How To Kibana - PS3
How To Kibana - PS3
How To Kibana - PS3
edit
Learn the most common ways to build a dashboard from your own data. The tutorial
will use sample data from the perspective of an analyst looking at website logs,
but this type of dashboard works on any type of data. Before using this tutorial,
you should be familiar with the Kibana concepts.
Final dashboard vis
Add the data and create the dashboard
edit
Add the sample web logs data that you’ll use to create the dashboard panels.
Go to the Kibana Home page, then click Try our sample data.
On the Sample web logs card, click Add data.
Pick a field you want to analyze, such as clientip. If you want to analyze only
this field, you can use the Metric visualization to display a big number. The only
number function that you can use with clientip is Unique count. Unique count, also
referred to as cardinality, approximates the number of unique values of the
clientip field.
To select the visualization type, open the Chart type dropdown, then select
Metric.
Chart Type dropdown with Metric selected
Lens selects the Unique count function because it is the only numeric function
that works for IP addresses. You can also drag clientip to the layer pane for the
same result.
Lens has two shortcuts that simplify viewing metrics over time. If you drag a
numeric field to the workspace, Lens adds the default time field from the index
pattern. When you use the Date histogram function, you can replace the time field
by dragging the field to the workspace.
Lens creates a bar chart with the timestamp and Median of bytes fields, and
automatically chooses a date interval.
To zoom in on the data you want to view, click and drag your cursor across the
bars.
Zoom in on the data
To emphasize the change in Median of bytes over time, change to a line chart with
one of the following options:
You can increase and decrease the minimum interval that Lens uses, but you are
unable to decrease the interval below the Advanced Settings.
To save space on the dashboard, hide the vertical and horizontal axis labels.
Add a panel title to explain the panel, which is necessary because you removed the
axis labels.
The Top values function ranks the unique values of a field by another function. The
values are the most frequent when ranked by a Count function, and the largest when
ranked by the Sum function.
Create a visualization that displays the most frequent values of request.keyword on
your website, ranked by the unique visitors. To create the visualization, use Top
values of request.keyword ranked by Unique count of clientip, instead of being
ranked by Count of records.
From the Available fields list, drag clientip to the Vertical axis field in the
layer pane.
Lens automatically chooses the Unique count function. If you drag clientip to
the workspace, Lens adds the field to the incorrect axis.
When you drag a text or IP address field to the workspace, Lens adds the Top
values function ranked by Count of records to show the most frequent values.
The chart is hard to read because the request.keyword field contains long text. You
could try using one of the Suggestions, but the suggestions also have issues with
long text. Instead, create a Table visualization.
The table does not need a panel title because the columns are clearly labeled.
Use the Intervals function to select documents based on the number range of a
field. If the ranges were non numeric, or if the query required multiple clauses,
you could use the Filters function.
To specify the file size ranges, click bytes in the layer pane.
Click Create custom ranges, enter the following, then press Return:
Ranges — 0 → 10240
Label — Below 10KB
To display the values as a percentage of the sum of all values, use the Pie chart.
Knowing the distribution of a number helps you find patterns. For example, you can
analyze the website traffic per hour to find the best time to do routine
maintenance.
In the layer pane, click hour_of_day, then slide the Intervals granularity
slider until the horizontal axis displays hourly intervals.
You can use multiple functions in data tables and proportion charts. For example,
to create a chart that breaks down the traffic sources and user geography, use
Filters and Top values.
In the editor, click the Drop a field or click to add field for Group by, then
create a filter for each website traffic source.
From Select a function, click Filters.
Click All records, enter the following, then press Return:
KQL — referer : *facebook.com*
Label — Facebook
To change the Group by order, drag Top values of geo.src so that it appears
first.
Treemap visualization
To view only the Facebook and Twitter data, remove the Other category.
In the layer pane, click Top values of geo.src.
Open the Advanced dropdown, deselect Group other values as "Other", then
click Close.
Click Save and return.
Now that you have a complete overview of your web server data, save the dashboard.