NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
To create a visualization:
- Click on Visualize in the side navigation.
- Click the Create new visualization button or the + button.
Choose the visualization type:
Compare different series in X/Y charts.
Shade cells within a matrix.
Display each source’s contribution to a total.
Display the raw data of a composed aggregation.
Display a single number.
Display a gauge.
Associate the results of an aggregation with geographic locations.
Thematic maps where a shape’s color intensity corresponds to a metric’s value. locations.
Compute and combine data from multiple time series data sets.
Visualize time series data using pipeline aggregations.
Controls provide the ability to add interactive inputs to Kibana Dashboards.
Display free-form information or instructions.
Display words as a cloud in which the size of the word correspond to its importance.
Support for user-defined graphs, external data sources, images, and user-defined interactivity.
Specify a search query to retrieve the data for your visualization:
- To enter new search criteria, select the index pattern for the indices that contain the data you want to visualize. This opens the visualization builder with a wildcard query that matches all of the documents in the selected indices.
To build a visualization from a saved search, click the name of the saved search you want to use. This opens the visualization builder and loads the selected query.
When you build a visualization from a saved search, any subsequent modifications to the saved search are automatically reflected in the visualization. To disable automatic updates, you can disconnect a visualization from the saved search.
In the visualization builder, choose the metric aggregation for the visualization’s Y axis:
- Metric Aggregations:
- standard deviation
- unique count
- median (50th percentile)
- percentile ranks
- top hit
- geo centroid
- Parent Pipeline Aggregations:
- cumulative sum
- moving average
- serial diff
- Sibling Pipeline Aggregations:
- average bucket
- sum bucket
- min bucket
- max bucket
For the visualizations X axis, select a bucket aggregation:
For example, if you’re indexing Apache server logs, you could build bar chart
that shows the distribution of incoming requests by geographic location by
specifying a terms aggregation on the
The y-axis shows the number of requests received from each country, and the countries are displayed across the x-axis.
Bar, line, or area chart visualizations use metrics for the y-axis and
buckets for the x-axis. Buckets are analogous to SQL
statements. Pie charts, use the metric for the slice size and the bucket
for the number of slices.
You can further break down the data by specifying sub aggregations. The first aggregation determines the data set for any subsequent aggregations. Sub aggregations are applied in order—you can drag the aggregations to change the order in which they’re applied.
For example, you could add a terms sub aggregation on the
geo.dest field to
the Country of Origin bar chart to see the locations those requests were
For more information about working with sub aggregations, see Kibana, Aggregation Execution Order, and You.
Intro to Kibana
ELK for Logs & Metrics