Kibana Tutorial
Kibana Tutorial
i
Kibana
Kibana works in sync with Elasticsearch and Logstash which together forms the so called
ELK stack.
Audience
This tutorial is designed for any technical or non-technical users interested in analyzing
large volume of data i.e. log analysis, data analytics etc.. Kibana is browser based UI and
very user friendly and any beginner can easily und in short easy for a new comer to grasp
it.
Prerequisites
The installation for Kibana and Elasticsearch is straightforward and will be easy for the
users to get it done quickly. To work with Kibana you need to have basic details of
Elasticsearch.
All the content and graphics published in this e-book are the property of Tutorials Point (I)
Pvt. Ltd. The user of this e-book is prohibited to reuse, retain, copy, distribute or republish
any contents or a part of contents of this e-book in any manner without written consent
of the publisher.
We strive to update the contents of our website and tutorials as timely and as precisely as
possible, however, the contents may contain inaccuracies or errors. Tutorials Point (I) Pvt.
Ltd. provides no guarantee regarding the accuracy, timeliness or completeness of our
website or its contents including this tutorial. If you discover any errors on our website or
in this tutorial, please notify us at contact@tutorialspoint.com
ii
Kibana
Table of Contents
About the Tutorial ................................................................................................................................... ii
Audience ................................................................................................................................................. ii
Prerequisites ........................................................................................................................................... ii
Advantages of Kibana.............................................................................................................................. 3
5. KIBANA — MANAGEMENT................................................................................................ 27
iii
Kibana
Filters .................................................................................................................................................... 53
Histogram ............................................................................................................................................. 53
Range .................................................................................................................................................... 54
Terms .................................................................................................................................................... 55
Vector Map and Join Field for Region Map .......................................................................................... 104
v
Kibana
vi
Kibana
1. Kibana – Overview
Kibana is an open source browser based visualization tool mainly used to analyse large
volume of logs in the form of line graph, bar graph, pie charts , heat maps, region maps,
coordinate maps, gauge, goals, timelion etc. The visualization makes it easy to predict or
to see the changes in trends of errors or other significant events of the input source.
Kibana works in sync with Elasticsearch and Logstash which together forms the so called
ELK stack.
Kibana is a visualization tool, which accesses the logs from Elasticsearch and is able to
display to the user in the form of line graph, bar graph, pie charts etc.
Logstash is responsible to collect the data from all the remote sources where the logs are
filed and pushes the same to Elasticsearch.
1
Kibana
Elasticsearch acts as a database where the data is collected and Kibana uses the data from
Elasticsearch to represent the data to the user in the form of bargraphs, pie charts, heat
maps as shown below:
It shows the data on real time basis, for example, day-wise or hourly to the user. Kibana
UI is user friendly and very easy for a beginner to understand.
Features of Kibana
Kibana offers its users the following features:
Visualization
Kibana has a lot of ways to visualize data in an easy way. Some of the ones which are
commonly used are vertical bar chart, horizontal bar chart, pie chart, line graph, heat map
etc.
Dashboard
When we have the visualizations ready, all of them can be placed on one board – the
Dashboard. Observing different sections together gives you a clear overall idea about what
exactly is happening.
Dev Tools
You can work with your indexes using dev tools. Beginners can add dummy indexes from
dev tools and also add, update, delete the data and use the indexes to create
visualization.
Reports
All the data in the form of visualization and dashboard can be converted to reports (CSV
format), embedded in the code or in the form of URLs to be shared with others.
2
Kibana
Plugins
You can add third party plugins to add some new visualization or also other UI addition in
Kibana.
Timelion
Timelion, also called as timeline is yet another visualization tool which is mainly used for
time based data analysis. To work with timeline, we need to use simple expression
language which helps us connect to the index and also perform calculations on the data to
obtain the results we need. It helps more in comparison of data to the previous cycle in
terms of week , month etc.
Canvas
Canvas is yet another powerful feature in Kibana. Using canvas visualization, you can
represent your data in different colour combinations, shapes, texts, multiple pages
basically called as workpad.
Advantages of Kibana
Kibana offers the following advantages to its users:
Contains open source browser based visualization tool mainly used to analyse large
volume of logs in the form of line graph, bar graph, pie charts, heat maps etc.
Disadvantages of Kibana
Adding of plugins to Kibana can be very tedious if there is version mismatch.
You tend to face issues when you want to upgrade from older version to a new
one.
3
Kibana
2. Kibana – Environment Setup
To start working with Kibana we need to install Logstash, Elasticsearch and Kibana. In this
chapter, we will try to understand the installation of the ELK stack here.
Elasticsearch Installation
Logstash Installation
Kibana Installation
Elasticsearch Installation
A detailed documentation on Elasticsearch exists in our library. You can check here for
elasticsearch installation. You will have to follow the steps mentioned in the tutorial to
install Elasticsearch.
Once done with the installation, start the elasticsearch server as follows:
Step 1
For Windows
> cd kibanaproject/elasticsearch-6.5.4/elasticsearch-6.5.4/bin
>elasticsearch
Please note for windows user, the JAVA_HOME variable has to be set to the java jdk path.
For Linux
$ cd kibanaproject/elasticsearch-6.5.4/elasticsearch-6.5.4/bin
$ elasticsearch
4
Kibana
The default port for elasticsearch is 9200. Once done, you can check the elasticsearch at
port 9200 on localhost http://localhost:9200/as shown below:
5
Kibana
Logstash Installation
For Logstash installation, follow this link which is already existing in our library.
Kibana Installation
Go to the official Kibana site:https://www.elastic.co/products/kibana
6
Kibana
Click the downloads link on the top right corner and it will display screen as follows:
Click the Download button for Kibana. Please note to work with Kibana we need 64 bit
machine and it will not work with 32 bit.
7
Kibana
In this tutorial, we are going to use Kibana version 6. The download option is available for
Windows, Mac and Linux. You can download as per your choice.
Create a folder and unpack the tar/zip downloads for kibana. We are going to work with
sample data uploaded in elasticsearch. Thus, for now let us see how to start elasticsearch
and kibana. For this, go to the folder where Kibana is unpacked.
For Windows
> cd kibanaproject/kibana-6.5.4/kibana-6.5.4/bin
> kibana
For Linux
$ cd kibanaproject/kibana-6.5.4/kibana-6.5.4/bin
$ kibana
8
Kibana
Once Kibana starts, the user can see the following screen:
9
Kibana
Once you see the ready signal in the console, you can open Kibana in browser using
http://localhost:5601/.The default port on which kibana is available is 5601.
In our next chapter, we will learn how to use the UI of Kibana. To know the Kibana version
on Kibana UI, go to Management Tab on left side and it will display you the Kibana version
we are using currently.
10
Kibana
3. Kibana— Introduction to ELK Stack
Kibana is an open source visualization tool mainly used to analyze a large volume of logs
in the form of line graph, bar graph, pie charts, heatmaps etc. Kibana works in sync with
Elasticsearch and Logstash which together forms the so called ELK stack.
ELK stands for Elasticsearch, Logstash, and Kibana. ELK is one of the popular log
management platform used worldwide for log analysis.
Logstash extracts the logging data or other events from different input sources.
It processes the events and later stores it in Elasticsearch.
Kibana is a visualization tool, which accesses the logs from Elasticsearch and is
able to display to the user in the form of line graph, bar graph, pie charts etc.
In this tutorial, we will work closely with Kibana and Elasticsearch and visualize the data
in different forms.
In this chapter, let us understand how to work with ELK stack together. Besides, you will
also see how to:
The csv file which we are going to use has following details.
File name: countriesdata.csv
Columns: "Country","Region","Population","Area"
You can also create a dummy csv file and use it. We will be using logstash to dump this
data from countriesdata.csv to elasticsearch.
11
Kibana
Start the elasticsearch and Kibana in your terminal and keep it running. We have to create
the config file for logstash which will have details about the columns of the CSV file and
also other details as shown in the logstash-config file given below:
input {
file {
path => "C:/kibanaproject/countriesdata.csv"
start_position => "beginning"
sincedb_path => "NUL"
}
}
filter {
csv {
separator => ","
columns => ["Country","Region","Population","Area"]
}
mutate {convert => ["Population", "integer"]}
mutate {convert => ["Area", "integer"]}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "countriesdata-%{+dd.MM.YYYY}"
}
stdout {codec => json_lines }
}
Input
We need to specify the path of the input file which in our case is a csv file. The path where
the csv file is stored is given to the path field.
Filter
Will have the csv component with separator used which in our case is comma, and also
the columns available for our csv file.As logstash considers all the data coming in as string
, in-case we want any column to be used as integer , float the same has to be specified
using mutate as shown above.
12
Kibana
Output
For output, we need to specify where we need to put the data. Here, in our case we are
using elasticsearch. The data required to be given to the elasticsearch is the hosts where
it is running, we have mentioned it as localhost. The next field in is index which we have
given the name as countries-currentdate. We have to use the same index in Kibana once
the data is updated in Elasticsearch.
Save the above config file as logstash_countries.config. Note that we need to give the path
of this config to logstash command in the next step.
To load the data from the csv file to elasticsearch, we need to start the elasticsearch server
:
13
Kibana
We have elasticsearch running. Now go to the path where logstash is installed and run
following command to upload the data to elasticsearch.
The above screen shows data loading from the CSV file to Elasticsearch. To know if we
have the index created in Elasticsearch we can check same as follows:
We can see the countriesdata-28.12.2018 index created as shown above.
14
Kibana
Note that the mapping details with properties are created when data is uploaded from
logstash to elasticsearch.
Note that we already have Kibana connected to Elasticsearch and we should be able to see
index :countries-28.12.2018 inside Kibana.
15
Kibana
The indices present in Elasticsearch are displayed in index management. The index we are
going to use in Kibana is countriesdata-28.12.2018.
Thus, as we already have the elasticsearch index in Kibana, next will understand how to
use the index in Kibana to visualize data in the form of pie chart, bar graph, line chart etc.
16
Kibana
4. Kibana — Loading Sample Data
We have seen how to upload data from logstash to elasticsearch. We will upload data using
logstash and elasticsearch here. But about the data that has date, longitude and latitude
fields which we need to use, we will learn in the upcoming chapters. We will also see how
to upload data directly in Kibana, if we do not have a CSV file.
The data home medical visits to be used here is picked up from site Kaggle.com.
The following are the fields available for the CSV file:
["Visit_Status","Time_Delay","City","City_id","Patient_Age","Zipcode","Latitude
","Longitude",
"Pathology","Visiting_Date","Id_type","Id_personal","Number_Home_Visits","Is_Pa
tient_Minor","Geo_point"]
input {
file {
path => "C:/kibanaproject/home_visits.csv"
start_position => "beginning"
17
Kibana
date {
match => ["Visiting_Date","dd-MM-YYYY HH:mm"]
target => "Visiting_Date"
}
"location": {
"lat":41.565505000000044,
"lon": 2.2349995750000695
}
So we need to make sure we have Longitude and Latitude in the format elasticsearch
needs it. So first we need to convert longitude and latitude to float and later rename it so
that it is available as part of location json object with lat and lon. The code for the same
is shown here:
mutate {
convert => { "Longitude" => "float" }
convert => { "Latitude" => "float" }
}
mutate {
rename => {
"Longitude" => "[location][lon]"
"Latitude" => "[location][lat]"
}
}
Once the fields are taken care, run the following command to upload the data in
elasticsearch:
logstash -f logstash_homevisists.conf
Once done you should see the index mentioned in logstash conf file in elasticsearch
as shown below:
We can now create index pattern on above index uploaded and use it further for creating
visualization.
In this section, we will try to load sample data in Kibana itself. We can use it to practice
with the sample data and play around with Kibana features to get a good understanding
of Kibana.
Let us take the json data from the following url and upload the same in Kibana. Similarly,
you can try any sample json data to be loaded inside Kibana.
Before we start to upload the sample data, we need to have the json data with indices to
be used in elasticsearch. When we upload it using logstash, logstash takes care to add the
indices and the user does not have to bother about the indices which are required by
elasticsearch.
Normal Json Data
20
Kibana
[
{"type":"act","line_id":1,"play_name":"Henry IV",
"speech_number":"","line_number":"","speaker":"","text_entry":"ACT I"},
{"type":"scene","line_id":2,"play_name":"Henry
IV","speech_number":"","line_number":"","speaker":"","text_entry":"SCENE I.
London. The palace."},
{"type":"line","line_id":3,"play_name":"Henry
IV","speech_number":"","line_number":"","speaker":"","text_entry":"Enter KING
HENRY, LORD JOHN OF LANCASTER, the EARL of WESTMORELAND, SIR WALTER BLUNT, and
others"}
]
The json code to used with Kibana has to be with indexed as follows:
{"index":{"_index":"shakespeare","_id":0}}
{"type":"act","line_id":1,"play_name":"Henry IV",
"speech_number":"","line_number":"","speaker":"","text_entry":"ACT I"}
{"index":{"_index":"shakespeare","_id":1}}
{"type":"scene","line_id":2,"play_name":"Henry
IV","speech_number":"","line_number":"","speaker":"","text_entry":"SCENE I.
London. The palace."}
{"index":{"_index":"shakespeare","_id":2}}
{"type":"line","line_id":3,"play_name":"Henry
IV","speech_number":"","line_number":"","speaker":"","text_entry":"Enter KING
HENRY, LORD JOHN OF LANCASTER, the EARL of WESTMORELAND, SIR WALTER BLUNT, and
others"}
To convert any sample json file compatible with elasticsearch, here we have a small code
in php which will output the json file given to the format which elasticsearch wants:
PHP Code
<?php
$myfile = fopen("todo.json", "r") or die("Unable to open file!"); // your json
file here
$alldata = fread($myfile,filesize("todo.json"));
fclose($myfile);
$farray = json_decode($alldata);
$afinalarray = [];
$index_name = "todo";
$i=0;
21
Kibana
To load the sample data, open the dev tools tab as shown below:
We are now going to use the console as shown above. We will take the json data which
we got after running it through php code.
22
Kibana
The command to be used in dev tools to upload the json data is:
POST _bulk
Once you click the green button the data is uploaded, you can check if the index is created
or not in elasticsearch as follows:
23
Kibana
Command:
GET /_cat/indices
If you want to search something in your index:todo , you can do that as shown below:
GET /todo/_search
24
Kibana
It gives all the records present in the todoindex. The total records we are getting is 200.
GET /todo/_search
{
"query":{
"match":{
"title":"delectusautautem"
}
}
}
25
Kibana
We are able to fetch the records which match with the title we have given.
26
Kibana
5. Kibana — Management
The Management section in Kibana is used to manage the index patterns. In this
chapter, we will discuss the following:
To work with Kibana, we first have to create index which is populated from elasticsearch.
You can get all the indices available from Elasticsearch -> Index Management as shown:
27
Kibana
At present elasticsearch has the above indices. The Docs count tells us the no of records
available in each of the index. If there is any index which is updated, the docs count will
keep changing. Primary storage tells the size of each index uploaded.
To create New index in Kibana, we need to click on Index Patterns as shown below:
Note that the Create Index Pattern button is used to create a new index. Recall that we
already have countriesdata-28.12.2018 created at the very start of the tutorial.
28
Kibana
The indices from elasticsearch are displayed, select one to create a new index.
The next step is to configure the setting, where you need to enter the following:
Time filter field name is used to filter data based on time. The dropdown will display
all time and date related fields from the index.
In the image shown below, we have Visiting_Date as a date field. Select Visiting_Date as
the Time Filter field name.
29
Kibana
Click Create index pattern button to create the index. Once done it will display all the
fields present in your index medicalvisits-26.01.2019 as shown below:
["Visit_Status","Time_Delay","City","City_id","Patient_Age","Zipcode","Latitude
","Longitude","Pathology","Visiting_Date","Id_type","Id_personal","Number_Home_
Visits","Is_Patient_Minor","Geo_point"].
The index has all the data for home medical visits. There are some additional fields added
by elasticsearch when inserted from logstash.
30
Kibana
31
Kibana
6. Kibana — Discover
This chapter discusses the Discover Tab in Kibana UI. We will learn in detail about the
following concepts:
On the right side, it displays the details of the data available in countriesdata-
28.12.2018 index we created in previous chapter.
On the top left corner, it shows the total number of records available:
We can get the details of the data inside the index (countriesdata-28.12.2018) in this
tab. On the top left corner in screen shown above, we can see Buttons like New, Save,
Open, Share ,Inspect and Auto-refresh.
32
Kibana
You can set the auto-refresh interval by clicking on the seconds, minutes or hour from
above. Kibana will auto-refresh the screen and get fresh data after every interval timer
you set.
All the fields along with the data are shown row wise. Click the arrow to expand the row
and it will give you details in Table format or JSON format
33
Kibana
JSON Format
34
Kibana
If you click it, it will display the row or the data present in the row inside the page as
shown below:
Though we are getting all the data details here, it is difficult to go through each of them.
Now let us try to get the data in tabular format. One way to expand one of the row and
click the toggle column option available across each field is shown below:
35
Kibana
Click on Toggle column in table option available for each and you will notice the data being
shown in table format:
Here, we have selected fields Country, Area, Region and Population. Collapse the expanded
row and you should see all the data in tabular format now.
36
Kibana
The fields we selected are displayed on the left side of the screen as shown below:
Observe that there are 2 options: Selected fields and Available fields. The fields we have
selected to show in tabular format are a part of selected fields. In case you want to remove
any field you can do so by clicking the remove button which will be seen across the field
name in selected field option.
37
Kibana
Once removed, the field will be available inside the Available fields where you can add
back by clicking the add button which will be shown across the field you want. You can
also use this method to get your data in tabular format by choosing the required fields
from Available fields.
We have a search option available in Discover, which we can use to search for data inside
the index. Let us try examples related to search option here:
Suppose you want to search for country India, you can do as follows:
You can type your search details and click the Update button. If you want to search for
countries starting with Aus, you can do so as follows:
Here, we have two countries starting with Aus*. The search field has a Options button as
shown above. When a user clicks it, it displays a toggle button which when ON helps in
writing the search query.
38
Kibana
Turn on query features and type the field name in search, it will display the options
available for that field.
For example, Country field is a string and it displays following options for the string field:
39
Kibana
Similarly, Area is a Number field and it displays following options for Number field:
You can try out different combination and filter the data as per your choice in Discover
field. The data inside the Discover tab can be saved using the Save button, so that you
can use it for future purpose.
To save the data inside discover click on the save button on top right corner as shown
below:
40
Kibana
Give title to your search and click Confirm Save to save it. Once saved, next time you visit
the Discover tab, you can click the Open button on the top right corner to get the saved
titles as shown below:
You can also share the data with others using the Share button available on top right
corner. If you click it, you can find sharing options as shown below:
41
Kibana
The Snapshot option will give a Kibana link which will display data available in the search
currently.
The Saved object option will give a Kibana link which will display the recent data available
in your search.
In general, Kibana gives longer links; there is option at the bottom to get Short URL. A
sample short url for Snapshot and Saved object are shown here:
Snapshot: http://localhost:5601/goto/309a983483fccd423950cfb708fabfa5
Saved Object :http://localhost:5601/app/kibana#/discover/40bd89d0-10b1-11e9-9876-
4f3d759b471e?_g=()
You can work with Discover tab and search options available and the result obtained can
be saved and shared with others.
42
Kibana
It has displayed the message: “No results match your search criteria”, for the last 15
minutes on the index we have selected. The index has data for years 2015,2016,2017 and
2018.
43
Kibana
Select the date From: 1st Jan 2017 and To : 31st Dec2017 as we will analyze data for
year 2017.
44
Kibana
Click the Go button to add the timerange. It will display you the data and bar chart as
follows:
Since we also have the time stored along with date, we can filter the data on hours and
minutes too.
The figure shown above displays the hourly data for the year 2017.
45
Kibana
46
Kibana
You can select the fields from available fields and convert the data into tabular format as
shown below. Here we have selected the following fields:
47
Kibana
48
Kibana
7. Kibana — Aggregations and Metrics
The two terms that you come across frequently during your learning of Kibana are Bucket
and Metrics Aggregation. This chapter discusses what role they play in Kibana and more
details about them.
Whenever you perform any visualization, you need to decide the criteria, which means in
which way you want to group the data to perform the metric on it.
Bucket Aggregation
Metric Aggregation
Bucket Aggregation
A bucket mainly consists of a key and a document. When the aggregation is executed, the
documents are placed in the respective bucket. So at the end you should have a list of
buckets, each with a list of documents. The list of Bucket Aggregation you will see while
creating visualization in Kibana is shown below:
49
Kibana
Date Histogram
Date Range
Filters
Histogram
IPv4 Range
Range
Significant Terms
Terms
While creating, you need to decide one of them for Bucket Aggregation i.e. to group the
documents inside the buckets.
As an example, for analysis, consider the countries data that we have uploaded at the
start of this tutorial. The fields available in the countries index is country name, area,
population, region. In the countries data, we have name of the country along with its
population, region and the area.
Let us assume that we want region wise data. Then, the countries available in each region
becomes our search query, so in this case the region will form our buckets. The block
diagram below shows that R1, R2,R3,R4,R5 and R6 are the buckets which we got and c1
, c2 ..c25 are the list of documents which are part of the buckets R1 to R6.
50
Kibana
We can see that there are some circles in each of the bucket. They are set of documents
based on the search criteria and considered to be falling in each of the bucket. In the
bucket R1, we have documents c1, c8 and c15. These documents are the countries that
falling in that region, same for others. So if we count the countries in Bucket R1 it is 3, 6
for R2, 6 for R3, 2 for R4, 5 for R5 and 4 for R6.
So through bucket aggregation, we can aggregate the document in buckets and have a
list of documents in those buckets as shown above.
Date Histogram
Date Range
Filters
Histogram
IPv4 Range
Range
Significant Terms
Terms
Let us now discuss how to form these buckets one by one in detail.
Date Histogram
Date Histogram aggregation is used on a date field. So the index that you use to visualize,
if you have date field in that index than only this aggregation type can be used. This is a
multi-bucket aggregation which means you can have some of the documents as a part of
more than 1 bucket. There is an interval to be used for this aggregation and the details
are as shown below:
When you Select Buckets Aggregation as Date Histogram, it will display the Field option
which will give only the date related fields. Once you select your field, you need to select
the Interval which has the following details:
51
Kibana
So the documents from the index chosen and based on the field and interval chosen will
categorize the documents in buckets. For example, if you chose the interval as monthly,
the documents based on date will be converted into buckets and based on the month i.e,
Jan-Dec the documents will be put in the buckets. Here Jan,Feb,..Dec will be the buckets.
Date Range
You need a date field to use this aggregation type. Here we will have a date range, that
is from date and to date are to be given. The buckets will have its documents based on
the form and to date given.
52
Kibana
Filters
With Filters type aggregation, the buckets will be formed based on the filter. Here you will
get a multi-bucket formed as based on the filter criteria one document can exists in one
or more buckets.
Using filters, users can write their queries in the filter option as shown below:
You can add multiple filters of your choice by using Add Filter button.
Histogram
This type of aggregation is applied on a number field and it will group the documents in
a bucket based on the interval applied. For example, 0-50,50-100,100-150 etc.
53
Kibana
IPv4 Range
This type of aggregation is used and mainly used for IP addresses.
The index that we have that is the contriesdata-28.12.2018 does not have field of type
IP so it displays a message as shown above. If you happen to have the IP field, you can
specify the From and To values in it as shown above.
Range
This type of Aggregation needs fields to be of type number. You need to specify the
range and the documents will be listed in the buckets falling in the range.
You can add more range if required by clicking on the Add Range button.
54
Kibana
Significant Terms
This type of aggregation is mostly used on the string fields.
Terms
This type of aggregation is used on all the available fields namely number, string, date,
boolean, IP address, timestamp etc. Note that this is the aggregation we are going to
use in all our visualization that we are going to work on in this tutorial.
55
Kibana
We have an option order by which we will group the data based on the metric we select.
The size refers to the number of buckets you want to display in the visualization.
Metric Aggregation
Metric Aggregation mainly refers to the maths calculation done on the documents present
in the bucket. For example if you choose a number field the metric calculation you can do
on it is COUNT, SUM, MIN, MAX, AVERAGE etc.
In this section, let us discuss the important ones which we are going to use often:
Average
Count
Max
Min
Sum
The metric will be applied on the individual bucket aggregation that we have already
discussed above.
56
Kibana
Average
This will give the average for the values of the documents present in the buckets.
For example:
R1 to R6 are the buckets. In R1 we have c1,c8 and c15. Consider the value of c1 is 300,
c8 is500 and c15 is 700. Now to get the average value of R1 bucket
The average is 500 for bucket R1. Here the value of the document could be anything like
if you consider the countries data it could be the area of the country in that region.
Count
This will give the count of documents present in the Bucket. Suppose you want the count
of the countries present in the region, it will be the total documents present in the buckets.
For example, R1 it will be 3, R2 = 6, R3 = 5, R4 = 2, R5 = 5 and R6 = 4.
57
Kibana
Max
This will give the max value of the document present in the bucket. Considering the above
example if we have area wise countries data in the region bucket. The max for each region
will be the country with the max area. So it will have one country from each region i.e. R1
to R6.
in
This will give the min value of the document present in the bucket. Considering above
example if we have area wise countries data in the region bucket. The min for each region
will be the country with the minimum area. So it will have one country from each region
i.e. R1 to R6.
Sum
This will give the sum of the values of the document present in the bucket. For example
if you consider the above example if we want the total area or countries in the region, it
will be sum of the documents present in the region.
In case we have documents with area in the region than R1 to R6 will have the country
wise area summed up for the region.
58
Kibana
8. Kibana — Create Visualization
We can visualize the data we have in the form of bar charts, line graphs, pie charts etc.
In this chapter, we will understand how to create visualization.
Create Visualization
Go to Kibana Visualization as shown below:
We do not have any visualization created, so it shows blank and there is a button to create
one.
59
Kibana
Click the button Create a visualization as shown in the screen above and it will take you
to the screen as shown below:
Here you can select the option which you need to visualize your data. We will understand
each one of them in detail in the upcoming chapters. Right now will select pie chart to
start with.
60
Kibana
Once you select the visualization type, now you need to select the index on which you
want to work on, and it will take you the screen as shown below:
Now we have a default pie chart. We will use the countriesdata-28.12.2018 to get the
count of regions available in the countries data in pie chart format.
61
Kibana
Now, select the Aggregation as Terms and it will display more options to be entered as
follows:
62
Kibana
The Fields dropdown will have all the field from the index:countriesdata chosen. We have
chosen the Region field and Order By. Note that we have chosen, the metric Count for
Order By. We will order it Descending and the size we have taken as 10. It means here,
we will get the top 10 regions count from the countries index.
Now, click the analyse button as highlighted below and you should see the pie chart
updated on right side.
63
Kibana
All the regions are listed at the right top corner with colours and the same colour is
shown in the pie chart. If you mouse over the pie chart it will give the count of the
region and also the name of the region as shown below:
64
Kibana
So it tells us that 22.77% of region is occupied by Sub-Saharan Afri from the countries
data we have uploaded.
65
Kibana
Now we can save the visualization by clicking on the save button on top right corner as
shown below:
We can also get the data as we want by using the search option as shown below:
66
Kibana
We have filtered data for countries starting with Aus*. We will understand more on pie-
chart and other visualization in the upcoming chapters.
67
Kibana
9. Kibana — Working with Charts
Let us explore and understand the most commonly used charts in visualization.
The following are the steps to be followed to create above visualization. Let us start with
Horizontal Bar.
68
Kibana
Click the Horizontal Bar listed above. You will have to make a selection of the index you
want to visualize.
69
Kibana
It shows a default count. Now, let us plot a horizontal graph where we can see the data
of top 10 country wise populations.
For this purpose, we need to select what we want on the Y and X axis. Hence, select the
Bucket and Metric Aggregation:
70
Kibana
Now, if you click on Y-Axis, it will display the screen as shown below:
Now, select the Aggregation that you want from the options shown here:
Note that here we will select the Max aggregation as we want to display data as per the
max population available.
Next we have to select the field whose max value is required. In the index countriesdata-
28.12.2018, we have only 2 numbers field – area and population.
71
Kibana
Since we want the max population, we select the Population field as shown below:
By this, we are done with the Y-axis. The output that we get for Y-axis is as shown
below:
72
Kibana
73
Kibana
Choose the field from the dropdown. We want country wise population so select country
field. Order by we have following options:
We are going to choose the order by as Max Population as want the country with highest
population to be displayed first and so on. Once the data we want is added click on the
apply changes button on top of the Metrics data as shown below:
Once you click apply changes, we have the horizontal graph wherein we can see that
China is the country with highest population, followed by India, United States etc.
74
Kibana
Similarly, you can plot different graphs by choosing the field you want. Next, we will save
this visualization as max_population to be used later for Dashboard creation.
In this vertical bar visualization, we will create bar graph with countries wise area, i.e.
countries will be displayed with highest area.
Y-axis
75
Kibana
X-axis
When we apply the changes here, we can see the output as shown below:
76
Kibana
From the graph, we can see that Russia is having the highest area, followed by Canada
and United States. Please note this data is picked from the index countriesdata, and its
dummy data, so figures might not be correct with live data.
Pie Chart
So first create a visualization and select the pie chart with index as countriesdata. We are
going to display the count of regions available in the countriesdata in pie chart format.
The left side has metrics which will give count. In Buckets, there are 2 options: Split slices
and split chart. Now, we will use the option Split slices.
Now, if you select Split Slices, it will display the following options:
77
Kibana
Select the Aggregation as Terms and it will display more options to be entered as follows:
The Fields dropdown will have all the fields from the index chosen. We have selected
Region field and Order By that we have selected as Count. We will order it Descending and
the size will take as 10. So here we will be get the 10 regions count from the countries
index.
Now, click the play button as highlighted below and you should see the pie chart updated
on the right side.
78
Kibana
All the regions are listed at the right top corner with colours and the same colour is
shown in the pie chart. If you mouse over the pie chart, it will give the count of the
region and also the name of the region as shown below:
79
Kibana
10.
Thus, it tells us that 22.77% of region is occupied by Sub-Saharan Afri in the countries
data we have uploaded.
From the pie chart, observe that the Asia region covers 12.5% and the count is 28.
Now we can save the visualization by clicking the save button on top right corner as
shown below:
80
Kibana
10. Kibana — Working with Graphs
In this chapter, we will discuss the two types of graphs used in visualization:
Line Graph
Area
Line Graph
To start with, let us create a visualization, choosing a line graph to display the data and
use contriesdata as the index. We need to create the Y -axis and X-axis and the details
for the same are shown below:
For Y-axis
Observe that we have taken Max as the Aggregation. So here we are going to show data
presentation in line graph. Now,we will plot graph that will show the max population
country wise. The field we have taken is Population since we need maximum population
country wise.
81
Kibana
For X-axis:
82
Kibana
So we have Max population in China, followed by India, United States, Indonesia and
Brazil as the top 5 countries in population.
Now, let us save this line graph so that we can use in dashboard later.
83
Kibana
Area Graph
Go to visualization and choose area with index as countriesdata. We need to select the
Y-axis and X-axis. We will plot area graph for max area for country wise.
84
Kibana
After you click the apply changes button, the output that we can see is as shown below:
From the graph, we can observe that Russia has the highest area, followed by Canada,
United States , China and Brazil. Save the visualization to use it later.
85
Kibana
11. Kibana — Working with Heat Map
In this chapter we will understand how to work with heat map. Heat map will show the
data presentation in different colours for the range selected in the data metrics.
Select visualization type as heat map as shown above. It will ask you to choose the
index as shown below:
86
Kibana
Select the index countriesdata-28.12.2018 as shown above. Once the index is selected
the we have the data to be selected as shown below:
87
Kibana
We have select Max since we want to plot Max Area country wise.
88
Kibana
89
Kibana
We have used Aggregation as Terms, Field as Country and Order By Max Area. Click on
Apply Changes as shown below:
90
Kibana
If you click Apply Changes, the heat map looks as shown below:
The heat map is shown with different colours and the range of areas are displayed at the
right side. You can change the colour by click on the small circles next to the area range
as shown below:
91
Kibana
12. Kibana — Working with Coordinate Map
Coordinate maps in Kibana will show you the geographic area and mark the area with
circles based on aggregation you specify.
We will create an index using Kibana dev tools and add bulk data to it. We will add mapping
and add the geo_point type that we need.
{"index":{"_id":1}}
{"location": "2.089330000000046,41.47367000000008", "city": "SantCugat"}
{"index":{"_id":2}}
{"location": "2.2947825000000677,41.601800991000076", "city": "Granollers"}
{"index":{"_id":3}}
{"location": "2.1105957495300474,41.5496295760424", "city": "Sabadell"}
{"index":{"_id":4}}
{"location": "2.132605678083895,41.5370461908878", "city": "Barbera"}
{"index":{"_id":5}}
{"location": "2.151270020052683,41.497779918345415", "city": "Cerdanyola"}
{"index":{"_id":6}}
{"location": "2.1364609496220606,41.371303520399344", "city": "Barcelona"}
{"index":{"_id":7}}
{"location": "2.0819450306711165,41.385491966414705", "city": "Sant Just
Desvern"}
{"index":{"_id":8}}
{"location": "2.00532082278266,41.542294286427385", "city": "Rubi"}
{"index":{"_id":9}}
{"location": "1.9560805366930398,41.56142635214226", "city": "Viladecavalls"}
{"index":{"_id":10}}
{"location": "2.09205348251486,41.39327140161001", "city": "Esplugas de
Llobregat"}
92
Kibana
Now, run the following commands in Kibana Dev Tools as shown below:
PUT /cities
{
"mappings": {
"_doc": {
"properties": {
"location": {
"type": "geo_point"
}
}
}
}
}
POST /cities/_city/_bulk?refresh
{"index":{"_id":1}}
{"location": "2.089330000000046,41.47367000000008", "city": "SantCugat"}
{"index":{"_id":2}}
{"location": "2.2947825000000677,41.601800991000076", "city": "Granollers"}
{"index":{"_id":3}}
{"location": "2.1105957495300474,41.5496295760424", "city": "Sabadell"}
{"index":{"_id":4}}
{"location": "2.132605678083895,41.5370461908878", "city": "Barbera"}
{"index":{"_id":5}}
{"location": "2.151270020052683,41.497779918345415", "city": "Cerdanyola"}
{"index":{"_id":6}}
{"location": "2.1364609496220606,41.371303520399344", "city": "Barcelona"}
{"index":{"_id":7}}
{"location": "2.0819450306711165,41.385491966414705", "city": "Sant Just
Desvern"}
{"index":{"_id":8}}
{"location": "2.00532082278266,41.542294286427385", "city": "Rubi"}
{"index":{"_id":9}}
{"location": "1.9560805366930398,41.56142635214226", "city": "Viladecavalls"}
{"index":{"_id":10}}
93
Kibana
The above will create index name cities of type _doc and the field location is of type
geo_point.
94
Kibana
We are done creating index name cites with data. Now let us Create index pattern for
cities using Management tab.
We can see that location is of type geo_point. We can now use it to create visualization.
95
Kibana
Select the index pattern cities and configure the Aggregation metric and bucket as shown
below:
96
Kibana
If you click on Analyze button, you can see the following screen:
Based on the longitude and latitude, the circles are plotted on the map as shown above.
97
Kibana
13. Kibana — Working with Region Map
With this visualization, you see the data represented on the geographical world map. In
this chapter, let us see this in detail.
{"index":{"_id":1}}
{"country": "China", "population": "1313973713"}
{"index":{"_id":2}}
{"country": "India", "population": "1095351995"}
{"index":{"_id":3}}
{"country": "United States", "population": "298444215"}
{"index":{"_id":4}}
{"country": "Indonesia", "population": "245452739"}
{"index":{"_id":5}}
{"country": "Brazil", "population": "188078227"}
{"index":{"_id":6}}
{"country": "Pakistan", "population": "165803560"}
{"index":{"_id":7}}
{"country": "Bangladesh", "population": "147365352"}
{"index":{"_id":8}}
{"country": "Russia", "population": "142893540"}
{"index":{"_id":9}}
{"country": "Nigeria", "population": "131859731"}
{"index":{"_id":10}}
{"country": "Japan", "population": "127463611"}
Note that we will use _bulk upload in dev tools to upload the data.
98
Kibana
PUT /allcountries
{
"mappings": {
"_doc": {
"properties": {
"country": {"type": "keyword"},
"population": {"type": "integer"}
}
}
}
}
POST /allcountries/_doc/_bulk?refresh
{"index":{"_id":1}}
{"country": "China", "population": "1313973713"}
{"index":{"_id":2}}
{"country": "India", "population": "1095351995"}
{"index":{"_id":3}}
{"country": "United States", "population": "298444215"}
{"index":{"_id":4}}
{"country": "Indonesia", "population": "245452739"}
{"index":{"_id":5}}
{"country": "Brazil", "population": "188078227"}
{"index":{"_id":6}}
{"country": "Pakistan", "population": "165803560"}
{"index":{"_id":7}}
{"country": "Bangladesh", "population": "147365352"}
{"index":{"_id":8}}
{"country": "Russia", "population": "142893540"}
{"index":{"_id":9}}
{"country": "Nigeria", "population": "131859731"}
{"index":{"_id":10}}
{"country": "Japan", "population": "127463611"}
99
Kibana
Next, let us create index allcountries. We have specified the country field type as
keyword:
PUT /allcountries
{
"mappings": {
"_doc": {
"properties": {
"country": {"type": "keyword"},
"population": {"type": "integer"}
}
}
}
}
Note: To work with region maps we need to specify the field type to be used with
aggregation as type as keyword.
100
Kibana
We will now create index pattern. Go to Kibana Management tab and select create index
pattern.
101
Kibana
102
Kibana
Here we have selected field as country, as i want to show the same on the world map.
103
Kibana
The options tab has Layer Settings configuration which are required to plot the data on
the world map.
104
Kibana
In our index we have the country name, so we will select country name.
105
Kibana
In Style settings you can choose the color to be displayed for the countries:
We will select Reds. We will not touch the rest of the details.
Now,click on Analyze button to see the details of the countries plotted on the world map
as shown below:
106
Kibana
regionmap:
includeElasticMapsService: false
layers:
- name: "Countries Data"
url: "http://localhost/kibana/worldcountries.geojson"
attribution: "INRAP"
fields:
- name: "Country"
description: "country names"
The vector map from options tab will have the above data populated instead of the default
one. Please note the URL given has to be CORS enabled so that Kibana can download the
same. The json file used should be in such a way that the coordinates are in continuation.
For example:
https://vector.maps.elastic.co/blob/5659313586569216?elastic_tile_service_tos=agree
The options tab when region-map vector map details are self-hosted is shown below:
107
Kibana
108
Kibana
14. Kibana — Working with Guage and Goal
A gauge visualization tells how your metric considered on the data falls in the predefined
range.
A goal visualization tells about your goal and how your metric on your data progresses
towards the goal.
109
Kibana
110
Kibana
111
Kibana
The bucket aggregation we have selected Terms and the field selected is
Number_Home_Visits.
From Data options Tab, the options selected are shown below:
112
Kibana
Gauge Type can be in the form of circle or arc. We have selected as arc and rest all
others as the default values.
Now, click on Analyze Button to see the visualization in the form of Gauge as shown
below:
113
Kibana
114
Kibana
115
Kibana
Bucket Aggregation
116
Kibana
117
Kibana
15. Kibana — Working with Canvas
Canvas is yet another powerful feature in Kibana. Using canvas visualization, you can
represent your data in different color combination, shapes, text, multipage setup etc.
We need data to show in the canvas. Now, let us load some sample data already available
in Kibana.
118
Kibana
Click on Load a data set and a Kibana dashboard. It will take you to the screen as shown
below:
Click on Add button for Sample eCommerce orders. It will take some time to load the
sample data. Once done you will get an alert message showing “ Sample eCommerce
data loaded.”
119
Kibana
120
Kibana
We have eCommerce and Web Traffic sample data added. We can create new workpad
or use the existing one.
Here, we will select the existing one. Select eCommerce Revenue Tracking Workpad
Name and it will display the screen as shown below:
121
Kibana
122
Kibana
Click on the clone button and it will create a copy of the eCommerce Revenue Tracking
workpad. You can find it as shown below:
In this section, let us understand how to use the workpad. If you see above workpad,
there are 2 pages for it. So in canvas we can represent the data in multiple pages.
123
Kibana
Select Page 1 and click on the Total sales displayed on left side as shown below:
124
Kibana
On the right side, you will get the data related to it:
Right now the default style used is green colour. We can change the colour here and check
the display of same.
125
Kibana
We have also changed the font and size for text settings as shown below:
126
Kibana
127
Kibana
Click on Add element and it will display all possible visualization as shown below:
We have added two elements Data table and Area Chart as shown below:
You can add more data elements to the same page or add more pages too.
128
Kibana
16. Kibana — Create Dashboard
In our previous chapters, we have seen how to create visualization in the form of vertical
bar, horizontal bar, pie chart etc. In this chapter, let us learn how to combine them
together in the form of Dashboard. A dashboard is collection of your visualizations created,
so that you can take a look at it all together at a time.
129
Kibana
Now, click on Create new dashboard button as shown above. It will take us to the screen
as shown below:
Observe that we do not have any dashboard created so far. There are options at the top
where we can Save, Cancel, Add, Options, Share, Auto-refresh and also change the time
to get the data on our dashboard. We will create a new dashboard, by clicking on the Add
button shown above.
130
Kibana
Select the visualization you want to add to your dashboard. We will select the first three
visualizations as shown below:
131
Kibana
Thus, as a user you are able to get the overall details about the data we have uploaded –
country wise with fields country-name, regionname, area and population.
So now we know all the regions available, the max population country wise in descending
order, the max area etc.
This is just the sample data visualization we uploaded, but in real world it becomes very
easy to track the details of your business like for example you have a website which gets
millions of hits monthly or daily, you want to keep a track on the sales done every day,
hour, minute, seconds and if you have your ELK stack in place Kibana can show you your
sales visualization right in front of your eyes every hour, minute, seconds as you want to
see. It displays the real time data as it is happening in the real world.
Kibana, on the whole, plays a very important role in extracting the accurate details about
your business transaction day wise, hourly or every minute, so the company knows how
the progress is going on.
132
Kibana
Save Dashboard
You can save your dashboard by using the save button at the top.
There is a title and description where you can enter the name of the dashboard and a short
description which tells what the dashboard does. Now, click on Confirm Save to save the
dashboard.
133
Kibana
Click on the Last 15 minutes and it will display you the time range which you can select
as per your choice.
Observe that there are Quick, Relative, Absolute and Recent options. The following
screenshot shows the details for Quick option:
Here you can specify the From and To date in minutes , hours, seconds, months, years
ago.
134
Kibana
You can see the calendar option and can select a date range.
The recent option will give back the Last 15 minutes option and also other option which
you have selected recently. Choosing the time range will update the data coming within
that time range.
In the above search, we have used the field Region and want to display the details of
region:OCEANIA.
135
Kibana
Looking at the above data we can say that in OCEANIA region, Australia has the max
population and Area.
136
Kibana
Next, click on Add a filter button and it will display the details of the field available in your
index as shown below:
137
Kibana
Choose the field you want to filter on. I will use Region field to get the details of ASIA
region as shown below:
Save the filter and you should see the filter as follows:
138
Kibana
You can disable the filter by clicking on the disable checkbox as shown below.
You can activate the filter by clicking on the same checkbox to activate it. Observe that
there is delete button to delete the filter. Edit button to edit the filter or change the filter
options.
For the visualization displayed, you will notice three dots as shown below:
139
Kibana
140
Kibana
There is an option to download the visualization in CSV format in-case you want to see it
in excel sheet.
141
Kibana
The next option fullscreen will get the visualization in a fullscreenmode as shown below:
You can use the same button to exit the fullscreen mode.
Sharing Dashboard
We can share the dashboard using the share button. Onclick of share button, you will get
display as follows:
142
Kibana
You can also use embed code to show the dashboard on your site or use permalinks which
will be a link to share with others.
http://localhost:5601/goto/519c1a088d5d0f8703937d754923b84b
143
Kibana
17. KIBANA — Timelion
Timelion, also called as timeline is yet another visualization tool which is mainly used for
time based data analysis. To work with timeline, we need to use simple expression
language which will help us connect to the index and also perform calculations on the data
to get the results we need.
144
Kibana
To get the details of function available to be used with Timelion, simply click on the
textarea as shown below:
It gives you the list of function to be used with the expression syntax.
Once you start with Timelion, it displays a welcome message as shown below. The
highlighted section i.e. Jump to the function reference, gives the details of all the functions
available to be used with timelion.
145
Kibana
Click on the next button and it will walk you through its basic functionality and usage.
Now when you click Next, you can see the following details:
146
Kibana
147
Kibana
148
Kibana
Timelion Configuration
The settings for timelion is done in Kibana Management -> Advanced Settings.
149
Kibana
Once Timelion is selected it will display all the necessary fields required for timelion
configuration.
In the following fields you can change the default index and the timefield to be used on
the index:
The default one is _all and timefield is @timestamp. We would leave it as it is and
change the index and timefield in the timelion itself.
150
Kibana
.es(index=medicalvisits-26.01.2019,timefield=Visiting_Date).bars()
In the following we have analyzed 2 cities for the month of jan2017, day wise.
151
Kibana
.es(index=medicalvisits-26.01.2019,timefield=Visiting_Date,
q=City:Sabadell).label(Sabadell),.es(index=medicalvisits-
26.01.2019,timefield=Visiting_Date, q=City:Terrassa).label(Terrassa)
Expression:
.es(index=medicalvisits-26.01.2019,timefield=Visiting_Date).label("August 2nd
2018"),.es(index=medicalvisits-26.01.2019,timefield=Visiting_Date,offset=-
1d).label("August 1st 2018")
152
Kibana
Here we have used offset and given a difference of 1day. We have selected the current
date as 2nd August 2018. So it gives data difference for 2nd Aug 2018 and 1st Aug
2018.
The list of top 5 cities data for the month of Jan 2017 is shown below. The expression
that we have used here is given below:
.es(index=medicalvisits-
26.01.2019,timefield=Visiting_Date,split=City.keyword:5)
We have used split and given the field name as city and the since we need top five cities
from the index we have given it as split=City.keyword:5
It gives the count of each city and lists their names as shown in the graph plotted.
153
Kibana
18. Kibana — Dev Tools
We can use Dev Tools to upload data in Elasticsearch, without using Logstash. We can
post, put, delete, search the data we want in Kibana using Dev Tools.
To create new index in Kibana we can use following command in dev tools:
PUT /usersdata?pretty
We are done with the index creation. Now will add the data in the index:
154
Kibana
155
Kibana
Thus, we can get all the records from usersdata as shown above.
156
Kibana
We have changed the name from “Ervin Howell” to “Clementine Bauch”. Now we can get
all records from the index and see the updated record as follows:
157
Kibana
Now if you see the total records we will have only one record:
We can delete the index created as follows:
158
Kibana
19.
Now if you check the indices available we will not have usersdata index in it as deleted
the index.
159
Kibana
19. Kibana — Monitoring
Kibana Monitoring gives the details about the performance of ELK stack. We can get the
details of memory used, response time etc.
Monitoring Details
To get monitoring details in Kibana, click on the monitoring tab as shown below:
`
Since we are using the monitoring for the first time, we need to keep it ON. For this, click
the button Turn on monitoring as shown above. Here are the details displayed for
Elasticsearch:
160
Kibana
It gives the version of elasticsearch, disk available, indices added to elasticsearch, disk
usage etc.
It gives the Requests and max response time for the request and also the instances
running and memory usage.
161
Kibana
20. Kibana — Create Reports Using Kibana
Reports can be easily created by using the Share button available in Kibana UI.
Permalinks
CSV Report
Report as Permalinks
When performing visualization, you can share the same as follows:
Use the share button to share the visualization with others as Embed Code or Permalinks.
162
Kibana
You can generate the iframe code as short url or long url for snapshot or saved object.
Snapshot will not give the recent data and user will be able to see the data saved when
the link was shared. Any changes done later will not be reflected.
In case of saved object, you will get the recent changes done to that visualization.
<iframe src="http://localhost:5601/app/kibana#/visualize/edit/87afcb60-165f-
11e9-aaf1-
3524d1f04792?embed=true&_g=()&_a=(filters:!(),linked:!f,query:(language:lucene,
query:''),uiState:(),vis:(aggs:!((enabled:!t,id:'1',params:(field:Area),schema:
metric,type:max),(enabled:!t,id:'2',params:(field:Country.keyword,missingBucket
:!f,missingBucketLabel:Missing,order:desc,orderBy:'1',otherBucket:!f,otherBucke
tLabel:Other,size:10),schema:segment,type:terms)),params:(addLegend:!t,addTimeM
arker:!f,addTooltip:!t,categoryAxes:!((id:CategoryAxis-
1,labels:(show:!t,truncate:100),position:bottom,scale:(type:linear),show:!t,sty
le:(),title:(),type:category)),grid:(categoryLines:!f,style:(color:%23eee)),leg
endPosition:right,seriesParams:!((data:(id:'1',label:'Max+Area'),drawLinesBetwe
enPoints:!t,mode:stacked,show:true,showCircles:!t,type:histogram,valueAxis:Valu
eAxis-1)),times:!(),type:histogram,valueAxes:!((id:ValueAxis-
1,labels:(filter:!f,rotate:0,show:!t,truncate:100),name:LeftAxis-
1,position:left,scale:(mode:normal,type:linear),show:!t,style:(),title:(text:'M
ax+Area'),type:value))),title:'countrywise_maxarea+',type:histogram))"
height="600" width="800"></iframe>
<iframe
src="http://localhost:5601/goto/f0a6c852daedcb6b4fa74cce8c2ff6c4?embed=true"
height="600" width="800"></iframe>
163
Kibana
You can embed this code on your site or whenever required. You can also get the embed
code for saved object by selecting the saved object radio button.
http://localhost:5601/goto/f0a6c852daedcb6b4fa74cce8c2ff6c4
http://localhost:5601/app/kibana#/visualize/edit/87afcb60-165f-11e9-aaf1-
3524d1f04792?_g=()&_a=(filters:!(),linked:!f,query:(language:lucene,query:''),u
iState:(),vis:(aggs:!((enabled:!t,id:'1',params:(field:Area),schema:metric,type
:max),(enabled:!t,id:'2',params:(field:Country.keyword,missingBucket:!f,missing
BucketLabel:Missing,order:desc,orderBy:'1',otherBucket:!f,otherBucketLabel:Othe
r,size:10),schema:segment,type:terms)),params:(addLegend:!t,addTimeMarker:!f,ad
dTooltip:!t,categoryAxes:!((id:CategoryAxis-
1,labels:(show:!t,truncate:100),position:bottom,scale:(type:linear),show:!t,sty
le:(),title:(),type:category)),grid:(categoryLines:!f,style:(color:%23eee)),leg
endPosition:right,seriesParams:!((data:(id:'1',label:'Max%20Area'),drawLinesBet
weenPoints:!t,mode:stacked,show:true,showCircles:!t,type:histogram,valueAxis:Va
lueAxis-1)),times:!(),type:histogram,valueAxes:!((id:ValueAxis-
1,labels:(filter:!f,rotate:0,show:!t,truncate:100),name:LeftAxis-
1,position:left,scale:(mode:normal,type:linear),show:!t,style:(),title:(text:'M
ax%20Area'),type:value))),title:'countrywise_maxarea%20',type:histogram))
When you hit the above link in the browser, you will get the same visualization as shown
above. The above links are hosted locally, so it will not work when used outside the local
environment.
164
Kibana
CSV Report
You can get CSV Report in Kibana where there is data, which is mostly in the Discover tab.
Go to Discover tab and take any index you want the data for. Here we have taken the
index:countriesdata-26.12.2018. Here is the data displayed from the index:
You can create tabular data from above data as shown below:
165
Kibana
We have selected the fields from Available fields and the data seen earlier is converted
into tabular format.
The share button has option for CSV report and permalinks. You can click on CSV Report
and download the same.
Please note to get the CSV Reports you need to save your data.
166
Kibana
Confirm Save and click on Share button and CSV Reports. You will get following display:
Click on Generate CSV to get your report. Once done, it will instruct you to go the
management tab.
It displays the report name, created at, status and actions. You can click on the download
button as highlighted above and get your csv report.
167
Kibana
168