github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/user/dashboard/aggregation-based.asciidoc
Julia Rechkunova db1c118fa1
[8.x] [Discover] Rename Saved Search to Discover Session (#202217) (#204818) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Discover] Rename Saved Search to Discover Session
(#202217)](https://github.com/elastic/kibana/pull/202217)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Julia
Rechkunova","email":"julia.rechkunova@elastic.co"},"sourceCommit":{"committedDate":"2024-12-18T12:45:32Z","message":"[Discover]
Rename Saved Search to Discover Session (#202217)\n\n- Closes
https://github.com/elastic/kibana/issues/174144\r\n\r\n##
Summary\r\n\r\nThis PR renames Saved Search into Discover Session in
UI.\r\n\r\n- [x] Discover\r\n- [x] Saved Objects page and modal\r\n- [x]
Docs\r\n- [x] Other occurrences \r\n\r\n<img width=\"810\"
alt=\"Screenshot 2024-12-16 at 15 20
10\"\r\nsrc=\"https://github.com/user-attachments/assets/e39083da-f496-4ed5-bbdc-8e184897fc41\"\r\n/>\r\n<img
width=\"1220\" alt=\"Screenshot 2024-12-11 at 14 40
15\"\r\nsrc=\"https://github.com/user-attachments/assets/a6dc3e29-e1a5-4304-8148-0108231cc9de\"\r\n/>\r\n<img
width=\"1476\" alt=\"Screenshot 2024-12-16 at 14 57
39\"\r\nsrc=\"https://github.com/user-attachments/assets/4b34c70e-e21a-4d82-85f2-f5a3cb7a3826\"\r\n/>\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [x] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] The PR
description includes the appropriate Release Notes section,\r\nand the
correct `release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
wajihaparvez <wajiha.parvez@elastic.co>\r\nCo-authored-by: Davis McPhee
<davismcphee@hotmail.com>\r\nCo-authored-by: Julia Bardi
<90178898+juliaElastic@users.noreply.github.com>","sha":"40c90550f12f99f23e6b7d545c7427e30d648dab","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:Fleet","v9.0.0","Team:DataDiscovery","backport:prev-minor","ci:project-deploy-observability"],"number":202217,"url":"https://github.com/elastic/kibana/pull/202217","mergeCommit":{"message":"[Discover]
Rename Saved Search to Discover Session (#202217)\n\n- Closes
https://github.com/elastic/kibana/issues/174144\r\n\r\n##
Summary\r\n\r\nThis PR renames Saved Search into Discover Session in
UI.\r\n\r\n- [x] Discover\r\n- [x] Saved Objects page and modal\r\n- [x]
Docs\r\n- [x] Other occurrences \r\n\r\n<img width=\"810\"
alt=\"Screenshot 2024-12-16 at 15 20
10\"\r\nsrc=\"https://github.com/user-attachments/assets/e39083da-f496-4ed5-bbdc-8e184897fc41\"\r\n/>\r\n<img
width=\"1220\" alt=\"Screenshot 2024-12-11 at 14 40
15\"\r\nsrc=\"https://github.com/user-attachments/assets/a6dc3e29-e1a5-4304-8148-0108231cc9de\"\r\n/>\r\n<img
width=\"1476\" alt=\"Screenshot 2024-12-16 at 14 57
39\"\r\nsrc=\"https://github.com/user-attachments/assets/4b34c70e-e21a-4d82-85f2-f5a3cb7a3826\"\r\n/>\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [x] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] The PR
description includes the appropriate Release Notes section,\r\nand the
correct `release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
wajihaparvez <wajiha.parvez@elastic.co>\r\nCo-authored-by: Davis McPhee
<davismcphee@hotmail.com>\r\nCo-authored-by: Julia Bardi
<90178898+juliaElastic@users.noreply.github.com>","sha":"40c90550f12f99f23e6b7d545c7427e30d648dab"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/202217","number":202217,"mergeCommit":{"message":"[Discover]
Rename Saved Search to Discover Session (#202217)\n\n- Closes
https://github.com/elastic/kibana/issues/174144\r\n\r\n##
Summary\r\n\r\nThis PR renames Saved Search into Discover Session in
UI.\r\n\r\n- [x] Discover\r\n- [x] Saved Objects page and modal\r\n- [x]
Docs\r\n- [x] Other occurrences \r\n\r\n<img width=\"810\"
alt=\"Screenshot 2024-12-16 at 15 20
10\"\r\nsrc=\"https://github.com/user-attachments/assets/e39083da-f496-4ed5-bbdc-8e184897fc41\"\r\n/>\r\n<img
width=\"1220\" alt=\"Screenshot 2024-12-11 at 14 40
15\"\r\nsrc=\"https://github.com/user-attachments/assets/a6dc3e29-e1a5-4304-8148-0108231cc9de\"\r\n/>\r\n<img
width=\"1476\" alt=\"Screenshot 2024-12-16 at 14 57
39\"\r\nsrc=\"https://github.com/user-attachments/assets/4b34c70e-e21a-4d82-85f2-f5a3cb7a3826\"\r\n/>\r\n\r\n\r\n###
Checklist\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [x] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] The PR
description includes the appropriate Release Notes section,\r\nand the
correct `release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
wajihaparvez <wajiha.parvez@elastic.co>\r\nCo-authored-by: Davis McPhee
<davismcphee@hotmail.com>\r\nCo-authored-by: Julia Bardi
<90178898+juliaElastic@users.noreply.github.com>","sha":"40c90550f12f99f23e6b7d545c7427e30d648dab"}}]}]
BACKPORT-->
2024-12-19 21:38:57 +11:00

242 lines
7.6 KiB
Text
Raw Blame History

[[add-aggregation-based-visualization-panels]]
=== Aggregation-based
Aggregation-based visualizations are the core {kib} panels, and are not optimized for a specific use case.
With aggregation-based visualizations, you can:
* Split charts up to three aggregation levels, which is more than *Lens* and *TSVB*
* Create visualization with non-time series data
* Use a <<save-open-search,Discover session>> as an input
* Sort data tables and use the summary row and percentage column features
* Assign colors to data series
* Extend features with plugins
Aggregation-based visualizations include the following limitations:
* Limited styling options
* Math is unsupported
* Multiple indices is unsupported
[float]
[[types-of-visualizations]]
==== Types of aggregation-based visualizations
{kib} supports the following types of aggregation-based visualizations.
[cols="50, 50"]
|===
a| *Area*
Displays data points, connected by a line, where the area between the line and axes are shaded.
Use area charts to compare two or more categories over time, and display the magnitude of trends.
| image:images/area.png[Area chart]
a| *Data table*
Displays your aggregation results in a tabular format. Use data tables to display server configuration details, track counts, min,
or max values for a specific field, and monitor the status of key services.
| image:images/data_table.png[Data table]
a| *Gauge*
Displays your data along a scale that changes color according to where your data falls on the expected scale. Use the gauge to show how metric
values relate to reference threshold values, or determine how a specified field is performing versus how it is expected to perform.
| image:images/gauge.png[Gauge]
a| *Goal*
Displays how your metric progresses toward a fixed goal. Use the goal to display an easy to read visual of the status of your goal progression.
| image:images/goal.png[Goal]
a| *Heat map*
Displays graphical representations of data where the individual values are represented by colors. Use heat maps when your data set includes
categorical data. For example, use a heat map to see the flights of origin countries compared to destination countries using the sample flight data.
| image:images/heat_map.png[Heat map]
a| *Horizontal Bar*
Displays bars side-by-side where each bar represents a category. Use bar charts to compare data across a
large number of categories, display data that includes categories with negative values, and easily identify
the categories that represent the highest and lowest values. {kib} also supports vertical bar charts.
| image:images/bar.png[Bar chart]
a| *Line*
Displays data points that are connected by a line. Use line charts to visualize a sequence of values, discover
trends over time, and forecast future values.
| image:images/line.png[Line chart]
a| *Metric*
Displays a single numeric value for an aggregation. Use the metric visualization when you have a numeric value that is powerful enough to tell
a story about your data.
| image:images/metric.png[Metric]
a| *Pie*
Displays slices that represent a data category, where the slice size is proportional to the quantity it represents.
Use pie charts to show comparisons between multiple categories, illustrate the dominance of one category over others,
and show percentage or proportional data.
| image:images/pie.png[Pie chart]
a| *Tag cloud*
Graphical representations of how frequently a word appears in the source text. Use tag clouds to easily produce a summary of large documents and
create visual art for a specific topic.
| image:images/tag_cloud.png[Tag cloud]
|===
[float]
[[create-aggregation-based-panel]]
==== Create an aggregation-based visualization panel
Choose the type of visualization you want to create, then use the editor to configure the options.
. On the dashboard, click *All types > Aggregation based*.
.. Select the visualization type you want to create.
.. Select the data source you want to visualize.
+
NOTE: There is no performance impact on the data source you select. For example, saved Discover sessions perform the same as {data-sources}.
. Add the <<aggregation-reference,aggregations>> you want to visualize using the editor, then click *Update*.
+
NOTE: For the *Date Histogram* to use an *auto interval*, the date field must match the primary time field of the {data-source}.
. To change the order, drag and drop the aggregations in the editor.
+
[role="screenshot"]
image:images/bar-chart-tutorial-3.png[Option to change the order of aggregations]
. To customize the series colors, click the series in the legend, then select the color you want to use.
+
[role="screenshot"]
image:images/aggregation-based-color-picker.png[Color picker]
[float]
[[try-it-aggregation-based-panel]]
==== Try it: Create an aggregation-based bar chart
You collected data from your web server, and you want to visualize and analyze the data on a dashboard. To create a dashboard panel of the data, create
a bar chart that displays the top five log traffic sources for every three hours.
[float]
===== Add the data and create the dashboard
Add the sample web logs data that you'll use to create the bar chart, then create the dashboard.
. <<gs-get-data-into-kibana,Install the web logs sample data set>>.
. Go to *Dashboards*.
. On the *Dashboards* page, click *Create dashboard*.
[float]
===== Open and set up the aggregation-based bar chart
Open the *Aggregation based* editor and change the time range.
. On the dashboard, click *All types > Aggregation based*, select *Vertical bar*, then select *Kibana Sample Data Logs*.
. Make sure the <<set-time-filter, time filter>> is *Last 7 days*.
[float]
[[tutorial-configure-the-bar-chart]]
===== Create the bar chart
To create the bar chart, add a <<bucket-aggregations,bucket aggregation>>, then add the terms sub-aggregation to display the top values.
. Add a *Buckets* aggregation.
.. Click *Add*, then select *X-axis*.
.. From the *Aggregation* dropdown, select *Date Histogram*.
.. Click *Update*.
+
[role="screenshot"]
image:images/aggBased_barChartTutorial1_8.4.png[Bar chart with sample logs data]
. To show the top five log traffic sources, add a sub-bucket aggregation.
.. Click *Add*, then select *Split series*.
+
TIP: Aggregation-based panels support a maximum of three *Split series*.
.. From the *Sub aggregation* dropdown, select *Terms*.
.. From the *Field* dropdown, select *geo.src*.
.. Click *Update*.
+
[role="screenshot"]
image:images/aggBased_barChartTutorial2_8.4.png[Bar chart with sample logs data]
[float]
[[edit-agg-based-visualizations-in-lens]]
==== Open and edit aggregation-based visualizations in Lens
When you open aggregation-based visualizations in *Lens*, all configuration options appear in the *Lens* visualization editor.
You can open the following aggregation-based visualizations in *Lens*:
* Area
* Data table
* Gauge
* Goal
* Heat map
* Horizontal bar
* Line
* Metric
* Pie
* Vertical bar
To get started, click *Edit visualization in Lens* in the toolbar.
For more information, check out <<lens,Create visualizations with Lens>>.
[float]
[[save-the-aggregation-based-panel]]
===== Save and add the panel
Save the panel to the *Visualize Library* and add it to the dashboard, or add it to the dashboard without saving.
To save the panel to the *Visualize Library*:
. Click *Save to library*.
. Enter the *Title* and add any applicable <<managing-tags,*Tags*>>.
. Make sure that *Add to Dashboard after saving* is selected.
. Click *Save and return*.
To save the panel to the dashboard:
. Click *Save and return*.
. Add an optional title to the panel.
.. In the panel header, click *No Title*.
.. On the *Panel settings* window, select *Show title*.
.. Enter the *Title*, then click *Save*.
Reference in a new issue View git blame Copy permalink