mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
8f078224aa
## Summary Closes #156121 This PR is for Issue #156121 and adds the ability to perform [IP Prefix](https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-bucket-ipprefix-aggregation.html) aggregation-based visualizations within the Kibana UI. Previously this aggregation could only be done in DevTools as a manual query to Elasticsearch and not visualized.   ### Various Notes * The following two folders & their subfolders had files modified for this * src/plugins/vis_default_editor/public/components * src/plugins/data/common/search/aggs * I spent a fair amount of time debating & attempting to build the PrefixLength Input boxes and their interplay with the is_ipv6 toggle button. Originally I tried having only 1 PrefixLength button that the toggle switch would modify the max value / validate the contents of. * In the end, it seemed much cleaner & straightforward to have two separate input boxes (both prefix_length.tsx components) and just create them with different options. This means that when a user toggles the switch back and forth, they would be seeing/editing two different Prefix Length boxes depending on which way the switch is. * To make it a little more clear they are different boxes, I put "IPv4" and "IPv6" in the label name for these boxes. Additionally, I think it is helpful this way if you are potentially swapping back and forth between v4 and v6 visualizations. * There is 4 new unit tests, all related to input options, added in the ip_prefix_fn.test.ts file * Note - here is a test CSV file of IPv4 addresses one could import to test locally and see this addition. [alphadataset.csv](13691358/alphadataset.csv) * Configure the Override settings in this way if uploading it to Kibana/Elastic *  ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [x] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [x] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [x] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
502 lines
6.1 KiB
Text
502 lines
6.1 KiB
Text
[[aggregation-reference]]
|
|
== Create panels with editors
|
|
|
|
{kib} provides several editors that you can use to create panels of your data. Each editor supports different features and {ref}/search-aggregations.html[{es} aggregations]. To choose the best editor for your data, review the following information.
|
|
|
|
[float]
|
|
[[chart-types]]
|
|
=== Supported panel types
|
|
|
|
[options="header"]
|
|
|===
|
|
|
|
| Panel type | *Lens* | *TSVB* | *Aggregation-based* | *Vega* | *Timelion*
|
|
|
|
| Table
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
|
|
|
| Bar, line, and area
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Split chart and small multiples
|
|
|
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
| Pie and donut
|
|
| ✓
|
|
|
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
| Sunburst
|
|
| ✓
|
|
|
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
| Treemap
|
|
| ✓
|
|
|
|
|
|
|
|
| ✓
|
|
|
|
|
|
|
| Heatmap
|
|
| ✓
|
|
|
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
| Gauge and Goal
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
| Markdown
|
|
|
|
|
| ✓
|
|
|
|
|
|
|
|
|
|
|
|
|
| Metric
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
| Tag cloud
|
|
| ✓
|
|
|
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
|===
|
|
|
|
[float]
|
|
[[xy-features]]
|
|
=== Bar, line, and area chart features
|
|
|
|
[options="header"]
|
|
|===
|
|
|
|
| Feature | *Lens* | *TSVB* | *Aggregation-based* | *Vega* | *Timelion*
|
|
|
|
| Dense time series
|
|
| Customizable
|
|
| ✓
|
|
| Customizable
|
|
| ✓
|
|
| ✓
|
|
|
|
| Percentage mode
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
| Break downs
|
|
| 1
|
|
| 1
|
|
| 3
|
|
| ∞
|
|
| 1
|
|
|
|
| Custom color with break downs
|
|
|
|
|
| Only for Filters
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
| Fit missing values
|
|
| ✓
|
|
|
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Synchronized tooltips
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
|
|
|
|
|
|
|===
|
|
|
|
[float]
|
|
[[other-features]]
|
|
=== Advanced features
|
|
|
|
[options="header"]
|
|
|===
|
|
|
|
| Feature | *Lens* | *TSVB* | *Vega* | *Timelion*
|
|
|
|
| Math
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Math across indices
|
|
|
|
|
|
|
|
| ✓
|
|
| ✓
|
|
|
|
| Visualize two indices
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Time shift
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Custom {es} queries
|
|
|
|
|
|
|
|
| ✓
|
|
|
|
|
|
|
| Normalize by time
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
|
|
|
| Automatically generated suggestions
|
|
| ✓
|
|
|
|
|
|
|
|
|
|
|
|
|
| Annotations
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
|
|
|
|===
|
|
|
|
[float]
|
|
[[table-features]]
|
|
=== Table features
|
|
|
|
[options="header"]
|
|
|===
|
|
|
|
| Feature | *Lens* | *TSVB* | *Aggregation-based*
|
|
|
|
| Summary row
|
|
| ✓
|
|
|
|
|
| ✓
|
|
|
|
| Pivot table
|
|
| ✓
|
|
|
|
|
|
|
|
|
|
| Calculated column
|
|
| Formula
|
|
| ✓
|
|
| Percent only
|
|
|
|
| Color by value
|
|
| ✓
|
|
| ✓
|
|
|
|
|
|
|
|===
|
|
|
|
[float]
|
|
[[custom-functions]]
|
|
=== Functions
|
|
|
|
[options="header"]
|
|
|===
|
|
|
|
| Function | *Lens* | *TSVB*
|
|
|
|
| Counter rate
|
|
| ✓
|
|
| ✓
|
|
|
|
| <<tsvb-function-reference, Filter ratio>>
|
|
| Use <<lens-formulas, formula>>
|
|
| ✓
|
|
|
|
| <<tsvb-function-reference, Positive only>>
|
|
|
|
|
| ✓
|
|
|
|
| <<tsvb-function-reference, Series agg>>
|
|
| Use <<lens-formulas, formula>>
|
|
| ✓
|
|
|
|
| Static value
|
|
| ✓
|
|
| ✓
|
|
|
|
|===
|
|
|
|
[float]
|
|
[[metrics-aggregations]]
|
|
=== Metrics aggregations
|
|
|
|
Metric aggregations are calculated from the values in the aggregated documents. The values are extracted from the document fields.
|
|
|
|
[options="header"]
|
|
|===
|
|
|
|
| Aggregation | *Lens* | *TSVB* | *Aggregation-based* | *Vega*
|
|
|
|
| Metrics with filters
|
|
| ✓
|
|
|
|
|
|
|
|
| ✓
|
|
|
|
| Average, Sum, Max, Min
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Unique count (Cardinality)
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Percentiles and Median
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Percentiles Rank
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Standard deviation
|
|
|
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Sum of squares
|
|
|
|
|
| ✓
|
|
|
|
|
| ✓
|
|
|
|
| Top hit (Last value)
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Value count
|
|
| ✓
|
|
|
|
|
| ✓
|
|
| ✓
|
|
|
|
| Variance
|
|
| ✓
|
|
| ✓
|
|
|
|
|
| ✓
|
|
|
|
|===
|
|
|
|
For information about {es} metrics aggregations, refer to {ref}/search-aggregations-metrics.html[Metrics aggregations].
|
|
|
|
[float]
|
|
[[bucket-aggregations]]
|
|
=== Bucket aggregations
|
|
|
|
Bucket aggregations group, or bucket, documents based on the aggregation type. To define the document buckets, bucket aggregations compute and return the number of documents for each bucket.
|
|
|
|
[options="header"]
|
|
|===
|
|
| Aggregation | *Lens* | *TSVB* | *Aggregation-based* | *Vega*
|
|
|
|
| Histogram
|
|
| ✓
|
|
|
|
|
| ✓
|
|
| ✓
|
|
|
|
| Date histogram
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Date range
|
|
| Use filters
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Filter
|
|
|
|
|
| ✓
|
|
|
|
|
| ✓
|
|
|
|
| Filters
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| GeoHash grid
|
|
|
|
|
|
|
|
| ✓
|
|
| ✓
|
|
|
|
| IP prefix
|
|
| Use filters
|
|
| Use filters
|
|
| ✓
|
|
| ✓
|
|
|
|
| IP range
|
|
| Use filters
|
|
| Use filters
|
|
| ✓
|
|
| ✓
|
|
|
|
| Range
|
|
| ✓
|
|
| Use filters
|
|
| ✓
|
|
| ✓
|
|
|
|
| Terms
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Significant terms
|
|
| ✓
|
|
|
|
|
| ✓
|
|
| ✓
|
|
|
|
|===
|
|
|
|
For information about {es} bucket aggregations, refer to {ref}/search-aggregations-bucket.html[Bucket aggregations].
|
|
|
|
[float]
|
|
[[pipeline-aggregations]]
|
|
=== Pipeline aggregations
|
|
|
|
Pipeline aggregations are dependent on the outputs calculated from other aggregations. Parent pipeline aggregations are provided with the output of the parent aggregation, and compute new buckets or aggregations that are added to existing buckets. Sibling pipeline aggregations are provided with the output of a sibling aggregation, and compute new aggregations for the same level as the sibling aggregation.
|
|
|
|
[options="header"]
|
|
|===
|
|
|
|
| Aggregation | *Lens* | *TSVB* | *Aggregation-based* | *Vega*
|
|
|
|
| Avg bucket
|
|
| <<lens-formulas, `overall_average` formula>>
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Derivative
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Max bucket
|
|
| <<lens-formulas, `overall_max` formula>>
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Min bucket
|
|
| <<lens-formulas, `overall_min` formula>>
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Sum bucket
|
|
| <<lens-formulas, `overall_sum` formula>>
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Moving average
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Cumulative sum
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Bucket script
|
|
|
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
| Bucket selector
|
|
|
|
|
|
|
|
|
|
|
| ✓
|
|
|
|
| Serial differencing
|
|
|
|
|
| ✓
|
|
| ✓
|
|
| ✓
|
|
|
|
|===
|
|
|
|
For information about {es} pipeline aggregations, refer to {ref}/search-aggregations-pipeline.html[Pipeline aggregations].
|
|
|
|
include::lens.asciidoc[]
|
|
include::tsvb.asciidoc[]
|
|
include::vega.asciidoc[]
|
|
include::aggregation-based.asciidoc[]
|
|
include::timelion.asciidoc[]
|