16 December 2014 Engineering

Kibana 4 Beta 3: Now More Filtery

By Rashid Khan

Kibana 4 Beta 3 is out! Along with the usual smattering of small fixes come a few knockout headliners. Once again, we offer you the choice to dive right in by grabbing it here: download Kibana 4 Beta 3. However, we suggest you check out the remainder of this post for the feature-by-feature breakdown. Ooo, break it down now! Dance!

Interactive Charts and Dashboards

Filters are back on the dashboard, and now available in single visualizations too! Bars, points, and pie slices are all clickable and create toggleable filters. We also added some functions to operate on all filters, so you can toggle back and forth between sets with a single click.

Scripted Fields

UPDATE: As a security precaution, starting with version 4.0.0-RC1, Kibana scripted fields default to Lucene Expressions, not Groovy, as the scripting language. Since Lucene Expressions only support operations on numerical fields, the example below dealing with date math does not work in Kibana 4.0.0-RC1+ versions.

Kibana now includes support for Elasticsearch scripting! Not only can you write scripts, you can name them and access them like fields anywhere in the application. Create a scripted field and it becomes part of the documents you view in Kibana as if it was always there. The only catch is that since the script isn't technically part of the Elasticsearch index, you can not search scripted fields.

You can, however, use scripts to combine several fields, or perform math on number fields, and then drop the result into a visualization. To help get you started, we've added a handy link in the scripted fields screen titled “Create a few examples from your date fields." Find it by heading to the Settings tab's “Index" section. Select or create an index pattern and click the “Scripted Fields" tab.

Once you've done that, you'll find yourself with a few new numeric fields available for use in aggregations. For example, we can look at the 24 hours that make up the day, and get the total hits for all of them across 30 days:

Highlighting and a New Format for _source

JSON is great. We all love JSON. Who doesn't love JSON? XML, that's who, but that's beside the point.

JSON can be a bit of a jumble to look at full time, so we've taken to nicely formatting it. The raw JSON for the event is, of course, always available by expanding the record's row and clicking over to the JSON tab. Oh, and while we were at it, we threw in highlighting, too. Kibana will now automatically highlight matching fields, and even march them to the front of the line:

Hit Links

Maybe you noticed that little "Link to.." in the screenshot above? You might not need to share a visualization or a search, you simply need someone to see just one important hit. Now, it's easy!

Metric Visualization

Sometimes you don't need a chart or a document! You just need that one number, on a dashboard, right now. And here it is:

Ok, there it is! Enjoy! As always, ping us on GitHub with issues, suggestions and contributions. Or, if you love IRC like we do, join us in #kibana on Freenode.