{"id":9137,"date":"2022-07-13T13:30:16","date_gmt":"2022-07-13T18:30:16","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=9137"},"modified":"2022-07-13T14:25:50","modified_gmt":"2022-07-13T19:25:50","slug":"kibana-visualizations-and-dashboards","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=9137","title":{"rendered":"Kibana &#8211; Visualizations and Dashboards"},"content":{"rendered":"<p><a href=\"#post-9137-_Toc108609894\">Kibana \u2013 Creating Visualizations<\/a><\/p>\n<p><a href=\"#post-9137-_Toc108609895\">General<\/a><\/p>\n<p><a href=\"#post-9137-_Toc108609896\">Time Series Visualization Pipeline<\/a><\/p>\n<p><a href=\"#post-9137-_Toc108609897\">Kibana \u2013 Creating a Dashboard<\/a><\/p>\n<h1><a id=\"post-9137-_Toc108609894\"><\/a>Kibana \u2013 Creating Visualizations<\/h1>\n<h2><a id=\"post-9137-_Toc108609895\"><\/a>General<\/h2>\n<p>To create a new visualization, select the visualization icon from the left-hand navigation menu and click \u201cCreate visualization\u201d. You\u2019ll need to select the type of visualization you want to create.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1240\" height=\"188\" class=\"wp-image-9138\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image.png 1240w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-300x45.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-1024x155.png 1024w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-768x116.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-750x114.png 750w\" sizes=\"auto, (max-width: 1240px) 100vw, 1240px\" \/><\/p>\n<h2><a id=\"post-9137-_Toc108609896\"><\/a>TSVB (Time Series Visualization Builder)<\/h2>\n<p>The Time Series Visualization Pipeline is a GUI visualization builder to create graphs from time series data. This means the x-axis will be datetime values and the y-axis will the data you want to visualize over the time period. To create a new visualization of this type, select \u201cTSVB\u201d on the \u201cNew Visualization\u201d menu.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"811\" height=\"465\" class=\"wp-image-9139\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-1.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-1.png 811w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-1-300x172.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-1-768x440.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-1-750x430.png 750w\" sizes=\"auto, (max-width: 811px) 100vw, 811px\" \/><\/p>\n<p>Scroll down and select \u201cPanel options\u201d \u2013 here you specify the index you want to visualize. Select the field that will be used as <em>the time<\/em> for each document (e.g. if your document has a special field like eventOccuredAt, you\u2019d select that here). I generally leave the time interval at \u2018auto\u2019 \u2013 although you might specifically want to present a daily or hourly report.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1308\" height=\"300\" class=\"wp-image-9140\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-2.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-2.png 1308w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-2-300x69.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-2-1024x235.png 1024w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-2-768x176.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-2-750x172.png 750w\" sizes=\"auto, (max-width: 1308px) 100vw, 1308px\" \/><\/p>\n<p>Once you have selected the index, return to the \u201cData\u201d tab. First, select the type of aggregation you want to use. In this example, we are showing the number of documents for a variety of policies.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"407\" height=\"190\" class=\"wp-image-9141\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-3.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-3.png 407w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-3-300x140.png 300w\" sizes=\"auto, (max-width: 407px) 100vw, 407px\" \/><\/p>\n<p>The \u201cGroup by\u201d dropdown allows you to have chart lines for different categories (instead of just having the count of documents over the time series, which is what \u201cEverything\u201d produces) \u2013 to use document data to create the groupings, select \u201cTerms\u201d.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"606\" height=\"344\" class=\"wp-image-9142\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-4.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-4.png 606w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-4-300x170.png 300w\" sizes=\"auto, (max-width: 606px) 100vw, 606px\" \/><\/p>\n<p>Select the field you want to group on \u2013 in this case, I want the count for each unique \u201cpolicyname\u201d value, so I selected \u201cpolicyname.keyword\u201d as the grouping term.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1137\" height=\"322\" class=\"wp-image-9143\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-5.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-5.png 1137w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-5-300x85.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-5-1024x290.png 1024w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-5-768x217.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-5-750x212.png 750w\" sizes=\"auto, (max-width: 1137px) 100vw, 1137px\" \/><\/p>\n<p>Voila \u2013 a time series chart showing how many documents are found for each policy name. Click \u201cSave\u201d at the top left of the chart to save the visualization.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1316\" height=\"438\" class=\"wp-image-9144\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-6.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-6.png 1316w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-6-300x100.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-6-1024x341.png 1024w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-6-768x256.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-6-750x250.png 750w\" sizes=\"auto, (max-width: 1316px) 100vw, 1316px\" \/><\/p>\n<p>Provide a name for the visualization, write a brief description, and click \u201cSave\u201d. The visualization will now be available for others to view or for inclusion in dashboards.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"405\" height=\"452\" class=\"wp-image-9145\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-7.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-7.png 405w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-7-269x300.png 269w\" sizes=\"auto, (max-width: 405px) 100vw, 405px\" \/><\/p>\n<h2>TimeLion<\/h2>\n<p>TimeLion looks like it is going away soon, but it&#8217;s what I&#8217;ve seen as the recommendation for drawing horizontal lines on charts.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"819\" height=\"477\" class=\"wp-image-9146\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-8.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-8.png 819w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-8-300x175.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-8-768x447.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-8-750x437.png 750w\" sizes=\"auto, (max-width: 819px) 100vw, 819px\" \/><\/p>\n<p>This visualization type is a little cryptic \u2013 you need to enter <a href=\"https:\/\/www.elastic.co\/guide\/en\/kibana\/current\/timelion.html\">Timelion expression<\/a> &#8212; .es() retrieves data from ElasticSearch, .value(3500) draws a horizontal line at 3,500<\/p>\n<p>If there is null data at a time value, TimeLion will draw a discontinuous line. You can modify this behavior by specifying a <a href=\"https:\/\/github.com\/elastic\/kibana\/tree\/main\/src\/plugins\/vis_types\/timelion\/server\/fit_functions\">fit function<\/a>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1303\" height=\"479\" class=\"wp-image-9147\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-9.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-9.png 1303w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-9-300x110.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-9-1024x376.png 1024w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-9-768x282.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-9-750x276.png 750w\" sizes=\"auto, (max-width: 1303px) 100vw, 1303px\" \/><\/p>\n<p><a id=\"post-9137-_Toc108609897\"><\/a> Note that you\u2019ll need to click \u201cUpdate\u201d to update the chart before you are able to save the visualization.<\/p>\n<h2>Vega<\/h2>\n<p><a href=\"https:\/\/www.elastic.co\/guide\/en\/kibana\/current\/vega.html\">Vega<\/a> is an experimental visualization type.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"820\" height=\"476\" class=\"wp-image-9148\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-10.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-10.png 820w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-10-300x174.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-10-768x446.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-10-750x435.png 750w\" sizes=\"auto, (max-width: 820px) 100vw, 820px\" \/><\/p>\n<p>This is, by far, the most flexible but most complex approach to creating a visualization. I\u2019ve used it to create the <a href=\"https:\/\/www.rushworth.us\/lisa\/?p=9131\">Sankey visualization showing the source and destination countries from our firewall logs<\/a>. Both <a href=\"https:\/\/vega.github.io\/vega\/docs\/\">Vega<\/a> and <a href=\"https:\/\/vega.github.io\/vega-lite\/docs\/\">Vega-Lite<\/a> grammars can be used. ElasticCo provides a <a href=\"https:\/\/www.elastic.co\/blog\/getting-started-with-vega-visualizations-in-kibana\">getting started guide<\/a>, and there are many example online that you can use as the basis for your visualization.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"910\" height=\"410\" class=\"wp-image-9149\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-11.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-11.png 910w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-11-300x135.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-11-768x346.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-11-750x338.png 750w\" sizes=\"auto, (max-width: 910px) 100vw, 910px\" \/><\/p>\n<h1>Kibana \u2013 Creating a Dashboard<\/h1>\n<p>To create a dashboard, select the \u201cDashboards\u201d icon on the left-hand navigation bar. Click \u201cCreate dashboard\u201d<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1243\" height=\"251\" class=\"wp-image-9150\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-12.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-12.png 1243w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-12-300x61.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-12-1024x207.png 1024w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-12-768x155.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-12-750x151.png 750w\" sizes=\"auto, (max-width: 1243px) 100vw, 1243px\" \/><\/p>\n<p>Click \u201cAdd an existing\u201d to add existing visualizations to the dashboard.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"796\" height=\"461\" class=\"wp-image-9151\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-13.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-13.png 796w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-13-300x174.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-13-768x445.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-13-750x434.png 750w\" sizes=\"auto, (max-width: 796px) 100vw, 796px\" \/><\/p>\n<p>Select the dashboards you want added, then click \u201cSave\u201d to save your dashboard.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1279\" height=\"602\" class=\"wp-image-9152\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-14.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-14.png 1279w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-14-300x141.png 300w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-14-1024x482.png 1024w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-14-768x361.png 768w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-14-750x353.png 750w\" sizes=\"auto, (max-width: 1279px) 100vw, 1279px\" \/><\/p>\n<p>Provide a name and brief description, then click \u201cSave\u201d.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"412\" height=\"472\" class=\"wp-image-9153\" src=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-15.png\" srcset=\"https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-15.png 412w, https:\/\/www.rushworth.us\/lisa\/wp-content\/uploads\/2022\/07\/word-image-15-262x300.png 262w\" sizes=\"auto, (max-width: 412px) 100vw, 412px\" \/><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Kibana \u2013 Creating Visualizations General Time Series Visualization Pipeline Kibana \u2013 Creating a Dashboard Kibana \u2013 Creating Visualizations General To create a new visualization, select the visualization icon from the left-hand navigation menu and click \u201cCreate visualization\u201d. You\u2019ll need to select the type of visualization you want to create. TSVB (Time Series Visualization Builder) The &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1588],"tags":[931,1590,1591,1670,1671,1669],"class_list":["post-9137","post","type-post","status-publish","format-standard","hentry","category-elk","tag-data-visualization","tag-elasticsearch","tag-kibana","tag-timelion","tag-tsvb","tag-vega"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/9137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=9137"}],"version-history":[{"count":4,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/9137\/revisions"}],"predecessor-version":[{"id":9157,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/9137\/revisions\/9157"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=9137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=9137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=9137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}