As* field, and click the *Save* button. By default, dashboards store the time period specified in the time filter
when you save a dashboard. To disable this behavior, clear the *Store time with dashboard* box before clicking the
*Save* button.
[float]
[[loading-a-saved-dashboard]]
==== Loading a Saved Dashboard
Click the *Load Saved Dashboard* button to display a list of existing dashboards. The saved dashboard selector includes
a text field to filter by dashboard name and a link to the Object Editor for managing your saved dashboards. You can
Click the *Load Saved Dashboard* button to display a list of existing dashboards. The saved dashboard selector includes
a text field to filter by dashboard name and a link to the Object Editor for managing your saved dashboards. You can
also access the Object Editor by clicking *Settings > Objects*.
[float]
[[sharing-dashboards]]
==== Sharing Dashboards
You can share dashboards with other users. You can share a direct link to the Kibana dashboard or embed the dashboard
You can share dashboards with other users. You can share a direct link to the Kibana dashboard or embed the dashboard
in your Web page.
NOTE: A user must have Kibana access in order to view embedded dashboards.
@ -72,7 +72,7 @@ NOTE: A user must have Kibana access in order to view embedded dashboards.
To share a dashboard, click the *Share* button image:images/share-dashboard.png[] to display the _Sharing_ panel.
Click the *Copy to Clipboard* button image:images/share-link.png[] to copy the native URL or embed HTML to the clipboard.
Click the *Generate short URL* button image:images/share-short-link.png[] to create a shortened URL for sharing or
Click the *Generate short URL* button image:images/share-short-link.png[] to create a shortened URL for sharing or
embedding.
[float]
@ -85,40 +85,40 @@ To embed a dashboard, copy the embed code from the _Share_ display into your ext
[[customizing-your-dashboard]]
=== Customizing Dashboard Elements
The visualizations in your dashboard are stored in resizable _containers_ that you can arrange on the dashboard. This
The visualizations in your dashboard are stored in resizable _containers_ that you can arrange on the dashboard. This
section discusses customizing these containers.
[float]
[[moving-containers]]
==== Moving Containers
Click and hold a container's header to move the container around the dashboard. Other containers will shift as needed
Click and hold a container's header to move the container around the dashboard. Other containers will shift as needed
to make room for the moving container. Release the mouse button to confirm the container's new location.
[float]
[[resizing-containers]]
==== Resizing Containers
Move the cursor to the bottom right corner of the container until the cursor changes to point at the corner. After the
cursor changes, click and drag the corner of the container to change the container's size. Release the mouse button to
Move the cursor to the bottom right corner of the container until the cursor changes to point at the corner. After the
cursor changes, click and drag the corner of the container to change the container's size. Release the mouse button to
confirm the new container size.
[float]
[[removing-containers]]
==== Removing Containers
Click the *x* icon at the top right corner of a container to remove that container from the dashboard. Removing a
Click the *x* icon at the top right corner of a container to remove that container from the dashboard. Removing a
container from a dashboard does not delete the saved visualization in that container.
[float]
[[viewing-detailed-information]]
==== Viewing Detailed Information
To display the raw data behind the visualization, click the bar at the bottom of the container. Tabs with detailed
To display the raw data behind the visualization, click the bar at the bottom of the container. Tabs with detailed
information about the raw data replace the visualization, as in this example:
.Table
A representation of the underlying data, presented as a paginated data grid. You can sort the items
A representation of the underlying data, presented as a paginated data grid. You can sort the items
in the table by clicking on the table headers at the top of each column.
image:images/NYCTA-Table.jpg[]
@ -131,20 +131,20 @@ The raw response from the server, presented in JSON format.
image:images/NYCTA-Response.jpg[]
.Statistics
A summary of the statistics related to the request and the response, presented as a data grid. The data
grid includes the query duration, the request duration, the total number of records found on the server, and the
A summary of the statistics related to the request and the response, presented as a data grid. The data
grid includes the query duration, the request duration, the total number of records found on the server, and the
index pattern used to make the query.
image:images/NYCTA-Statistics.jpg[]
To export the raw data behind the visualization as a comma-separated-values (CSV) file, click on either the
*Raw* or *Formatted* links at the bottom of any of the detailed information tabs. A raw export contains the data as it
*Raw* or *Formatted* links at the bottom of any of the detailed information tabs. A raw export contains the data as it
is stored in Elasticsearch. A formatted export contains the results of any applicable Kibana [field formatters].
[float]
[[changing-the-visualization]]
=== Changing the Visualization
Click the _Edit_ button image:images/EditVis.png[Pencil button] at the top right of a container to open the
Click the _Edit_ button image:images/EditVis.png[Pencil button] at the top right of a container to open the
visualization in the <<visualize,Visualize>> page.
[float]

48
docs/datatable.asciidoc
View file

@ -8,39 +8,39 @@ the table into additional tables.
Each bucket type supports the following aggregations:
*Date Histogram*:: A {ref}search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
*Date Histogram*:: A {ref}search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
down to one second.
*Histogram*:: A standard {ref}search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
*Histogram*:: A standard {ref}search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
intervals in the histogram.
*Range*:: With a {ref}search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
*Range*:: With a {ref}search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
a range.
*Date Range*:: A {ref}search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
*Date Range*:: A {ref}search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
Click the red *(/)* symbol to remove a range.
*IPv4 Range*:: The {ref}search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to
remove a range.
*Terms*:: A {ref}search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
*Terms*:: A {ref}search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
or bottom _n_ elements of a given field to display, ordered by count or a custom metric.
*Filters*:: You can specify a set of {ref}search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[] *label* button to open the label field, where you can type
*Filters*:: You can specify a set of {ref}search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[] *label* button to open the label field, where you can type
in a name to display on the visualization.
*Significant Terms*:: Displays the results of the experimental
{ref}search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. The value of the
*Significant Terms*:: Displays the results of the experimental
{ref}search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. The value of the
*Size* parameter defines the number of entries this aggregation returns.
*Geohash*:: The {ref}search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation displays points
*Geohash*:: The {ref}search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation displays points
based on the geohash coordinates.
Once you've specified a bucket type aggregation, you can define sub-buckets to refine the visualization. Click
*+ Add sub-buckets* to define a sub-bucket, then choose *Split Rows* or *Split Table*, then select an
Once you've specified a bucket type aggregation, you can define sub-buckets to refine the visualization. Click
*+ Add sub-buckets* to define a sub-bucket, then choose *Split Rows* or *Split Table*, then select an
aggregation from the list of types.
You can use the up or down arrows to the right of the aggregation's type to change the aggregation's priority.
@ -51,13 +51,13 @@ You can click the *Advanced* link to display more customization options for your
*Exclude Pattern*:: Specify a pattern in this field to exclude from the results.
*Include Pattern*:: Specify a pattern in this field to include in the results.
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.

140
docs/discover.asciidoc
View file

@ -1,17 +1,17 @@
[[discover]]
== Discover
You can interactively explore your data from the Discover page. You have access to every document in every index that
matches the selected index pattern. You can submit search queries, filter the search results, and view document data.
You can also see the number of documents that match the search query and get field value statistics. If a time field is
configured for the selected index pattern, the distribution of documents over time is displayed in a histogram at the
top of the page.
You can interactively explore your data from the Discover page. You have access to every document in every index that
matches the selected index pattern. You can submit search queries, filter the search results, and view document data.
You can also see the number of documents that match the search query and get field value statistics. If a time field is
configured for the selected index pattern, the distribution of documents over time is displayed in a histogram at the
top of the page.
image::images/Discover-Start-Annotated.jpg[Discover Page]
[float]
[[set-time-filter]]
=== Setting the Time Filter
The Time Filter restricts the search results to a specific time period. You can set a time filter if your index
The Time Filter restricts the search results to a specific time period. You can set a time filter if your index
contains time-based events and a time-field is configured for the selected index pattern.
By default the time filter is set to the last 15 minutes. You can use the Time Picker to change the time filter
@ -23,56 +23,56 @@ To set a time filter with the Time Picker:
. To set a quick filter, simply click one of the shortcut links.
. To specify a relative Time Filter, click *Relative* and enter the relative start time. You can specify
the relative start time as any number of seconds, minutes, hours, days, months, or years ago.
. To specify an absolute Time Filter, click *Absolute* and enter the start date in the *From* field and the end date in
. To specify an absolute Time Filter, click *Absolute* and enter the start date in the *From* field and the end date in
the *To* field.
. Click the caret at the bottom of the Time Picker to hide it.
. Click the caret at the bottom of the Time Picker to hide it.
To set a Time Filter from the histogram, do one of the following:
* Click the bar that represents the time interval you want to zoom in on.
* Click and drag to view a specific timespan. You must start the selection with the cursor over the background of the
chart--the cursor changes to a plus sign when you hover over a valid start point.
* Click and drag to view a specific timespan. You must start the selection with the cursor over the background of the
chart--the cursor changes to a plus sign when you hover over a valid start point.
You can use the browser Back button to undo your changes.
You can use the browser Back button to undo your changes.
The histogram lists the time range you're currently exploring, as well as the intervals that range is currently using.
To change the intervals, click the link and select an interval from the drop-down. The default behavior automatically
The histogram lists the time range you're currently exploring, as well as the intervals that range is currently using.
To change the intervals, click the link and select an interval from the drop-down. The default behavior automatically
sets an interval based on the time range.
[float]
[[search]]
=== Searching Your Data
You can search the indices that match the current index pattern by submitting a search from the Discover page.
You can enter simple query strings, use the
Lucene https://lucene.apache.org/core/2_9_4/queryparsersyntax.html[query syntax], or use the full JSON-based
{ref}/query-dsl.html[Elasticsearch Query DSL].
You can enter simple query strings, use the
Lucene https://lucene.apache.org/core/2_9_4/queryparsersyntax.html[query syntax], or use the full JSON-based
{ref}/query-dsl.html[Elasticsearch Query DSL].
When you submit a search, the histogram, Documents table, and Fields list are updated to reflect
When you submit a search, the histogram, Documents table, and Fields list are updated to reflect
the search results. The total number of hits (matching documents) is shown in the upper right corner of the
histogram. The Documents table shows the first five hundred hits. By default, the hits are listed in reverse
chronological order, with the newest documents shown first. You can reverse the sort order by by clicking on the Time
column header. You can also sort the table using the values in any indexed field. For more information, see
histogram. The Documents table shows the first five hundred hits. By default, the hits are listed in reverse
chronological order, with the newest documents shown first. You can reverse the sort order by by clicking on the Time
column header. You can also sort the table using the values in any indexed field. For more information, see
<<sorting,Sorting the Documents Table>>.
To search your data:
. Enter a query string in the Search field:
. Enter a query string in the Search field:
+
* To perform a free text search, simply enter a text string. For example, if you're searching web server logs, you
* To perform a free text search, simply enter a text string. For example, if you're searching web server logs, you
could enter `safari` to search all fields for the term `safari`.
+
* To search for a value in a specific field, you prefix the value with the name of the field. For example, you could
* To search for a value in a specific field, you prefix the value with the name of the field. For example, you could
enter `status:200` to limit the results to entries that contain the value `200` in the `status` field.
+
* To search for a range of values, you can use the bracketed range syntax, `[START_VALUE TO END_VALUE]`. For example,
* To search for a range of values, you can use the bracketed range syntax, `[START_VALUE TO END_VALUE]`. For example,
to find entries that have 4xx status codes, you could enter `status:[400 TO 499]`.
+
* To specify more complex search criteria, you can use the Boolean operators `AND`, `OR`, and `NOT`. For example,
to find entries that have 4xx status codes and have an extension of `php` or `html`, you could enter `status:[400 TO
to find entries that have 4xx status codes and have an extension of `php` or `html`, you could enter `status:[400 TO
499] AND (extension:php OR extension:html)`.
+
NOTE: These examples use the Lucene query syntax. You can also submit queries using the Elasticsearch Query DSL. For
examples, see {ref}/query-dsl-query-string-query.html#query-string-syntax[query string syntax] in the Elasticsearch
NOTE: These examples use the Lucene query syntax. You can also submit queries using the Elasticsearch Query DSL. For
examples, see {ref}/query-dsl-query-string-query.html#query-string-syntax[query string syntax] in the Elasticsearch
Reference.
+
. Press *Enter* or click the *Search* button to submit your search query.
@ -90,7 +90,7 @@ Saving a search saves both the search query string and the currently selected in
To save the current search:
. Click the *Save* button in the Discover toolbar.
. Click the *Save* button in the Discover toolbar.
. Enter a name for the search and click *Save*.
[float]
@ -101,13 +101,13 @@ To load a saved search:
. Click the *Open* button in the Discover toolbar.
. Select the search you want to open.
If the saved search is associated with a different index pattern than is currently selected, opening the saved search
If the saved search is associated with a different index pattern than is currently selected, opening the saved search
also changes the selected index pattern.
[float]
[[select-pattern]]
==== Changing Which Indices You're Searching
When you submit a search request, the indices that match the currently-selected index pattern are searched. The current
When you submit a search request, the indices that match the currently-selected index pattern are searched. The current
index pattern is shown below the search field. To change which indices you are searching, click the name of the current
index pattern to display a list of the configured index patterns and select a different index pattern.
@ -121,36 +121,36 @@ include::autorefresh.asciidoc[]
[float]
[[field-filter]]
=== Filtering by Field
You can filter the search results to display only those documents that contain a particular value in a field. You can
You can filter the search results to display only those documents that contain a particular value in a field. You can
also create negative filters that exclude documents that contain the specified field value.
You can add filters from the Fields list or from the Documents table. When you add a filter, it is displayed in the
filter bar below the search query. From the filter bar, you can enable or disable a filter, invert the filter (change
it from a positive filter to a negative filter and vice-versa), toggle the filter on or off, or remove it entirely.
You can add filters from the Fields list or from the Documents table. When you add a filter, it is displayed in the
filter bar below the search query. From the filter bar, you can enable or disable a filter, invert the filter (change
it from a positive filter to a negative filter and vice-versa), toggle the filter on or off, or remove it entirely.
Click the small left-facing arrow to the right of the index pattern selection drop-down to collapse the Fields list.
To add a filter from the Fields list:
. Click the name of the field you want to filter on. This displays the top five values for that field. To the right of
each value, there are two magnifying glass buttons--one for adding a regular (positive) filter, and
one for adding a negative filter.
. To add a positive filter, click the *Positive Filter* button image:images/PositiveFilter.jpg[Positive Filter Button].
. Click the name of the field you want to filter on. This displays the top five values for that field. To the right of
each value, there are two magnifying glass buttons--one for adding a regular (positive) filter, and
one for adding a negative filter.
. To add a positive filter, click the *Positive Filter* button image:images/PositiveFilter.jpg[Positive Filter Button].
This filters out documents that don't contain that value in the field.
. To add a negative filter, click the *Negative Filter* button image:images/NegativeFilter.jpg[Negative Filter Button].
This excludes documents that contain that value in the field.
. To add a negative filter, click the *Negative Filter* button image:images/NegativeFilter.jpg[Negative Filter Button].
This excludes documents that contain that value in the field.
To add a filter from the Documents table:
. Expand a document in the Documents table by clicking the *Expand* button image:images/ExpandButton.jpg[Expand Button]
to the left of the document's entry in the first column (the first column is usually Time). To the right of each field
name, there are two magnifying glass buttons--one for adding a regular (positive) filter, and one for adding a negative
filter.
. To add a positive filter based on the document's value in a field, click the
*Positive Filter* button image:images/PositiveFilter.jpg[Positive Filter Button]. This filters out documents that don't
. Expand a document in the Documents table by clicking the *Expand* button image:images/ExpandButton.jpg[Expand Button]
to the left of the document's entry in the first column (the first column is usually Time). To the right of each field
name, there are two magnifying glass buttons--one for adding a regular (positive) filter, and one for adding a negative
filter.
. To add a positive filter based on the document's value in a field, click the
*Positive Filter* button image:images/PositiveFilter.jpg[Positive Filter Button]. This filters out documents that don't
contain the specified value in that field.
. To add a negative filter based on the document's value in a field, click the
*Negative Filter* button image:images/NegativeFilter.jpg[Negative Filter Button]. This excludes documents that contain
the specified value in that field.
. To add a negative filter based on the document's value in a field, click the
*Negative Filter* button image:images/NegativeFilter.jpg[Negative Filter Button]. This excludes documents that contain
the specified value in that field.
[float]
[[discover-filters]]
@ -159,52 +159,52 @@ include::filter-pinning.asciidoc[]
[float]
[[document-data]]
=== Viewing Document Data
When you submit a search query, the 500 most recent documents that match the query are listed in the Documents table.
You can configure the number of documents shown in the table by setting the `discover:sampleSize` property in
<<advanced-options,Advanced Settings>>. By default, the table shows the localized version of the time field specified
in the selected index pattern and the document `_source`. You can <<adding-columns, add fields to the Documents table>>
When you submit a search query, the 500 most recent documents that match the query are listed in the Documents table.
You can configure the number of documents shown in the table by setting the `discover:sampleSize` property in
<<advanced-options,Advanced Settings>>. By default, the table shows the localized version of the time field specified
in the selected index pattern and the document `_source`. You can <<adding-columns, add fields to the Documents table>>
from the Fields list. You can <<sorting, sort the listed documents>> by any indexed field that's included in the table.
To view a document's field data, click the *Expand* button image:images/ExpandButton.jpg[Expand Button] to the left of
the document's entry in the first column (the first column is usually Time). Kibana reads the document data from
Elasticsearch and displays the document fields in a table. The table contains a row for each field that contains the
To view a document's field data, click the *Expand* button image:images/ExpandButton.jpg[Expand Button] to the left of
the document's entry in the first column (the first column is usually Time). Kibana reads the document data from
Elasticsearch and displays the document fields in a table. The table contains a row for each field that contains the
name of the field, add filter buttons, and the field value.
image::images/Expanded-Document.png[]
. To view the original JSON document (pretty-printed), click the *JSON* tab.
. To view the document data as a separate page, click the link. You can bookmark and share this link to provide direct
. To view the document data as a separate page, click the link. You can bookmark and share this link to provide direct
access to a particular document.
. To collapse the document details, click the *Collapse* button image:images/CollapseButton.jpg[Collapse Button].
. To toggle a particular field's column in the Documents table, click the
. To toggle a particular field's column in the Documents table, click the
image:images/add-column-button.png[Add Column] *Toggle column in table* button.
[float]
[[sorting]]
==== Sorting the Document List
You can sort the documents in the Documents table by the values in any indexed field. Documents in index patterns that
You can sort the documents in the Documents table by the values in any indexed field. Documents in index patterns that
are configured with time fields are sorted in reverse chronological order by default.
To change the sort order, click the name of the field you want to sort by. The fields you can use for sorting have a
To change the sort order, click the name of the field you want to sort by. The fields you can use for sorting have a
sort button to the right of the field name. Clicking the field name a second time reverses the sort order.
[float]
[[adding-columns]]
==== Adding Field Columns to the Documents Table
By default, the Documents table shows the localized version of the time field specified in the selected index pattern
By default, the Documents table shows the localized version of the time field specified in the selected index pattern
and the document `_source`. You can add fields to the table from the Fields list or from a document's expanded view.
To add field columns to the Documents table:
. Mouse over a field in the Fields list and click its *add* button image:images/AddFieldButton.jpg[Add Field Button].
. Mouse over a field in the Fields list and click its *add* button image:images/AddFieldButton.jpg[Add Field Button].
. Repeat until you've added all the fields you want to display in the Documents table.
. Alternately, add a field column directly from a document's expanded view by clicking the
. Alternately, add a field column directly from a document's expanded view by clicking the
image:images/add-column-button.png[Add Column] *Toggle column in table* button.
The added field columns replace the `_source` column in the Documents table. The added fields are also
listed in the *Selected Fields* section at the top of the field list.
listed in the *Selected Fields* section at the top of the field list.
To rearrange the field columns in the table, mouse over the header of the column you want to move and click the *Move*
To rearrange the field columns in the table, mouse over the header of the column you want to move and click the *Move*
button.
image:images/Discover-MoveColumn.jpg[Move Column]
@ -214,18 +214,18 @@ image:images/Discover-MoveColumn.jpg[Move Column]
==== Removing Field Columns from the Documents Table
To remove field columns from the Documents table:
. Mouse over the field you want to remove in the *Selected Fields* section of the Fields list and click its *remove*
. Mouse over the field you want to remove in the *Selected Fields* section of the Fields list and click its *remove*
button image:images/RemoveFieldButton.jpg[Remove Field Button].
. Repeat until you've removed all the fields you want to drop from the Documents table.
[float]
[[viewing-field-stats]]
=== Viewing Field Data Statistics
From the field list, you can see how many documents in the Documents table contain a particular field, what the top 5
values are, and what percentage of documents contain each value.
From the field list, you can see how many documents in the Documents table contain a particular field, what the top 5
values are, and what percentage of documents contain each value.
To view field data statistics, click the name of a field in the Fields list. The field can be anywhere in the Fields
list.
To view field data statistics, click the name of a field in the Fields list. The field can be anywhere in the Fields
list.
image:images/Discover-FieldStats.jpg[Field Statistics]

20
docs/filter-pinning.asciidoc
View file

@ -1,6 +1,6 @@
=== Working with Filters
When you create a filter anywhere in Kibana, the filter conditions display in an oval under the search text
When you create a filter anywhere in Kibana, the filter conditions display in an oval under the search text
entry box:
image::images/filter-sample.png[]
@ -9,16 +9,16 @@ Hovering on the filter oval displays the following icons:
image::images/filter-allbuttons.png[]
Enable Filter image:images/filter-enable.png[]:: Click this icon to disable the filter without removing it. You can
enable the filter again later by clicking the icon again. Disabled filters display a striped shaded color, grey for
Enable Filter image:images/filter-enable.png[]:: Click this icon to disable the filter without removing it. You can
enable the filter again later by clicking the icon again. Disabled filters display a striped shaded color, grey for
inclusion filters and red for exclusion filters.
Pin Filter image:images/filter-pin.png[]:: Click this icon to _pin_ a filter. Pinned filters persist across Kibana tabs.
You can pin filters from the _Visualize_ tab, click on the _Discover_ or _Dashboard_ tabs, and those filters remain in
You can pin filters from the _Visualize_ tab, click on the _Discover_ or _Dashboard_ tabs, and those filters remain in
place.
NOTE: If you have a pinned filter and you're not seeing any query results, that your current tab's index pattern is one
that the filter applies to.
Toggle Filter image:images/filter-toggle.png[]:: Click this icon to _toggle_ a filter. By default, filters are inclusion
filters, and display in grey. Only elements that match the filter are displayed. To change this to an exclusion
NOTE: If you have a pinned filter and you're not seeing any query results, that your current tab's index pattern is one
that the filter applies to.
Toggle Filter image:images/filter-toggle.png[]:: Click this icon to _toggle_ a filter. By default, filters are inclusion
filters, and display in grey. Only elements that match the filter are displayed. To change this to an exclusion
filters, displaying only elements that _don't_ match, toggle the filter. Exclusion filters display in red.
Remove Filter image:images/filter-delete.png[]:: Click this icon to remove a filter entirely.
Custom Filter image:images/filter-custom.png[]:: Click this icon to display a text field where you can customize the JSON
@ -26,7 +26,7 @@ representation of the filter and specify an alias to use for the filter name:
+
image::images/filter-custom-json.png[]
+
You can use JSON filter representation to implement predicate logic, with `should` for OR, `must` for AND, and `must_not`
You can use JSON filter representation to implement predicate logic, with `should` for OR, `must` for AND, and `must_not`
for NOT:
+
.OR Example
@ -94,5 +94,5 @@ for NOT:
==========
Click the *Done* button to update the filter with your changes.
To apply any of the filter actions to all the filters currently in place, click the image:images/filter-actions.png[]
To apply any of the filter actions to all the filters currently in place, click the image:images/filter-actions.png[]
*Global Filter Actions* button and select an action.

146
docs/getting-started.asciidoc
View file

@ -1,7 +1,7 @@
[[getting-started]]
== Getting Started with Kibana
Now that you have Kibana <<setup,installed>>, you can step through this tutorial to get fast hands-on experience with
Now that you have Kibana <<setup,installed>>, you can step through this tutorial to get fast hands-on experience with
key Kibana functionality. By the end of this tutorial, you will have:
* Loaded a sample data set into your Elasticsearch installation
@ -17,7 +17,7 @@ Video tutorials are also available:
* https://www.elastic.co/blog/kibana-4-video-tutorials-part-1[High-level Kibana introduction, pie charts]
* https://www.elastic.co/blog/kibana-4-video-tutorials-part-2[Data discovery, bar charts, and line charts]
* https://www.elastic.co/blog/kibana-4-video-tutorials-part-3[Tile maps]
* https://www.elastic.co/blog/kibana-4-video-tutorials-part-4[Embedding Kibana visualizations]
* https://www.elastic.co/blog/kibana-4-video-tutorials-part-4[Embedding Kibana visualizations]
[float]
[[tutorial-load-dataset]]
@ -25,11 +25,11 @@ Video tutorials are also available:
The tutorials in this section rely on the following data sets:
* The complete works of William Shakespeare, suitably parsed into fields. Download this data set by clicking here:
* The complete works of William Shakespeare, suitably parsed into fields. Download this data set by clicking here:
https://www.elastic.co/guide/en/kibana/3.0/snippets/shakespeare.json[shakespeare.json].
* A set of fictitious accounts with randomly generated data, in CSV format. Download this data set by clicking here:
* A set of fictitious accounts with randomly generated data, in CSV format. Download this data set by clicking here:
https://www.github.com/elastic/kibana/docs/tutorial/accounts.csv[accounts.csv]
* A set of randomly generated log files. Download this data set by clicking here:
* A set of randomly generated log files. Download this data set by clicking here:
https://download.elastic.co/demos/kibana/gettingstarted/logs.jsonl.gz[logs.jsonl.gz]
Extract the logs with the following command:
@ -75,8 +75,8 @@ The schema for the logs data set has dozens of different fields, but the notable
"@timestamp": "date"
}
Before we load the Shakespeare and logs data sets, we need to set up {ref}mapping.html[_mappings_] for the fields.
Mapping divides the documents in the index into logical groups and specifies a field's characteristics, such as the
Before we load the Shakespeare and logs data sets, we need to set up {ref}mapping.html[_mappings_] for the fields.
Mapping divides the documents in the index into logical groups and specifies a field's characteristics, such as the
field's searchability or whether or not it's _tokenized_, or broken up into separate words.
Use the following command to set up a mapping for the Shakespeare data set:
@ -108,7 +108,7 @@ there are multiple words in the field.
* The same applies to the _play_name_ field.
* The _line_id_ and _speech_number_ fields are integers.
The logs data set requires a mapping to label the latitude/longitude pairs in the logs as geographic locations by
The logs data set requires a mapping to label the latitude/longitude pairs in the logs as geographic locations by
applying the `geo_point` type to those fields.
Use the following commands to establish `geo_point` mapping for the logs:
@ -170,7 +170,7 @@ curl -XPUT http://localhost:9200/logstash-2015.05.20 -d '
}
';
At this point we're ready to use the Elasticsearch {ref}/docs-bulk.html[`bulk`] API to load the data sets with the
At this point we're ready to use the Elasticsearch {ref}/docs-bulk.html[`bulk`] API to load the data sets with the
following commands:
[source,shell]
@ -179,7 +179,7 @@ curl -XPOST 'localhost:9200/_bulk?pretty' --data-binary @logs.jsonl
These commands may take some time to execute, depending on the computing resources available.
To load the Accounts data set, click the *Management* image:images/SettingsButton.jpg[gear icon] tab, the
To load the Accounts data set, click the *Management* image:images/SettingsButton.jpg[gear icon] tab, the
select *Upload CSV*.
image::images/management-panel.png[kibana management panel]
@ -188,7 +188,7 @@ Click *Select File*, then navigate to the `accounts.csv` file. Review the sample
image::images/csv-sample.png[sample csv import]
Review the index pattern built by the CSV import function. You can change any field types from the drop-downs, but for
Review the index pattern built by the CSV import function. You can change any field types from the drop-downs, but for
this tutorial, accept the defaults. Enter `bank` as the name for the index pattern, then click *Save*.
image::images/sample-index.png[sample index pattern]
@ -211,24 +211,24 @@ yellow open logstash-2015.05.20 5 1 4750 0 16.4mb
[[tutorial-define-index]]
=== Defining Your Index Patterns
Each set of data loaded to Elasticsearch has an <<settings-create-pattern,index pattern>>. In the previous section, the
Shakespeare data set has an index named `shakespeare`, and the accounts data set has an index named `bank`. An _index
pattern_ is a string with optional wildcards that can match multiple indices. For example, in the common logging use
case, a typical index name contains the date in MM-DD-YYYY format, and an index pattern for May would look something
Each set of data loaded to Elasticsearch has an <<settings-create-pattern,index pattern>>. In the previous section, the
Shakespeare data set has an index named `shakespeare`, and the accounts data set has an index named `bank`. An _index
pattern_ is a string with optional wildcards that can match multiple indices. For example, in the common logging use
case, a typical index name contains the date in MM-DD-YYYY format, and an index pattern for May would look something
like `logstash-2015.05*`.
For this tutorial, any pattern that matches the name of an index we've loaded will work. Open a browser and
navigate to `localhost:5601`. Click the *Settings* tab, then the *Indices* tab. Click *Add New* to define a new index
For this tutorial, any pattern that matches the name of an index we've loaded will work. Open a browser and
navigate to `localhost:5601`. Click the *Settings* tab, then the *Indices* tab. Click *Add New* to define a new index
pattern. Two of the sample data sets, the Shakespeare plays and the financial accounts, don't contain time-series data.
Make sure the *Index contains time-based events* box is unchecked when you create index patterns for these data sets.
Specify `shakes*` as the index pattern for the Shakespeare data set and click *Create* to define the index pattern, then
Specify `shakes*` as the index pattern for the Shakespeare data set and click *Create* to define the index pattern, then
define a second index pattern named `ba*`.
The Logstash data set does contain time-series data, so after clicking *Add New* to define the index for this data
set, make sure the *Index contains time-based events* box is checked and select the `@timestamp` field from the
set, make sure the *Index contains time-based events* box is checked and select the `@timestamp` field from the
*Time-field name* drop-down.
NOTE: When you define an index pattern, indices that match that pattern must exist in Elasticsearch. Those indices must
NOTE: When you define an index pattern, indices that match that pattern must exist in Elasticsearch. Those indices must
contain data.
[float]
@ -239,14 +239,14 @@ Click the *Discover* image:images/discover-compass.png[Compass icon] tab to disp
image::images/tutorial-discover.png[]
Right under the tab itself, there is a search box where you can search your data. Searches take a specific
{ref}/query-dsl-query-string-query.html#query-string-syntax[query syntax] that enable you to create custom searches,
Right under the tab itself, there is a search box where you can search your data. Searches take a specific
{ref}/query-dsl-query-string-query.html#query-string-syntax[query syntax] that enable you to create custom searches,
which you can save and load by clicking the buttons to the right of the search box.
Beneath the search box, the current index pattern is displayed in a drop-down. You can change the index pattern by
Beneath the search box, the current index pattern is displayed in a drop-down. You can change the index pattern by
selecting a different pattern from the drop-down selector.
You can construct searches by using the field names and the values you're interested in. With numeric fields you can
You can construct searches by using the field names and the values you're interested in. With numeric fields you can
use comparison operators such as greater than (>), less than (<), or equals (=). You can link elements with the
logical operators AND, OR, and NOT, all in uppercase.
@ -261,8 +261,8 @@ If you're using the linked sample data set, this search returns 5 results: Accou
image::images/tutorial-discover-2.png[]
To narrow the display to only the specific fields of interest, highlight each field in the list that displays under the
index pattern and click the *Add* button. Note how, in this example, adding the `account_number` field changes the
To narrow the display to only the specific fields of interest, highlight each field in the list that displays under the
index pattern and click the *Add* button. Note how, in this example, adding the `account_number` field changes the
display from the full text of five records to a simple list of five account numbers:
image::images/tutorial-discover-3.png[]
@ -270,26 +270,26 @@ image::images/tutorial-discover-3.png[]
[[tutorial-visualizing]]
=== Data Visualization: Beyond Discovery
The visualization tools available on the *Visualize* tab enable you to display aspects of your data sets in several
different ways.
The visualization tools available on the *Visualize* tab enable you to display aspects of your data sets in several
different ways.
Click on the *Visualize* image:images/visualize-icon.png[Bar chart icon] tab to start:
image::images/tutorial-visualize.png[]
Click on *Pie chart*, then *From a new search*. Select the `ba*` index pattern.
Click on *Pie chart*, then *From a new search*. Select the `ba*` index pattern.
Visualizations depend on Elasticsearch {ref}/search-aggregations.html[aggregations] in two different types: _bucket_
aggregations and _metric_ aggregations. A bucket aggregation sorts your data according to criteria you specify. For
example, in our accounts data set, we can establish a range of account balances, then display what proportions of the
Visualizations depend on Elasticsearch {ref}/search-aggregations.html[aggregations] in two different types: _bucket_
aggregations and _metric_ aggregations. A bucket aggregation sorts your data according to criteria you specify. For
example, in our accounts data set, we can establish a range of account balances, then display what proportions of the
total fall into which range of balances.
The whole pie displays, since we haven't specified any buckets yet.
image::images/tutorial-visualize-pie-1.png[]
Select *Split Slices* from the *Select buckets type* list, then select *Range* from the *Aggregation* drop-down
selector. Select the *balance* field from the *Field* drop-down, then click on *Add Range* four times to bring the
Select *Split Slices* from the *Select buckets type* list, then select *Range* from the *Aggregation* drop-down
selector. Select the *balance* field from the *Field* drop-down, then click on *Add Range* four times to bring the
total number of ranges to six. Enter the following ranges:
[source,text]
@ -304,13 +304,13 @@ Click the *Apply changes* button image:images/apply-changes-button.png[] to disp
image::images/tutorial-visualize-pie-2.png[]
This shows you what proportion of the 1000 accounts fall in these balance ranges. To see another dimension of the data,
we're going to add another bucket aggregation. We can break down each of the balance ranges further by the account
This shows you what proportion of the 1000 accounts fall in these balance ranges. To see another dimension of the data,
we're going to add another bucket aggregation. We can break down each of the balance ranges further by the account
holder's age.
Click *Add sub-buckets* at the bottom, then select *Split Slices*. Choose the *Terms* aggregation and the *age* field from
the drop-downs.
Click the *Apply changes* button image:images/apply-changes-button.png[] to add an external ring with the new
Click *Add sub-buckets* at the bottom, then select *Split Slices*. Choose the *Terms* aggregation and the *age* field from
the drop-downs.
Click the *Apply changes* button image:images/apply-changes-button.png[] to add an external ring with the new
results.
image::images/tutorial-visualize-pie-3.png[]
@ -318,74 +318,74 @@ image::images/tutorial-visualize-pie-3.png[]
Save this chart by clicking the *Save Visualization* button to the right of the search field. Name the visualization
_Pie Example_.
Next, we're going to make a bar chart. Click on *New Visualization*, then *Vertical bar chart*. Select *From a new
Next, we're going to make a bar chart. Click on *New Visualization*, then *Vertical bar chart*. Select *From a new
search* and the `shakes*` index pattern. You'll see a single big bar, since we haven't defined any buckets yet:
image::images/tutorial-visualize-bar-1.png[]
For the Y-axis metrics aggregation, select *Unique Count*, with *speaker* as the field. For Shakespeare plays, it might
be useful to know which plays have the lowest number of distinct speaking parts, if your theater company is short on
For the Y-axis metrics aggregation, select *Unique Count*, with *speaker* as the field. For Shakespeare plays, it might
be useful to know which plays have the lowest number of distinct speaking parts, if your theater company is short on
actors. For the X-Axis buckets, select the *Terms* aggregation with the *play_name* field. For the *Order*, select
*Ascending*, leaving the *Size* at 5. Write a description for the axes in the *Custom Label* fields.
Leave the other elements at their default values and click the *Apply changes* button
Leave the other elements at their default values and click the *Apply changes* button
image:images/apply-changes-button.png[]. Your chart should now look like this:
image::images/tutorial-visualize-bar-2.png[]
Notice how the individual play names show up as whole phrases, instead of being broken down into individual words. This
is the result of the mapping we did at the beginning of the tutorial, when we marked the *play_name* field as 'not
Notice how the individual play names show up as whole phrases, instead of being broken down into individual words. This
is the result of the mapping we did at the beginning of the tutorial, when we marked the *play_name* field as 'not
analyzed'.
Hovering on each bar shows you the number of speaking parts for each play as a tooltip. You can turn this behavior off,
Hovering on each bar shows you the number of speaking parts for each play as a tooltip. You can turn this behavior off,
as well as change many other options for your visualizations, by clicking the *Options* tab in the top left.
Now that you have a list of the smallest casts for Shakespeare plays, you might also be curious to see which of these
plays makes the greatest demands on an individual actor by showing the maximum number of speeches for a given part. Add
a Y-axis aggregation with the *Add metrics* button, then choose the *Max* aggregation for the *speech_number* field. In
the *Options* tab, change the *Bar Mode* drop-down to *grouped*, then click the *Apply changes* button
Now that you have a list of the smallest casts for Shakespeare plays, you might also be curious to see which of these
plays makes the greatest demands on an individual actor by showing the maximum number of speeches for a given part. Add
a Y-axis aggregation with the *Add metrics* button, then choose the *Max* aggregation for the *speech_number* field. In
the *Options* tab, change the *Bar Mode* drop-down to *grouped*, then click the *Apply changes* button
image:images/apply-changes-button.png[]. Your chart should now look like this:
image::images/tutorial-visualize-bar-3.png[]
As you can see, _Love's Labours Lost_ has an unusually high maximum speech number, compared to the other plays, and
As you can see, _Love's Labours Lost_ has an unusually high maximum speech number, compared to the other plays, and
might therefore make more demands on an actor's memory.
Note how the *Number of speaking parts* Y-axis starts at zero, but the bars don't begin to differentiate until 18. To
make the differences stand out, starting the Y-axis at a value closer to the minimum, check the
Note how the *Number of speaking parts* Y-axis starts at zero, but the bars don't begin to differentiate until 18. To
make the differences stand out, starting the Y-axis at a value closer to the minimum, check the
*Scale Y-Axis to data bounds* box in the *Options* tab.
Save this chart with the name _Bar Example_.
Next, we're going to make a tile map chart to visualize some geographic data. Click on *New Visualization*, then
*Tile map*. Select *From a new search* and the `logstash-*` index pattern. Define the time window for the events
we're exploring by clicking the time selector at the top right of the Kibana interface. Click on *Absolute*, then set
Next, we're going to make a tile map chart to visualize some geographic data. Click on *New Visualization*, then
*Tile map*. Select *From a new search* and the `logstash-*` index pattern. Define the time window for the events
we're exploring by clicking the time selector at the top right of the Kibana interface. Click on *Absolute*, then set
the start time to May 18, 2015 and the end time for the range to May 20, 2015:
image::images/tutorial-timepicker.png[]
Once you've got the time range set up, click the *Go* button, then close the time picker by clicking the small up arrow
Once you've got the time range set up, click the *Go* button, then close the time picker by clicking the small up arrow
at the bottom. You'll see a map of the world, since we haven't defined any buckets yet:
image::images/tutorial-visualize-map-1.png[]
Select *Geo Coordinates* as the bucket, then click the *Apply changes* button image:images/apply-changes-button.png[].
Select *Geo Coordinates* as the bucket, then click the *Apply changes* button image:images/apply-changes-button.png[].
Your chart should now look like this:
image::images/tutorial-visualize-map-2.png[]
You can navigate the map by clicking and dragging, zoom with the image:images/viz-zoom.png[] buttons, or hit the *Fit
Data Bounds* image:images/viz-fit-bounds.png[] button to zoom to the lowest level that includes all the points. You can
also create a filter to define a rectangle on the map, either to include or exclude, by clicking the
*Latitude/Longitude Filter* image:images/viz-lat-long-filter.png[] button and drawing a bounding box on the map.
You can navigate the map by clicking and dragging, zoom with the image:images/viz-zoom.png[] buttons, or hit the *Fit
Data Bounds* image:images/viz-fit-bounds.png[] button to zoom to the lowest level that includes all the points. You can
also create a filter to define a rectangle on the map, either to include or exclude, by clicking the
*Latitude/Longitude Filter* image:images/viz-lat-long-filter.png[] button and drawing a bounding box on the map.
A green oval with the filter definition displays right under the query box:
image::images/tutorial-visualize-map-3.png[]
Hover on the filter to display the controls to toggle, pin, invert, or delete the filter. Save this chart with the name
Hover on the filter to display the controls to toggle, pin, invert, or delete the filter. Save this chart with the name
_Map Example_.
Finally, we're going to define a sample Markdown widget to display on our dashboard. Click on *New Visualization*, then
Finally, we're going to define a sample Markdown widget to display on our dashboard. Click on *New Visualization*, then
*Markdown widget*, to display a very simple Markdown entry field:
image::images/tutorial-visualize-md-1.png[]
@ -393,11 +393,11 @@ image::images/tutorial-visualize-md-1.png[]
Write the following text in the field:
[source,markdown]
# This is a tutorial dashboard!
# This is a tutorial dashboard!
The Markdown widget uses **markdown** syntax.
> Blockquotes in Markdown use the > character.
Click the *Apply changes* button image:images/apply-changes-button.png[] to display the rendered Markdown in the
Click the *Apply changes* button image:images/apply-changes-button.png[] to display the rendered Markdown in the
preview pane:
image::images/tutorial-visualize-md-2.png[]
@ -407,21 +407,21 @@ Save this visualization with the name _Markdown Example_.
[[tutorial-dashboard]]
=== Putting it all Together with Dashboards
A Kibana dashboard is a collection of visualizations that you can arrange and share. To get started, click the
*Dashboard* tab, then the *Add Visualization* button at the far right of the search box to display the list of saved
visualizations. Select _Markdown Example_, _Pie Example_, _Bar Example_, and _Map Example_, then close the list of
visualizations by clicking the small up-arrow at the bottom of the list. You can move the containers for each
visualization by clicking and dragging the title bar. Resize the containers by dragging the lower right corner of a
A Kibana dashboard is a collection of visualizations that you can arrange and share. To get started, click the
*Dashboard* tab, then the *Add Visualization* button at the far right of the search box to display the list of saved
visualizations. Select _Markdown Example_, _Pie Example_, _Bar Example_, and _Map Example_, then close the list of
visualizations by clicking the small up-arrow at the bottom of the list. You can move the containers for each
visualization by clicking and dragging the title bar. Resize the containers by dragging the lower right corner of a
visualization's container. Your sample dashboard should end up looking roughly like this:
image::images/tutorial-dashboard.png[]
Click the *Save Dashboard* button, then name the dashboard _Tutorial Dashboard_. You can share a saved dashboard by
Click the *Save Dashboard* button, then name the dashboard _Tutorial Dashboard_. You can share a saved dashboard by
clicking the *Share* button to display HTML embedding code as well as a direct link.
[float]
[[wrapping-up]]
=== Wrapping Up
Now that you've handled the basic aspects of Kibana's functionality, you're ready to explore Kibana in further detail.
Now that you've handled the basic aspects of Kibana's functionality, you're ready to explore Kibana in further detail.
Take a look at the rest of the documentation for more details!

34
docs/introduction.asciidoc
View file

@ -1,21 +1,21 @@
[[introduction]]
== Introduction
Kibana is an open source analytics and visualization platform designed to work with Elasticsearch. You use Kibana to
search, view, and interact with data stored in Elasticsearch indices. You can easily perform advanced data analysis
Kibana is an open source analytics and visualization platform designed to work with Elasticsearch. You use Kibana to
search, view, and interact with data stored in Elasticsearch indices. You can easily perform advanced data analysis
and visualize your data in a variety of charts, tables, and maps.
Kibana makes it easy to understand large volumes of data. Its simple, browser-based interface enables you to quickly
Kibana makes it easy to understand large volumes of data. Its simple, browser-based interface enables you to quickly
create and share dynamic dashboards that display changes to Elasticsearch queries in real time.
Setting up Kibana is a snap. You can install Kibana and start exploring your Elasticsearch indices in minutes -- no
code, no additional infrastructure required.
Setting up Kibana is a snap. You can install Kibana and start exploring your Elasticsearch indices in minutes -- no
code, no additional infrastructure required.
For more information about creating and sharing visualizations and dashboards, see the <<visualize, Visualize>>
and <<dashboard, Dashboard>> topics. A complete <<getting-started,tutorial>> covering several aspects of Kibana's
For more information about creating and sharing visualizations and dashboards, see the <<visualize, Visualize>>
and <<dashboard, Dashboard>> topics. A complete <<getting-started,tutorial>> covering several aspects of Kibana's
functionality is also available.
NOTE: This guide describes how to use Kibana {version}. For information about what's new in Kibana {version}, see
NOTE: This guide describes how to use Kibana {version}. For information about what's new in Kibana {version}, see
the <<releasenotes, release notes>>.
////
@ -23,25 +23,25 @@ the <<releasenotes, release notes>>.
[[data-discovery]]
=== Data Discovery and Visualization
Let's take a look at how you might use Kibana to explore and visualize data.
We've indexed some data from Transport for London (TFL) that shows one week
Let's take a look at how you might use Kibana to explore and visualize data.
We've indexed some data from Transport for London (TFL) that shows one week
of transit (Oyster) card usage.
From Kibana's Discover page, we can submit search queries, filter the results, and
examine the data in the returned documents. For example, we can get all trips
From Kibana's Discover page, we can submit search queries, filter the results, and
examine the data in the returned documents. For example, we can get all trips
completed by the Tube during the week by excluding incomplete trips and trips by bus:
image:images/TFL-CompletedTrips.jpg[Discover]
Right away, we can see the peaks for the morning and afternoon commute hours in the
histogram. By default, the Discover page also shows the first 500 entries that match the
search criteria. You can change the time filter, interact with the histogram to drill
down into the data, and view the details of particular documents. For more
Right away, we can see the peaks for the morning and afternoon commute hours in the
histogram. By default, the Discover page also shows the first 500 entries that match the
search criteria. You can change the time filter, interact with the histogram to drill
down into the data, and view the details of particular documents. For more
information about exploring your data from the Discover page, see <<discover, Discover>>.
You can construct visualizations of your search results from the Visualization page.
Each visualization is associated with a search. For example, we can create a histogram
that shows the weekly London commute traffic via the Tube using our previous search.
that shows the weekly London commute traffic via the Tube using our previous search.
The Y-axis shows the number of trips. The X-axis shows
the day and time. By adding a sub-aggregation, we can see the top 3 end stations during
each hour:

34
docs/kibana-yml.asciidoc
View file

@ -2,45 +2,45 @@
[horizontal]
`server.port:`:: *Default: 5601* Kibana is served by a back end server. This setting specifies the port to use.
`server.host:`:: *Default: "0.0.0.0"* This setting specifies the IP address of the back end server.
`server.basePath:`:: Enables you to specify a path to mount Kibana at if you are running behind a proxy. This setting
`server.basePath:`:: Enables you to specify a path to mount Kibana at if you are running behind a proxy. This setting
cannot end in a slash (`/`).
`server.maxPayloadBytes:`:: *Default: 1048576* The maximum payload size in bytes for incoming server requests.
`server.name:`:: *Default: "your-hostname"* A human-readable display name that identifies this Kibana instance.
`elasticsearch.url:`:: *Default: "http://localhost:9200"* The URL of the Elasticsearch instance to use for all your
`server.name:`:: *Default: "your-hostname"* A human-readable display name that identifies this Kibana instance.
`elasticsearch.url:`:: *Default: "http://localhost:9200"* The URL of the Elasticsearch instance to use for all your
queries.
`elasticsearch.preserveHost:`:: *Default: true* When this settings value is true Kibana uses the hostname specified in
the `server.host` setting. When the value of this setting is `false`, Kibana uses the hostname of the host that connects
`elasticsearch.preserveHost:`:: *Default: true* When this settings value is true Kibana uses the hostname specified in
the `server.host` setting. When the value of this setting is `false`, Kibana uses the hostname of the host that connects
to this Kibana instance.
`kibana.index:`:: *Default: ".kibana"* Kibana uses an index in Elasticsearch to store saved searches, visualizations and
`kibana.index:`:: *Default: ".kibana"* Kibana uses an index in Elasticsearch to store saved searches, visualizations and
dashboards. Kibana creates a new index if the index doesnt already exist.
`kibana.defaultAppId:`:: *Default: "discover"* The default application to load.
`elasticsearch.username:` and `elasticsearch.password:`:: If your Elasticsearch is protected with basic authentication,
these settings provide the username and password that the Kibana server uses to perform maintenance on the Kibana index at
`elasticsearch.username:` and `elasticsearch.password:`:: If your Elasticsearch is protected with basic authentication,
these settings provide the username and password that the Kibana server uses to perform maintenance on the Kibana index at
startup. Your Kibana users still need to authenticate with Elasticsearch, which is proxied through the Kibana server.
`server.ssl.cert:` and `server.ssl.key:`:: Paths to the PEM-format SSL certificate and SSL key files, respectively. These
`server.ssl.cert:` and `server.ssl.key:`:: Paths to the PEM-format SSL certificate and SSL key files, respectively. These
files enable SSL for outgoing requests from the Kibana server to the browser.
`elasticsearch.ssl.cert:` and `elasticsearch.ssl.key:`:: Optional settings that provide the paths to the PEM-format SSL
`elasticsearch.ssl.cert:` and `elasticsearch.ssl.key:`:: Optional settings that provide the paths to the PEM-format SSL
certificate and key files. These files validate that your Elasticsearch backend uses the same key files.
`elasticsearch.ssl.ca:`:: Optional setting that enables you to specify a path to the PEM file for the certificate
`elasticsearch.ssl.ca:`:: Optional setting that enables you to specify a path to the PEM file for the certificate
authority for your Elasticsearch instance.
`elasticsearch.ssl.verify:`:: *Default: true* To disregard the validity of SSL certificates, change this settings value
`elasticsearch.ssl.verify:`:: *Default: true* To disregard the validity of SSL certificates, change this settings value
to `false`.
`elasticsearch.pingTimeout:`:: *Default: the value of the `elasticsearch.requestTimeout` setting* Time in milliseconds to
`elasticsearch.pingTimeout:`:: *Default: the value of the `elasticsearch.requestTimeout` setting* Time in milliseconds to
wait for Elasticsearch to respond to pings.
`elasticsearch.requestTimeout:`:: *Default: 30000* Time in milliseconds to wait for responses from the back end or
`elasticsearch.requestTimeout:`:: *Default: 30000* Time in milliseconds to wait for responses from the back end or
Elasticsearch. This value must be a positive integer.
`elasticsearch.requestHeadersWhitelist:`:: *Default: `[ 'authorization' ]`* List of Kibana client-side headers to send to Elasticsearch.
To send *no* client-side headers, set this value to [] (an empty list).
`elasticsearch.shardTimeout:`:: *Default: 0* Time in milliseconds for Elasticsearch to wait for responses from shards. Set
to 0 to disable.
`elasticsearch.startupTimeout:`:: *Default: 5000* Time in milliseconds to wait for Elasticsearch at Kibana startup before
`elasticsearch.startupTimeout:`:: *Default: 5000* Time in milliseconds to wait for Elasticsearch at Kibana startup before
retrying.
`pid.file:`:: Specifies the path where Kibana creates the process ID file.
`logging.dest:`:: *Default: `stdout`* Enables you specify a file where Kibana stores log output.
`logging.silent:`:: *Default: false* Set the value of this setting to `true` to suppress all logging output.
`logging.quiet:`:: *Default: false* Set the value of this setting to `true` to suppress all logging output other than
`logging.quiet:`:: *Default: false* Set the value of this setting to `true` to suppress all logging output other than
error messages.
`logging.verbose`:: *Default: false* Set the value of this setting to `true` to log all events, including system usage
`logging.verbose`:: *Default: false* Set the value of this setting to `true` to log all events, including system usage
information and all requests.
`ops.interval`:: *Default: 5000* Set the interval in milliseconds to sample system and process performance metrics.
The minimum value is 100.

26
docs/line.asciidoc
View file

@ -6,7 +6,7 @@ This chart's Y axis is the _metrics_ axis. The following aggregations are availa
include::y-axis-aggs.asciidoc[]
Before you choose a buckets aggregation, specify if you are splitting slices within a single chart or splitting into
multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change
multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change
if the splits are displayed in a row or a column by clicking the *Rows | Columns* selector.
include::x-axis-aggs.asciidoc[]
@ -19,37 +19,37 @@ You can click the *Advanced* link to display more customization options for your
*Exclude Pattern Flags*:: A standard set of Java flags for the exclusion pattern.
*Include Pattern*:: Specify a pattern in this field to include in the results.
*Include Pattern Flags*:: A standard set of Java flags for the inclusion pattern.
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.
Select the *Options* tab to change the following aspects of the chart:
*Y-Axis Scale*:: You can select *linear*, *log*, or *square root* scales for the chart's Y axis. You can use a log
scale to display data that varies exponentially, such as a compounding interest chart, or a square root scale to
regularize the display of data sets with variabilities that are themselves highly variable. This kind of data, where
the variability is itself variable over the domain being examined, is known as _heteroscedastic_ data. For example, if
*Y-Axis Scale*:: You can select *linear*, *log*, or *square root* scales for the chart's Y axis. You can use a log
scale to display data that varies exponentially, such as a compounding interest chart, or a square root scale to
regularize the display of data sets with variabilities that are themselves highly variable. This kind of data, where
the variability is itself variable over the domain being examined, is known as _heteroscedastic_ data. For example, if
a data set of height versus weight has a relatively narrow range of variability at the short end of height, but a wider
range at the taller end, the data set is heteroscedastic.
*Smooth Lines*:: Check this box to curve the line from point to point. Bear in mind that smoothed lines necessarily
range at the taller end, the data set is heteroscedastic.
*Smooth Lines*:: Check this box to curve the line from point to point. Bear in mind that smoothed lines necessarily
affect the representation of your data and create a potential for ambiguity.
*Show Connecting Lines*:: Check this box to draw lines between the points on the chart.
*Show Circles*:: Check this box to draw each data point on the chart as a small circle.
*Current time marker*:: For charts of time-series data, check this box to draw a red line on the current time.
*Set Y-Axis Extents*:: Check this box and enter values in the *y-max* and *y-min* fields to set the Y axis to specific
values.
*Set Y-Axis Extents*:: Check this box and enter values in the *y-max* and *y-min* fields to set the Y axis to specific
values.
*Show Tooltip*:: Check this box to enable the display of tooltips.
*Scale Y-Axis to Data Bounds*:: The default Y-axis bounds are zero and the maximum value returned in the data. Check
*Scale Y-Axis to Data Bounds*:: The default Y-axis bounds are zero and the maximum value returned in the data. Check
this box to change both upper and lower bounds to match the values returned in the data.
After changing options, click the *Apply changes* button to update your visualization, or the grey *Discard
After changing options, click the *Apply changes* button to update your visualization, or the grey *Discard
changes* button to keep your visualization in its current state.
[float]

4
docs/markdown.asciidoc
View file

@ -1,7 +1,7 @@
[[markdown-widget]]
=== Markdown Widget
The Markdown widget is a text entry field that accepts GitHub-flavored Markdown text. Kibana renders the text you enter
in this field and displays the results on the dashboard. You can click the *Help* link to go to the
The Markdown widget is a text entry field that accepts GitHub-flavored Markdown text. Kibana renders the text you enter
in this field and displays the results on the dashboard. You can click the *Help* link to go to the
https://help.github.com/articles/github-flavored-markdown/[help page] for GitHub flavored Markdown. Click *Apply* to
display the rendered text in the Preview pane or *Discard* to revert to a previous version.

4
docs/metric.asciidoc
View file

@ -7,13 +7,13 @@ include::y-axis-aggs.asciidoc[]
You can click the *Advanced* link to display more customization options:
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.

60
docs/pie.asciidoc
View file

@ -1,14 +1,14 @@
[[pie-chart]]
=== Pie Charts
The slice size of a pie chart is determined by the _metrics_ aggregation. The following aggregations are available for
The slice size of a pie chart is determined by the _metrics_ aggregation. The following aggregations are available for
this axis:
*Count*:: The {ref}search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
*Count*:: The {ref}search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
the elements in the selected index pattern.
*Sum*:: The {ref}search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
*Sum*:: The {ref}search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
field. Select a field from the drop-down.
*Unique Count*:: The {ref}search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
*Unique Count*:: The {ref}search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
the number of unique values in a field. Select a field from the drop-down.
Enter a string in the *Custom Label* field to change the display label.
@ -16,45 +16,45 @@ Enter a string in the *Custom Label* field to change the display label.
The _buckets_ aggregations determine what information is being retrieved from your data set.
Before you choose a buckets aggregation, specify if you are splitting slices within a single chart or splitting into
multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change
multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change
if the splits are displayed in a row or a column by clicking the *Rows | Columns* selector.
You can specify any of the following bucket aggregations for your pie chart:
*Date Histogram*:: A {ref}search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
*Date Histogram*:: A {ref}search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
down to one second.
*Histogram*:: A standard {ref}search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
*Histogram*:: A standard {ref}search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
intervals in the histogram.
*Range*:: With a {ref}search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
*Range*:: With a {ref}search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
a range.
*Date Range*:: A {ref}search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
*Date Range*:: A {ref}search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
Click the red *(/)* symbol to remove a range.
*IPv4 Range*:: The {ref}search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to
remove a range.
*Terms*:: A {ref}search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
*Terms*:: A {ref}search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
or bottom _n_ elements of a given field to display, ordered by count or a custom metric.
*Filters*:: You can specify a set of {ref}search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[] *label* button to open the label field, where you can type
*Filters*:: You can specify a set of {ref}search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[] *label* button to open the label field, where you can type
in a name to display on the visualization.
*Significant Terms*:: Displays the results of the experimental
{ref}search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. The value of the
*Significant Terms*:: Displays the results of the experimental
{ref}search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. The value of the
*Size* parameter defines the number of entries this aggregation returns.
After defining an initial bucket aggregation, you can define sub-buckets to refine the visualization. Click *+ Add
sub-buckets* to define a sub-aggregation, then choose *Split Slices* to select a sub-bucket from the list of
After defining an initial bucket aggregation, you can define sub-buckets to refine the visualization. Click *+ Add
sub-buckets* to define a sub-aggregation, then choose *Split Slices* to select a sub-bucket from the list of
types.
When multiple aggregations are defined on a chart's axis, you can use the up or down arrows to the right of the
When multiple aggregations are defined on a chart's axis, you can use the up or down arrows to the right of the
aggregation's type to change the aggregation's priority.
include::color-picker.asciidoc[]
@ -65,13 +65,13 @@ You can click the *Advanced* link to display more customization options for your
*Exclude Pattern*:: Specify a pattern in this field to exclude from the results.
*Include Pattern*:: Specify a pattern in this field to include in the results.
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.
@ -81,7 +81,7 @@ Select the *Options* tab to change the following aspects of the table:
*Donut*:: Display the chart as a sliced ring instead of a sliced pie.
*Show Tooltip*:: Check this box to enable the display of tooltips.
After changing options, click the *Apply changes* button to update your visualization, or the grey *Discard
After changing options, click the *Apply changes* button to update your visualization, or the grey *Discard
changes* button to keep your visualization in its current state.
[float]

8
docs/production.asciidoc
View file

@ -25,11 +25,11 @@ Kibana users have to authenticate when your cluster has {scyld} enabled. You
configure {scyld} roles for your Kibana users to control what data those users
can access. Kibana runs a webserver that makes requests to Elasticsearch on the
client's behalf, so you also need to configure credentials for the Kibana server
so those requests can be authenticated.
so those requests can be authenticated.
You must configure Kibana to encrypt communications between the browser and the
Kibana server to prevent user passwords from being sent in the clear. If are
using SSL/TLS to encrypt traffic to and from the nodes in your Elasticsearch
You must configure Kibana to encrypt communications between the browser and the
Kibana server to prevent user passwords from being sent in the clear. If are
using SSL/TLS to encrypt traffic to and from the nodes in your Elasticsearch
cluster, you must also configure Kibana to connect to Elasticsearch via HTTPS.
With {scyld} enabled, if you load a Kibana dashboard that accesses data in an

2
docs/releasenotes.asciidoc
View file

@ -37,7 +37,7 @@ The {version} release of Kibana requires Elasticsearch {esversion} or later.
[[plugins-apis]]
== Plugins, APIs, and Development Infrastructure
NOTE: The items in this section are not a complete list of the internal changes relating to development in Kibana. Plugin
NOTE: The items in this section are not a complete list of the internal changes relating to development in Kibana. Plugin
framework and APIs are not formally documented and not guaranteed to be backward compatible from release to release.
* {k4pull}7069[Pull Request 7069]: Adds `preInit` functionality.

144
docs/settings.asciidoc
View file

@ -1,55 +1,55 @@
[[settings]]
== Settings
To use Kibana, you have to tell it about the Elasticsearch indices that you want to explore by configuring one or more
To use Kibana, you have to tell it about the Elasticsearch indices that you want to explore by configuring one or more
index patterns. You can also:
* Create scripted fields that are computed on the fly from your data. You can browse and visualize scripted fields, but
* Create scripted fields that are computed on the fly from your data. You can browse and visualize scripted fields, but
you cannot search them.
* Set advanced options such as the number of rows to show in a table and how many of the most popular fields to show.
* Set advanced options such as the number of rows to show in a table and how many of the most popular fields to show.
Use caution when modifying advanced options, as it's possible to set values that are incompatible with one another.
* Configure Kibana for a production environment
[float]
[[settings-create-pattern]]
=== Creating an Index Pattern to Connect to Elasticsearch
An _index pattern_ identifies one or more Elasticsearch indices that you want to explore with Kibana. Kibana looks for
An _index pattern_ identifies one or more Elasticsearch indices that you want to explore with Kibana. Kibana looks for
index names that match the specified pattern.
An asterisk (*) in the pattern matches zero or more characters. For example, the pattern `myindex-*` matches all
indices whose names start with `myindex-`, such as `myindex-1` and `myindex-2`.
An asterisk (*) in the pattern matches zero or more characters. For example, the pattern `myindex-*` matches all
indices whose names start with `myindex-`, such as `myindex-1` and `myindex-2`.
An index pattern can also simply be the name of a single index.
To create an index pattern to connect to Elasticsearch:
. Go to the *Settings > Indices* tab.
. Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana
. Specify an index pattern that matches the name of one or more of your Elasticsearch indices. By default, Kibana
guesses that you're you're working with log data being fed into Elasticsearch by Logstash.
+
NOTE: When you switch between top-level tabs, Kibana remembers where you were. For example, if you view a particular
index pattern from the Settings tab, switch to the Discover tab, and then go back to the Settings tab, Kibana displays
the index pattern you last looked at. To get to the create pattern form, click the *Add* button in the Index Patterns
NOTE: When you switch between top-level tabs, Kibana remembers where you were. For example, if you view a particular
index pattern from the Settings tab, switch to the Discover tab, and then go back to the Settings tab, Kibana displays
the index pattern you last looked at. To get to the create pattern form, click the *Add* button in the Index Patterns
list.
. If your index contains a timestamp field that you want to use to perform time-based comparisons, select the *Index
contains time-based events* option and select the index field that contains the timestamp. Kibana reads the index
. If your index contains a timestamp field that you want to use to perform time-based comparisons, select the *Index
contains time-based events* option and select the index field that contains the timestamp. Kibana reads the index
mapping to list all of the fields that contain a timestamp.
. By default, Kibana restricts wildcard expansion of time-based index patterns to indices with data within the currently
. By default, Kibana restricts wildcard expansion of time-based index patterns to indices with data within the currently
selected time range. Click *Do not expand index pattern when search* to disable this behavior.
. Click *Create* to add the index pattern.
. Click *Create* to add the index pattern.
. To designate the new pattern as the default pattern to load when you view the Discover tab, click the *favorite*
button.
. To designate the new pattern as the default pattern to load when you view the Discover tab, click the *favorite*
button.
NOTE: When you define an index pattern, indices that match that pattern must exist in Elasticsearch. Those indices must
NOTE: When you define an index pattern, indices that match that pattern must exist in Elasticsearch. Those indices must
contain data.
To use an event time in an index name, enclose the static text in the pattern and specify the date format using the
To use an event time in an index name, enclose the static text in the pattern and specify the date format using the
tokens described in the following table.
For example, `[logstash-]YYYY.MM.DD` matches all indices whose names have a timestamp of the form `YYYY.MM.DD` appended
For example, `[logstash-]YYYY.MM.DD` matches all indices whose names have a timestamp of the form `YYYY.MM.DD` appended
to the prefix `logstash-`, such as `logstash-2015.01.31` and `logstash-2015-02-01`.
[float]
@ -108,32 +108,32 @@ to the prefix `logstash-`, such as `logstash-2015.01.31` and `logstash-2015-02-0
[float]
[[set-default-pattern]]
=== Setting the Default Index Pattern
The default index pattern is loaded by automatically when you view the *Discover* tab. Kibana displays a star to the
left of the name of the default pattern in the Index Patterns list on the *Settings > Indices* tab. The first pattern
The default index pattern is loaded by automatically when you view the *Discover* tab. Kibana displays a star to the
left of the name of the default pattern in the Index Patterns list on the *Settings > Indices* tab. The first pattern
you create is automatically designated as the default pattern.
To set a different pattern as the default index pattern:
. Go to the *Settings > Indices* tab.
. Select the pattern you want to set as the default in the Index Patterns list.
. Click the pattern's *Favorite* button.
. Click the pattern's *Favorite* button.
NOTE: You can also manually set the default index pattern in *Advanced > Settings*.
NOTE: You can also manually set the default index pattern in *Advanced > Settings*.
[float]
[[reload-fields]]
=== Reloading the Index Fields List
When you add an index mapping, Kibana automatically scans the indices that match the pattern to display a list of the
index fields. You can reload the index fields list to pick up any newly-added fields.
When you add an index mapping, Kibana automatically scans the indices that match the pattern to display a list of the
index fields. You can reload the index fields list to pick up any newly-added fields.
Reloading the index fields list also resets Kibana's popularity counters for the fields. The popularity counters keep
track of the fields you've used most often within Kibana and are used to sort fields within lists.
Reloading the index fields list also resets Kibana's popularity counters for the fields. The popularity counters keep
track of the fields you've used most often within Kibana and are used to sort fields within lists.
To reload the index fields list:
. Go to the *Settings > Indices* tab.
. Select an index pattern from the Index Patterns list.
. Click the pattern's *Reload* button.
. Click the pattern's *Reload* button.
[float]
[[delete-pattern]]
@ -147,11 +147,11 @@ To delete an index pattern:
[[managing-fields]]
=== Managing Fields
The fields for the index pattern are listed in a table. Click a column header to sort the table by that column. Click
the *Controls* button in the rightmost column for a given field to edit the field's properties. You can manually set
The fields for the index pattern are listed in a table. Click a column header to sort the table by that column. Click
the *Controls* button in the rightmost column for a given field to edit the field's properties. You can manually set
the field's format from the *Format* drop-down. Format options vary based on the field's type.
You can also set the field's popularity value in the *Popularity* text entry box to any desired value. Click the
You can also set the field's popularity value in the *Popularity* text entry box to any desired value. Click the
*Update Field* button to confirm your changes or *Cancel* to return to the list of fields.
Kibana has https://www.elastic.co/blog/kibana-4-1-field-formatters[field formatters] for the following field types:
@ -193,23 +193,23 @@ include::duration-formatter.asciidoc[]
include::color-formatter.asciidoc[]
The `Bytes`, `Number`, and `Percentage` formatters enable you to choose the display formats of numbers in this field using
The `Bytes`, `Number`, and `Percentage` formatters enable you to choose the display formats of numbers in this field using
the https://adamwdraper.github.io/Numeral-js/[numeral.js] standard format definitions.
[float]
[[create-scripted-field]]
=== Creating a Scripted Field
Scripted fields compute data on the fly from the data in your Elasticsearch indices. Scripted field data is shown on
Scripted fields compute data on the fly from the data in your Elasticsearch indices. Scripted field data is shown on
the Discover tab as part of the document data, and you can use scripted fields in your visualizations.
Scripted field values are computed at query time so they aren't indexed and cannot be searched.
NOTE: Kibana cannot query scripted fields.
WARNING: Computing data on the fly with scripted fields can be very resource intensive and can have a direct impact on
Kibana's performance. Keep in mind that there's no built-in validation of a scripted field. If your scripts are
WARNING: Computing data on the fly with scripted fields can be very resource intensive and can have a direct impact on
Kibana's performance. Keep in mind that there's no built-in validation of a scripted field. If your scripts are
buggy, you'll get exceptions whenever you try to view the dynamically generated data.
Scripted fields use the Lucene expression syntax. For more information,
Scripted fields use the Lucene expression syntax. For more information,
see http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting.html#_lucene_expressions_scripts[
Lucene Expressions Scripts].
@ -224,15 +224,15 @@ To create a scripted field:
. Go to *Settings > Indices*
. Select the index pattern you want to add a scripted field to.
. Go to the pattern's *Scripted Fields* tab.
. Click *Add Scripted Field*.
. Click *Add Scripted Field*.
. Enter a name for the scripted field.
. Enter the expression that you want to use to compute a value on the fly from your index data.
. Click *Save Scripted Field*.
For more information about scripted fields in Elasticsearch, see
For more information about scripted fields in Elasticsearch, see
http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting.html[Scripting].
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
[float]
@ -244,7 +244,7 @@ To modify a scripted field:
. Click the *Edit* button for the scripted field you want to change.
. Make your changes and then click *Save Scripted Field* to update the field.
WARNING: Keep in mind that there's no built-in validation of a scripted field. If your scripts are buggy, you'll get
WARNING: Keep in mind that there's no built-in validation of a scripted field. If your scripts are buggy, you'll get
exceptions whenever you try to view the dynamically generated data.
[float]
@ -258,15 +258,15 @@ To delete a scripted field:
[[advanced-options]]
=== Setting Advanced Options
The *Advanced Settings* page enables you to directly edit settings that control the behavior of the Kibana application.
For example, you can change the format used to display dates, specify the default index pattern, and set the precision
for displayed decimal values.
The *Advanced Settings* page enables you to directly edit settings that control the behavior of the Kibana application.
For example, you can change the format used to display dates, specify the default index pattern, and set the precision
for displayed decimal values.
To set advanced options:
. Go to *Settings > Advanced*.
. Click the *Edit* button for the option you want to modify.
. Enter a new value for the option.
. Enter a new value for the option.
. Click the *Save* button.
include::advanced-settings.asciidoc[]
@ -274,8 +274,8 @@ include::advanced-settings.asciidoc[]
[[kibana-server-properties]]
=== Setting Kibana Server Properties
The Kibana server reads properties from the `kibana.yml` file on startup. The default settings configure Kibana to run
on `localhost:5601`. To change the host or port number, or connect to Elasticsearch running on a different machine,
The Kibana server reads properties from the `kibana.yml` file on startup. The default settings configure Kibana to run
on `localhost:5601`. To change the host or port number, or connect to Elasticsearch running on a different machine,
you'll need to update your `kibana.yml` file. You can also enable SSL and set a variety of other options.
include::kibana-yml.asciidoc[]
@ -288,7 +288,7 @@ deprecated[4.2, The names of several Kibana server properties changed in the 4.2
`server.port` added[4.2]:: The port that the Kibana server runs on.
+
*alias*: `port` deprecated[4.2]
+
+
*default*: `5601`
`server.host` added[4.2]:: The host to bind the Kibana server to.
@ -306,7 +306,7 @@ deprecated[4.2, The names of several Kibana server properties changed in the 4.2
`elasticsearch.preserveHost` added[4.2]:: By default, the host specified in the incoming request from the browser is specified as the host in the corresponding request Kibana sends to Elasticsearch. If you set this option to `false`, Kibana uses the host specified in `elasticsearch_url`.
+
*alias*: `elasticsearch_preserve_host` deprecated[4.2]
+
+
*default*: `true`
`elasticsearch.ssl.cert` added[4.2]:: This parameter specifies the path to the SSL certificate for Elasticsearch instances that require a client certificate.
@ -328,25 +328,25 @@ deprecated[4.2, The names of several Kibana server properties changed in the 4.2
`elasticsearch.pingTimeout` added[4.2]:: This parameter specifies the maximum wait time in milliseconds for ping responses by Elasticsearch.
+
*alias*: `ping_timeout` deprecated[4.2]
+
+
*default*: `1500`
`elasticsearch.startupTimeout` added[4.2]:: This parameter specifies the maximum wait time in milliseconds for Elasticsearch discovery at Kibana startup. Kibana repeats attempts to discover an Elasticsearch cluster after the specified time elapses.
+
*alias*: `startup_timeout` deprecated[4.2]
+
+
*default*: `5000`
`kibana.index` added[4.2]:: The name of the index where saved searched, visualizations, and dashboards will be stored..
+
*alias*: `kibana_index` deprecated[4.2]
+
+
*default*: `.kibana`
`kibana.defaultAppId` added[4.2]:: The page that will be displayed when you launch Kibana: `discover`, `visualize`, `dashboard`, or `settings`.
+
*alias*: `default_app_id` deprecated[4.2]
+
+
*default*: `"discover"`
`logging.silent` added[4.2]:: Set this value to `true` to suppress all logging output.
@ -373,7 +373,7 @@ deprecated[4.2, The names of several Kibana server properties changed in the 4.2
`elasticsearch.requestTimeout` added[4.2]:: How long to wait for responses from the Kibana backend or Elasticsearch, in milliseconds.
+
*alias*: `request_timeout` deprecated[4.2]
+
+
*default*: `500000`
`elasticsearch.requestHeadersWhitelist:` added[5.0]:: List of Kibana client-side headers to send to Elasticsearch. To send *no* client-side headers, set this value to [] (an empty list).
@ -383,16 +383,16 @@ deprecated[4.2, The names of several Kibana server properties changed in the 4.2
`elasticsearch.shardTimeout` added[4.2]:: How long Elasticsearch should wait for responses from shards. Set to 0 to disable.
+
*alias*: `shard_timeout` deprecated[4.2]
+
+
*default*: `0`
`elasticsearch.ssl.verify` added[4.2]:: Indicates whether or not to validate the Elasticsearch SSL certificate. Set to false to disable SSL verification.
+
*alias*: `verify_ssl` deprecated[4.2]
+
+
*default*: `true`
`elasticsearch.ssl.ca`:: An array of paths to the CA certificates for your Elasticsearch instance. Specify if
`elasticsearch.ssl.ca`:: An array of paths to the CA certificates for your Elasticsearch instance. Specify if
you are using a self-signed certificate so the certificate can be verified. Disable `elasticsearch.ssl.verify` otherwise.
+
*alias*: `ca` deprecated[4.2]
@ -417,36 +417,36 @@ you are using a self-signed certificate so the certificate can be verified. Disa
////
[[managing-saved-objects]]
=== Managing Saved Searches, Visualizations, and Dashboards
=== Managing Saved Searches, Visualizations, and Dashboards
You can view, edit, and delete saved searches, visualizations, and dashboards from *Settings > Objects*. You can also
You can view, edit, and delete saved searches, visualizations, and dashboards from *Settings > Objects*. You can also
export or import sets of searches, visualizations, and dashboards.
Viewing a saved object displays the selected item in the *Discover*, *Visualize*, or *Dashboard* page. To view a saved
Viewing a saved object displays the selected item in the *Discover*, *Visualize*, or *Dashboard* page. To view a saved
object:
. Go to *Settings > Objects*.
. Select the object you want to view.
. Select the object you want to view.
. Click the *View* button.
Editing a saved object enables you to directly modify the object definition. You can change the name of the object, add
a description, and modify the JSON that defines the object's properties.
Editing a saved object enables you to directly modify the object definition. You can change the name of the object, add
a description, and modify the JSON that defines the object's properties.
If you attempt to access an object whose index has been deleted, Kibana displays its Edit Object page. You can:
* Recreate the index so you can continue using the object.
* Recreate the index so you can continue using the object.
* Delete the object and recreate it using a different index.
* Change the index name referenced in the object's `kibanaSavedObjectMeta.searchSourceJSON` to point to an existing
index pattern. This is useful if the index you were working with has been renamed.
* Change the index name referenced in the object's `kibanaSavedObjectMeta.searchSourceJSON` to point to an existing
index pattern. This is useful if the index you were working with has been renamed.
WARNING: No validation is performed for object properties. Submitting invalid changes will render the object unusable.
Generally, you should use the *Discover*, *Visualize*, or *Dashboard* pages to create new objects instead of directly
editing existing ones.
WARNING: No validation is performed for object properties. Submitting invalid changes will render the object unusable.
Generally, you should use the *Discover*, *Visualize*, or *Dashboard* pages to create new objects instead of directly
editing existing ones.
To edit a saved object:
. Go to *Settings > Objects*.
. Select the object you want to edit.
. Select the object you want to edit.
. Click the *Edit* button.
. Make your changes to the object definition.
. Click the *Save Object* button.
@ -454,18 +454,18 @@ To edit a saved object:
To delete a saved object:
. Go to *Settings > Objects*.
. Select the object you want to delete.
. Select the object you want to delete.
. Click the *Delete* button.
. Confirm that you really want to delete the object.
To export a set of objects:
. Go to *Settings > Objects*.
. Select the type of object you want to export. You can export a set of dashboards, searches, or visualizations.
. Select the type of object you want to export. You can export a set of dashboards, searches, or visualizations.
. Click the selection box for the objects you want to export, or click the *Select All* box.
. Click *Export* to select a location to write the exported JSON.
WARNING: Exported dashboards do not include their associated index patterns. Re-create the index patterns manually before
WARNING: Exported dashboards do not include their associated index patterns. Re-create the index patterns manually before
importing saved dashboards to a Kibana instance running on another Elasticsearch cluster.
To import a set of objects:

4
docs/setup.asciidoc
View file

@ -83,8 +83,8 @@ simply be the name of a single index.
reads the index mapping to list all of the fields that contain a timestamp. If your index doesn't have time-based data,
disable the *Index contains time-based events* option.
+
WARNING: Using event times to create index names is *deprecated* in this release of Kibana. Starting in the 2.1
release, Elasticsearch includes sophisticated date parsing APIs that Kibana uses to determine date information,
WARNING: Using event times to create index names is *deprecated* in this release of Kibana. Starting in the 2.1
release, Elasticsearch includes sophisticated date parsing APIs that Kibana uses to determine date information,
removing the need to specify dates in the index pattern name.
+
. Click *Create* to add the index pattern. This first pattern is automatically configured as the default.

2
docs/string-formatter.asciidoc
View file

@ -3,7 +3,7 @@ The `String` field formatter can apply the following transformations to the fiel
* Convert to lowercase
* Convert to uppercase
* Convert to title case
* Apply the short dots transformation, which replaces the content before a `.` character with the first character of
* Apply the short dots transformation, which replaces the content before a `.` character with the first character of
that content, as in the following example:
[horizontal]

92
docs/tilemap.asciidoc
View file

@ -3,72 +3,72 @@
A tile map displays a geographic area overlaid with circles keyed to the data determined by the buckets you specify.
The default _metrics_ aggregation for a tile map is the *Count* aggregation. You can select any of the following
The default _metrics_ aggregation for a tile map is the *Count* aggregation. You can select any of the following
aggregations as the metrics aggregation:
*Count*:: The {ref}search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
*Count*:: The {ref}search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
the elements in the selected index pattern.
*Average*:: This aggregation returns the {ref}search-aggregations-metrics-avg-aggregation.html[_average_] of a numeric
*Average*:: This aggregation returns the {ref}search-aggregations-metrics-avg-aggregation.html[_average_] of a numeric
field. Select a field from the drop-down.
*Sum*:: The {ref}search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
*Sum*:: The {ref}search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
field. Select a field from the drop-down.
*Min*:: The {ref}search-aggregations-metrics-min-aggregation.html[_min_] aggregation returns the minimum value of a
*Min*:: The {ref}search-aggregations-metrics-min-aggregation.html[_min_] aggregation returns the minimum value of a
numeric field. Select a field from the drop-down.
*Max*:: The {ref}search-aggregations-metrics-max-aggregation.html[_max_] aggregation returns the maximum value of a
*Max*:: The {ref}search-aggregations-metrics-max-aggregation.html[_max_] aggregation returns the maximum value of a
numeric field. Select a field from the drop-down.
*Unique Count*:: The {ref}search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
*Unique Count*:: The {ref}search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
the number of unique values in a field. Select a field from the drop-down.
Enter a string in the *Custom Label* field to change the display label.
The _buckets_ aggregations determine what information is being retrieved from your data set.
Before you choose a buckets aggregation, specify if you are splitting the chart or displaying the buckets as *Geo
Before you choose a buckets aggregation, specify if you are splitting the chart or displaying the buckets as *Geo
Coordinates* on a single chart. A multiple chart split must run before any other aggregations.
Tile maps use the *Geohash* aggregation as their initial aggregation. Select a field, typically coordinates, from the
drop-down. The *Precision* slider determines the granularity of the results displayed on the map. See the documentation
for the {ref}/search-aggregations-bucket-geohashgrid-aggregation.html#_cell_dimensions_at_the_equator[geohash grid]
drop-down. The *Precision* slider determines the granularity of the results displayed on the map. See the documentation
for the {ref}/search-aggregations-bucket-geohashgrid-aggregation.html#_cell_dimensions_at_the_equator[geohash grid]
aggregation for details on the area specified by each precision level. Kibana supports a maximum geohash length of 7.
NOTE: Higher precisions increase memory usage for the browser displaying Kibana as well as for the underlying
NOTE: Higher precisions increase memory usage for the browser displaying Kibana as well as for the underlying
Elasticsearch cluster.
Once you've specified a buckets aggregation, you can define sub-aggregations to refine the visualization. Tile maps
only support sub-aggregations as split charts. Click *+ Add Sub Aggregation*, then *Split Chart* to select a
Once you've specified a buckets aggregation, you can define sub-aggregations to refine the visualization. Tile maps
only support sub-aggregations as split charts. Click *+ Add Sub Aggregation*, then *Split Chart* to select a
sub-aggregation from the list of types:
*Date Histogram*:: A {ref}search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
*Date Histogram*:: A {ref}search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
down to one second.
*Histogram*:: A standard {ref}search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
*Histogram*:: A standard {ref}search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
intervals in the histogram.
*Range*:: With a {ref}search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
*Range*:: With a {ref}search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
a range.
After changing options, click the *Apply changes* button to update your visualization, or the grey *Discard
After changing options, click the *Apply changes* button to update your visualization, or the grey *Discard
changes* button to keep your visualization in its current state.
*Date Range*:: A {ref}search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
*Date Range*:: A {ref}search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
Click the red *(/)* symbol to remove a range.
*IPv4 Range*:: The {ref}search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to
remove a range.
*Terms*:: A {ref}search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
*Terms*:: A {ref}search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
or bottom _n_ elements of a given field to display, ordered by count or a custom metric.
*Filters*:: You can specify a set of {ref}search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[] *label* button to open the label field, where you can type
*Filters*:: You can specify a set of {ref}search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[] *label* button to open the label field, where you can type
in a name to display on the visualization.
*Significant Terms*:: Displays the results of the experimental
{ref}search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. The value of the
*Significant Terms*:: Displays the results of the experimental
{ref}search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation. The value of the
*Size* parameter defines the number of entries this aggregation returns.
*Geohash*:: The {ref}search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation displays points
*Geohash*:: The {ref}search-aggregations-bucket-geohashgrid-aggregation.html[_geohash_] aggregation displays points
based on the geohash coordinates.
NOTE: By default, the *Change precision on map zoom* box is checked. Uncheck the box to disable this behavior.
@ -79,13 +79,13 @@ You can click the *Advanced* link to display more customization options for your
*Exclude Pattern*:: Specify a pattern in this field to exclude from the results.
*Include Pattern*:: Specify a pattern in this field to include in the results.
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.
@ -95,14 +95,14 @@ Select the *Options* tab to change the following aspects of the chart:
*Map type*:: Select one of the following options from the drop-down.
*_Scaled Circle Markers_*:: Scale the size of the markers based on the metric aggregation's value.
*_Shaded Circle Markers_*:: Displays the markers with different shades based on the metric aggregation's value.
*_Shaded Geohash Grid_*:: Displays the rectangular cells of the geohash grid instead of circular markers, with different
*_Shaded Geohash Grid_*:: Displays the rectangular cells of the geohash grid instead of circular markers, with different
shades based on the metric aggregation's value.
*_Heatmap_*:: A heat map applies blurring to the circle markers and applies shading based on the amount of overlap.
*_Heatmap_*:: A heat map applies blurring to the circle markers and applies shading based on the amount of overlap.
Heatmaps have the following options:
* *Radius*: Sets the size of the individual heatmap dots.
* *Blur*: Sets the amount of blurring for the heatmap dots.
* *Maximum zoom*: Tilemaps in Kibana support 18 zoom levels. This slider defines the maximum zoom level at which the
* *Maximum zoom*: Tilemaps in Kibana support 18 zoom levels. This slider defines the maximum zoom level at which the
heatmap dots appear at full intensity.
* *Minimum opacity*: Sets the opacity cutoff for the dots.
* *Show Tooltip*: Check this box to have a tooltip with the values for a given dot when the cursor is on that dot.
@ -116,12 +116,12 @@ Map Service (WMS) standard. Specify the following elements:
layers.
* *WMS version*: The WMS version used by this map service.
* *WMS format*: The image format used by this map service. The two most common formats are `image/png` and `image/jpeg`.
* *WMS attribution*: An optional, user-defined string that identifies the map source. Maps display the attribution string
* *WMS attribution*: An optional, user-defined string that identifies the map source. Maps display the attribution string
in the lower right corner.
* *WMS styles*: A comma-separated list of the styles to use in this visualization. Each map server provides its own styling
* *WMS styles*: A comma-separated list of the styles to use in this visualization. Each map server provides its own styling
options.
After changing options, click the *Apply changes* button to update your visualization, or the grey *Discard
After changing options, click the *Apply changes* button to update your visualization, or the grey *Discard
changes* button to keep your visualization in its current state.
[float]
@ -129,12 +129,12 @@ changes* button to keep your visualization in its current state.
==== Navigating the Map
Once your tilemap visualization is ready, you can explore the map in several ways:
* Click and hold anywhere on the map and move the cursor to move the map center. Hold Shift and drag a bounding box
across the map to zoom in on the selection.
* Click and hold anywhere on the map and move the cursor to move the map center. Hold Shift and drag a bounding box
across the map to zoom in on the selection.
* Click the *Zoom In/Out* image:images/viz-zoom.png[] buttons to change the zoom level manually.
* Click the *Fit Data Bounds* image:images/viz-fit-bounds.png[] button to automatically crop the map boundaries to the
* Click the *Fit Data Bounds* image:images/viz-fit-bounds.png[] button to automatically crop the map boundaries to the
geohash buckets that have at least one result.
* Click the *Latitude/Longitude Filter* image:images/viz-lat-long-filter.png[] button, then drag a bounding box across the
* Click the *Latitude/Longitude Filter* image:images/viz-lat-long-filter.png[] button, then drag a bounding box across the
map, to create a filter for the box coordinates.
[float]

12
docs/url-formatter.asciidoc
View file

@ -1,9 +1,9 @@
The `Url` field formatter can take on the following types:
* The *Link* type turn the contents of the field into an URL.
* The *Link* type turn the contents of the field into an URL.
* The *Image* type can be used to specify an image directory where a specified image is located.
You can customize either type of URL field formats with templates. A _URL template_ enables you to add specific values
You can customize either type of URL field formats with templates. A _URL template_ enables you to add specific values
to a partial URL. Use the string `{{value}}` to add the contents of the field to a fixed URL.
For example, when:
@ -14,15 +14,15 @@ For example, when:
The resulting URL replaces `{{value}}` with the user ID from the field.
The `{{value}}` template string URL-encodes the contents of the field. When a field encoded into a URL contains
non-ASCII characters, these characters are replaced with a `%` character and the appropriate hexadecimal code. For
The `{{value}}` template string URL-encodes the contents of the field. When a field encoded into a URL contains
non-ASCII characters, these characters are replaced with a `%` character and the appropriate hexadecimal code. For
example, field contents `users/admin` result in the URL template adding `users%2Fadmin`.
When the formatter type is set to *Image*, the `{{value}}` template string specifies the name of an image at the
When the formatter type is set to *Image*, the `{{value}}` template string specifies the name of an image at the
specified URI.
In order to pass unescaped values directly to the URL, use the `{{rawValue}}` string.
A _Label Template_ enables you to specify a text string that displays instead of the raw URL. You can use the
A _Label Template_ enables you to specify a text string that displays instead of the raw URL. You can use the
`{{value}}` template string normally in label templates. You can also use the `{{url}}` template string to display
the formatted URL.

32
docs/vertbar.asciidoc
View file

@ -3,24 +3,24 @@
This chart's Y axis is the _metrics_ axis. The following aggregations are available for this axis:
*Count*:: The {ref}/search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
*Count*:: The {ref}/search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
the elements in the selected index pattern.
*Average*:: This aggregation returns the {ref}/search-aggregations-metrics-avg-aggregation.html[_average_] of a numeric
*Average*:: This aggregation returns the {ref}/search-aggregations-metrics-avg-aggregation.html[_average_] of a numeric
field. Select a field from the drop-down.
*Sum*:: The {ref}/search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
*Sum*:: The {ref}/search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
field. Select a field from the drop-down.
*Min*:: The {ref}/search-aggregations-metrics-min-aggregation.html[_min_] aggregation returns the minimum value of a
*Min*:: The {ref}/search-aggregations-metrics-min-aggregation.html[_min_] aggregation returns the minimum value of a
numeric field. Select a field from the drop-down.
*Max*:: The {ref}/search-aggregations-metrics-max-aggregation.html[_max_] aggregation returns the maximum value of a
*Max*:: The {ref}/search-aggregations-metrics-max-aggregation.html[_max_] aggregation returns the maximum value of a
numeric field. Select a field from the drop-down.
*Unique Count*:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
*Unique Count*:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
the number of unique values in a field. Select a field from the drop-down.
*Percentiles*:: The {ref}/search-aggregations-metrics-percentile-aggregation.html[_percentile_] aggregation divides the
values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one
or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a
*Percentiles*:: The {ref}/search-aggregations-metrics-percentile-aggregation.html[_percentile_] aggregation divides the
values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one
or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a
percentile field.
*Percentile Rank*:: The {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[_percentile ranks_]
aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field
*Percentile Rank*:: The {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[_percentile ranks_]
aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field
from the drop-down, then specify one or more percentile rank values in the *Values* fields. Click the *X* to remove a
values field. Click *+Add* to add a values field.
@ -31,7 +31,7 @@ Enter a string in the *Custom Label* field to change the display label.
The _buckets_ aggregations determine what information is being retrieved from your data set.
Before you choose a buckets aggregation, specify if you are splitting slices within a single chart or splitting into
multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change
multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change
if the splits are displayed in a row or a column by clicking the *Rows | Columns* selector.
include::x-axis-aggs.asciidoc[]
@ -44,20 +44,20 @@ You can click the *Advanced* link to display more customization options for your
*Exclude Pattern*:: Specify a pattern in this field to exclude from the results.
*Include Pattern*:: Specify a pattern in this field to include in the results.
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
*JSON Input*:: A text field where you can add specific JSON-formatted properties to merge with the aggregation
definition, as in the following example:
[source,shell]
{ "script" : "doc['grade'].value * 1.2" }
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
NOTE: In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable
{ref}/modules-scripting.html[dynamic Groovy scripting].
The availability of these options varies depending on the aggregation you choose.
Select the *Options* to change the following aspects of the table:
*Bar Mode*:: When you have multiple Y-axis aggregations defined for your chart, you can use this drop-down to affect
*Bar Mode*:: When you have multiple Y-axis aggregations defined for your chart, you can use this drop-down to affect
how the aggregations display on the chart:
_stacked_:: Stacks the aggregations on top of each other.
@ -67,7 +67,7 @@ _grouped_:: Groups the results horizontally by the lowest-priority sub-aggregati
Checkboxes are available to enable and disable the following behaviors:
*Show Tooltip*:: Check this box to enable the display of tooltips.
*Scale Y-Axis to Data Bounds*:: The default Y axis bounds are zero and the maximum value returned in the data. Check
*Scale Y-Axis to Data Bounds*:: The default Y axis bounds are zero and the maximum value returned in the data. Check
this box to change both upper and lower bounds to match the values returned in the data.
[float]

12
docs/visualization-raw-data.asciidoc
View file

@ -1,8 +1,8 @@
To display the raw data behind the visualization, click the bar at the bottom of the container. Tabs with detailed
To display the raw data behind the visualization, click the bar at the bottom of the container. Tabs with detailed
information about the raw data replace the visualization:
.Table
A representation of the underlying data, presented as a paginated data grid. You can sort the items
A representation of the underlying data, presented as a paginated data grid. You can sort the items
in the table by clicking on the table headers at the top of each column.
.Request
@ -12,11 +12,11 @@ The raw request used to query the server, presented in JSON format.
The raw response from the server, presented in JSON format.
.Statistics
A summary of the statistics related to the request and the response, presented as a data grid. The data
grid includes the query duration, the request duration, the total number of records found on the server, and the
A summary of the statistics related to the request and the response, presented as a data grid. The data
grid includes the query duration, the request duration, the total number of records found on the server, and the
index pattern used to make the query.
To export the raw data behind the visualization as a comma-separated-values (CSV) file, click on either the
*Raw* or *Formatted* links at the bottom of any of the detailed information tabs. A raw export contains the data as it
is stored in Elasticsearch. A formatted export contains the results of any applicable Kibana
*Raw* or *Formatted* links at the bottom of any of the detailed information tabs. A raw export contains the data as it
is stored in Elasticsearch. A formatted export contains the results of any applicable Kibana
<<managing-fields,field formatters>>.

64
docs/visualize.asciidoc
View file

@ -1,15 +1,15 @@
[[visualize]]
== Visualize
You can use the _Visualize_ page to design data visualizations. You can save these visualizations, use them
individually, or combine visualizations into a _dashboard_. A visualization can be based on one of the following
You can use the _Visualize_ page to design data visualizations. You can save these visualizations, use them
individually, or combine visualizations into a _dashboard_. A visualization can be based on one of the following
data source types:
* A new interactive search
* A saved search
* An existing saved visualization
Visualizations are based on the {ref}search-aggregations.html[aggregation] feature introduced in Elasticsearch 1.x.
Visualizations are based on the {ref}search-aggregations.html[aggregation] feature introduced in Elasticsearch 1.x.
[float]
[[createvis]]
@ -27,22 +27,22 @@ Choose a visualization type when you start the New Visualization wizard:
[horizontal]
<<area-chart,Area chart>>:: Use area charts to visualize the total contribution of several different series.
<<data-table,Data table>>:: Use data tables to display the raw data of a composed aggregation. You can display the data
<<data-table,Data table>>:: Use data tables to display the raw data of a composed aggregation. You can display the data
table for several other visualizations by clicking at the bottom of the visualization.
<<line-chart,Line chart>>:: Use line charts to compare different series.
<<markdown-widget,Markdown widget>>:: Use the Markdown widget to display free-form information or instructions about your
<<markdown-widget,Markdown widget>>:: Use the Markdown widget to display free-form information or instructions about your
dashboard.
<<metric-chart,Metric>>:: Use the metric visualization to display a single number on your dashboard.
<<pie-chart,Pie chart>>:: Use pie charts to display each source's contribution to a total.
<<tilemap,Tile map>>:: Use tile maps to associate the results of an aggregation with geographic points.
<<vertical-bar-chart,Vertical bar chart>>:: Use vertical bar charts as a general-purpose chart.
You can also load a saved visualization that you created earlier. The saved visualization selector includes a text
field to filter by visualization name and a link to the Object Editor, accessible through *Settings > Objects*, to
You can also load a saved visualization that you created earlier. The saved visualization selector includes a text
field to filter by visualization name and a link to the Object Editor, accessible through *Settings > Objects*, to
manage your saved visualizations.
If your new visualization is a Markdown widget, selecting that type takes you to a text entry field where you enter the
text to display in the widget. For all other types of visualization, selecting the type takes you to data source
If your new visualization is a Markdown widget, selecting that type takes you to a text entry field where you enter the
text to display in the widget. For all other types of visualization, selecting the type takes you to data source
selection.
[float]
@ -50,8 +50,8 @@ selection.
==== Step 2: Choose a Data Source
You can choose a new or saved search to serve as the data source for your visualization. Searches are associated with
an index or a set of indexes. When you select _new search_ on a system with multiple indices configured, select an
index pattern from the drop-down to bring up the visualization editor.
an index or a set of indexes. When you select _new search_ on a system with multiple indices configured, select an
index pattern from the drop-down to bring up the visualization editor.
When you create a visualization from a saved search and save the visualization, the search is tied to the visualization.
When you make changes to the search that is linked to the visualization, the visualization updates automatically.
@ -60,7 +60,7 @@ When you make changes to the search that is linked to the visualization, the vis
[[visualization-editor]]
==== Step 3: The Visualization Editor
The visualization editor enables you to configure and edit visualizations. The visualization editor has the following
The visualization editor enables you to configure and edit visualizations. The visualization editor has the following
main elements:
1. <<toolbar-panel,Toolbar>>
@ -78,37 +78,37 @@ include::autorefresh.asciidoc[]
===== Toolbar
The toolbar has a search field for interactive data searches, as well as controls to manage saving and loading
visualizations. For visualizations based on saved searches, the search bar is grayed out. To edit the search, replacing
visualizations. For visualizations based on saved searches, the search bar is grayed out. To edit the search, replacing
the saved search with the edited version, double-click the search field.
The toolbar at the right of the search box has buttons for creating new visualizations, saving the current
visualization, loading an existing visualization, sharing or embedding the visualization, and refreshing the data for
The toolbar at the right of the search box has buttons for creating new visualizations, saving the current
visualization, loading an existing visualization, sharing or embedding the visualization, and refreshing the data for
the current visualization.
[float]
[[aggregation-builder]]
===== Aggregation Builder
Use the aggregation builder on the left of the page to configure the {ref}search-aggregations-metrics.html[metric] and {ref}search-aggregations-bucket.html[bucket] aggregations used in your
Use the aggregation builder on the left of the page to configure the {ref}search-aggregations-metrics.html[metric] and {ref}search-aggregations-bucket.html[bucket] aggregations used in your
visualization. Buckets are analogous to SQL `GROUP BY` statements. For more information on aggregations, see the main
{ref}search-aggregations.html[Elasticsearch aggregations reference].
Bar, line, or area chart visualizations use _metrics_ for the y-axis and _buckets_ are used for the x-axis, segment bar
colors, and row/column splits. For pie charts, use the metric for the slice size and the bucket for the number of
Bar, line, or area chart visualizations use _metrics_ for the y-axis and _buckets_ are used for the x-axis, segment bar
colors, and row/column splits. For pie charts, use the metric for the slice size and the bucket for the number of
slices.
Choose the metric aggregation for your visualization's Y axis, such as
{ref}/search-aggregations-metrics-valuecount-aggregation.html[count],
{ref}/search-aggregations-metrics-avg-aggregation.html[average],
{ref}/search-aggregations-metrics-sum-aggregation.html[sum],
{ref}/search-aggregations-metrics-min-aggregation.html[min],
{ref}/search-aggregations-metrics-max-aggregation.html[max], or
{ref}/search-aggregations-metrics-cardinality-aggregation.html[cardinality]
(unique count). Use bucket aggregations for the visualization's X axis, color slices, and row/column splits. Common
Choose the metric aggregation for your visualization's Y axis, such as
{ref}/search-aggregations-metrics-valuecount-aggregation.html[count],
{ref}/search-aggregations-metrics-avg-aggregation.html[average],
{ref}/search-aggregations-metrics-sum-aggregation.html[sum],
{ref}/search-aggregations-metrics-min-aggregation.html[min],
{ref}/search-aggregations-metrics-max-aggregation.html[max], or
{ref}/search-aggregations-metrics-cardinality-aggregation.html[cardinality]
(unique count). Use bucket aggregations for the visualization's X axis, color slices, and row/column splits. Common
bucket aggregations include date histogram, range, terms, filters, and significant terms.
You can set the order in which buckets execute. In Elasticsearch, the first aggregation determines the data set
for any subsequent aggregations. The following example involves a date bar chart of Web page hits for the top 5 file
You can set the order in which buckets execute. In Elasticsearch, the first aggregation determines the data set
for any subsequent aggregations. The following example involves a date bar chart of Web page hits for the top 5 file
extensions.
To use the same extension across all hits, set this order:
@ -123,7 +123,7 @@ To chart the top 5 extensions for each hour, use the following order:
1. *X-Axis:* Date bar chart of `@timestamp` (with 1 hour interval)
2. *Color:* Terms aggregation of extensions
For these requests, Elasticsearch creates a date bar chart from all the records, then groups the top five extensions
For these requests, Elasticsearch creates a date bar chart from all the records, then groups the top five extensions
inside each bucket, which in this example is a one-hour interval.
NOTE: Remember, each subsequent bucket slices the data from the previous bucket.
@ -131,8 +131,8 @@ NOTE: Remember, each subsequent bucket slices the data from the previous bucket.
To render the visualization on the _preview canvas_, click the *Apply Changes* button at the top right of the
Aggregation Builder.
You can learn more about aggregation and how altering the order of aggregations affects your visualizations
https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[here].
You can learn more about aggregation and how altering the order of aggregations affects your visualizations
https://www.elastic.co/blog/kibana-aggregation-execution-order-and-you[here].
[float]
[[visualize-filters]]
@ -142,7 +142,7 @@ include::filter-pinning.asciidoc[]
[[preview-canvas]]
===== Preview Canvas
The preview canvas displays a preview of the visualization you've defined in the aggregation builder. To refresh the
The preview canvas displays a preview of the visualization you've defined in the aggregation builder. To refresh the
visualization preview, clicking the *Apply Changes* image:images/apply-changes-button.png[] button on the toolbar.
include::area.asciidoc[]

42
docs/x-axis-aggs.asciidoc
View file

@ -1,43 +1,43 @@
The X axis of this chart is the _buckets_ axis. You can define buckets for the X axis, for a split area on the
The X axis of this chart is the _buckets_ axis. You can define buckets for the X axis, for a split area on the
chart, or for split charts.
This chart's X axis supports the following aggregations. Click the linked name of each aggregation to visit the main
Elasticsearch documentation for that aggregation.
*Date Histogram*:: A {ref}search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
*Date Histogram*:: A {ref}search-aggregations-bucket-datehistogram-aggregation.html[_date histogram_] is built from a
numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days,
weeks, months, or years. You can also specify a custom interval frame by selecting *Custom* as the interval and
specifying a number and a time unit in the text field. Custom interval time units are *s* for seconds, *m* for minutes,
*h* for hours, *d* for days, *w* for weeks, and *y* for years. Different units support different levels of precision,
down to one second.
*Histogram*:: A standard {ref}search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
*Histogram*:: A standard {ref}search-aggregations-bucket-histogram-aggregation.html[_histogram_] is built from a
numeric field. Specify an integer interval for this field. Select the *Show empty buckets* checkbox to include empty
intervals in the histogram.
*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
*Range*:: With a {ref}/search-aggregations-bucket-range-aggregation.html[_range_] aggregation, you can specify ranges
of values for a numeric field. Click *Add Range* to add a set of range endpoints. Click the red *(x)* symbol to remove
a range.
*Date Range*:: A {ref}search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
*Date Range*:: A {ref}search-aggregations-bucket-daterange-aggregation.html[_date range_] aggregation reports values
that are within a range of dates that you specify. You can specify the ranges for the dates using
{ref}common-options.html#date-math[_date math_] expressions. Click *Add Range* to add a set of range endpoints.
Click the red *(/)* symbol to remove a range.
*IPv4 Range*:: The {ref}search-aggregations-bucket-iprange-aggregation.html[_IPv4 range_] aggregation enables you to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to
specify ranges of IPv4 addresses. Click *Add Range* to add a set of range endpoints. Click the red *(/)* symbol to
remove a range.
*Terms*:: A {ref}search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
*Terms*:: A {ref}search-aggregations-bucket-terms-aggregation.html[_terms_] aggregation enables you to specify the top
or bottom _n_ elements of a given field to display, ordered by count or a custom metric.
*Filters*:: You can specify a set of {ref}/search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[Label button icon] *label* button to open the label field, where
*Filters*:: You can specify a set of {ref}/search-aggregations-bucket-filters-aggregation.html[_filters_] for the data.
You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click *Add Filter* to
add another filter. Click the image:images/labelbutton.png[Label button icon] *label* button to open the label field, where
you can type in a name to display on the visualization.
*Significant Terms*:: Displays the results of the experimental
*Significant Terms*:: Displays the results of the experimental
{ref}/search-aggregations-bucket-significantterms-aggregation.html[_significant terms_] aggregation.
Once you've specified an X axis aggregation, you can define sub-aggregations to refine the visualization. Click *+ Add
Once you've specified an X axis aggregation, you can define sub-aggregations to refine the visualization. Click *+ Add
Sub Aggregation* to define a sub-aggregation, then choose *Split Area* or *Split Chart*, then select a sub-aggregation
from the list of types.
When multiple aggregations are defined on a chart's axis, you can use the up or down arrows to the right of the
When multiple aggregations are defined on a chart's axis, you can use the up or down arrows to the right of the
aggregation's type to change the aggregation's priority.
Enter a string in the *Custom Label* field to change the display label.

24
docs/y-axis-aggs.asciidoc
View file

@ -1,23 +1,23 @@
*Count*:: The {ref}/search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
*Count*:: The {ref}/search-aggregations-metrics-valuecount-aggregation.html[_count_] aggregation returns a raw count of
the elements in the selected index pattern.
*Average*:: This aggregation returns the {ref}/search-aggregations-metrics-avg-aggregation.html[_average_] of a numeric
*Average*:: This aggregation returns the {ref}/search-aggregations-metrics-avg-aggregation.html[_average_] of a numeric
field. Select a field from the drop-down.
*Sum*:: The {ref}/search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
*Sum*:: The {ref}/search-aggregations-metrics-sum-aggregation.html[_sum_] aggregation returns the total sum of a numeric
field. Select a field from the drop-down.
*Min*:: The {ref}/search-aggregations-metrics-min-aggregation.html[_min_] aggregation returns the minimum value of a
*Min*:: The {ref}/search-aggregations-metrics-min-aggregation.html[_min_] aggregation returns the minimum value of a
numeric field. Select a field from the drop-down.
*Max*:: The {ref}/search-aggregations-metrics-max-aggregation.html[_max_] aggregation returns the maximum value of a
*Max*:: The {ref}/search-aggregations-metrics-max-aggregation.html[_max_] aggregation returns the maximum value of a
numeric field. Select a field from the drop-down.
*Unique Count*:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
*Unique Count*:: The {ref}/search-aggregations-metrics-cardinality-aggregation.html[_cardinality_] aggregation returns
the number of unique values in a field. Select a field from the drop-down.
*Standard Deviation*:: The {ref}/search-aggregations-metrics-extendedstats-aggregation.html[_extended stats_]
*Standard Deviation*:: The {ref}/search-aggregations-metrics-extendedstats-aggregation.html[_extended stats_]
aggregation returns the standard deviation of data in a numeric field. Select a field from the drop-down.
*Percentiles*:: The {ref}/search-aggregations-metrics-percentile-aggregation.html[_percentile_] aggregation divides the
values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one
or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a
*Percentiles*:: The {ref}/search-aggregations-metrics-percentile-aggregation.html[_percentile_] aggregation divides the
values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one
or more ranges in the *Percentiles* fields. Click the *X* to remove a percentile field. Click *+ Add* to add a
percentile field.
*Percentile Rank*:: The {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[_percentile ranks_]
aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field
*Percentile Rank*:: The {ref}/search-aggregations-metrics-percentile-rank-aggregation.html[_percentile ranks_]
aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field
from the drop-down, then specify one or more percentile rank values in the *Values* fields. Click the *X* to remove a
values field. Click *+Add* to add a values field.