mirror of
https://github.com/elastic/kibana.git
synced 2025-04-25 02:09:32 -04:00
62 lines
2.3 KiB
Text
62 lines
2.3 KiB
Text
[role="xpack"]
|
|
[[graph-getting-started]]
|
|
== Using Graph
|
|
|
|
Graph is automatically enabled in {es} and {kib}.
|
|
|
|
[[exploring-connections]]
|
|
To start exploring connections in your data:
|
|
|
|
. From the side navigation, open the graph explorer.
|
|
|
|
. Select an index pattern to specify what indices you want to explore.
|
|
+
|
|
For example, if you are indexing log data with Logstash, you could select the
|
|
`logstash-*` index pattern to visualize connections within the log entries.
|
|
|
|
. Select one or more multi-value fields that contain the terms you want to
|
|
graph.
|
|
+
|
|
The vertices in the graph are selected from these terms. If you're
|
|
visualizing connections between Apache log entries, you could select the
|
|
`url.raw` field and the `geo.src` field so you can look at which pages are
|
|
being accessed from different locations.
|
|
|
|
. Enter a search query to discover relationships between terms in the selected
|
|
fields.
|
|
+
|
|
For example, to generate a graph of the successful requests to
|
|
particular pages from different locations, you could search for the 200
|
|
response code. The weight of the connection between two vertices indicates how strongly they
|
|
are related.
|
|
+
|
|
[role="screenshot"]
|
|
image::graph/images/graph-url-connections.png["URL connections"]
|
|
|
|
. To view more information about the relationship, click any connection.
|
|
+
|
|
[role="screenshot"]
|
|
image::graph/images/graph-link-summary.png["Link summary"]
|
|
|
|
. Use the toolbar buttons to explore
|
|
additional connections:
|
|
+
|
|
* To display additional vertices that connect to your graph, click Expand
|
|
image:graph/images/graph-expand-button.jpg[Expand Selection].
|
|
* To display additional
|
|
connections between the displayed vertices, click Link
|
|
image:graph/images/graph-link-button.jpg[Add links to existing terms]
|
|
* To explore a particular area of the
|
|
graph, select the vertices you are interested in, and click Expand or Link.
|
|
* To step back through your changes to the graph, click Undo
|
|
image:graph/images/graph-undo-button.jpg[Undo].
|
|
|
|
. To see more relationships in your data, submit additional queries.
|
|
+
|
|
[role="screenshot"]
|
|
image::graph/images/graph-add-query.png["Adding networks"]
|
|
|
|
|
|
NOTE: By default, when you submit a search query, Graph searches all available
|
|
fields. You can constrain your search to a particular field using the Lucene
|
|
query syntax. For example, `machine.os: osx`.
|