Build a map to compare metrics by country or regionedit

If you are new to Maps, this tutorial is a good place to start. It guides you through the common steps for working with your location data.

You will learn to:

  • Create a map with multiple layers and data sources
  • Use symbols, colors, and labels to style data values
  • Embed a map in a dashboard
  • Search across panels in your dashboard

When you complete this tutorial, you’ll have a map that looks like this:

sample data web logs

Prerequisitesedit

  • If you don’t already have Kibana, set it up with our free trial.
  • This tutorial requires the web logs sample data set. The sample data includes a [Logs] Total Requests and Bytes map, which you’ll re-create in this tutorial.
  • You must have the correct privileges for creating a map. If you don’t have sufficient privileges to create or save maps, a read-only icon appears in the toolbar. For more information, refer to Granting access to Kibana.

Step 1. Create a mapedit

  1. Open the main menu, and then click Dashboard.
  2. Click Create dashboard.
  3. Set the time range to Last 7 days.
  4. Click the Create new Maps icon app gis icon

Step 2. Add a choropleth layeredit

The first layer you’ll add is a choropleth layer to shade world countries by web log traffic. Darker shades will symbolize countries with more web log traffic, and lighter shades will symbolize countries with less traffic.

  1. Click Add layer, and then click Choropleth.
  2. From the Layer dropdown menu, select World Countries.
  3. In Statistics source, set:

    • Index pattern to kibana_sample_data_logs
    • Join field to geo.dest
  4. Click Add layer.
  5. In Layer settings, set:

    • Name to Total Requests by Destination
    • Opacity to 50%
  6. Add a Tooltip field:

    • ISO 3166-1 alpha-2 code is added by default.
    • Click + Add to open field select.
    • Select name and click Add.
  7. In Layer style:

    • Set Fill color: As number to the grey color ramp.
    • Set Border color to white.
    • Under Label, change By value to Fixed.
  8. Click Save & close.

    Your map now looks like this:

    gs add cloropeth layer

Step 3. Add layers for the Elasticsearch dataedit

To avoid overwhelming the user with too much data at once, you’ll add two layers for the Elasticsearch data. The first layer will display individual documents when users zoom in on the map. The second layer will display aggregated data when users zoom the map out.

Add a layer for individual documentsedit

This layer displays web log documents as points. The layer is only visible when users zoom in.

  1. Click Add layer, and then click Documents.
  2. Set Index pattern to kibana_sample_data_logs.
  3. Set Scaling to Limits results to 10000.
  4. Click Add layer.
  5. In Layer settings, set:

    • Name to Actual Requests
    • Visibility to the range [9, 24]
    • Opacity to 100%
  6. Add a tooltip field and select agent, bytes, clientip, host, machine.os, request, response, and timestamp.
  7. In Layer style, set Fill color to #2200FF.
  8. Click Save & close.

    Your map will look like this from zoom level 9 to 24:

    gs add es document layer

Add a layer for aggregated dataedit

You’ll create a layer for aggregated data and make it visible only when the map is zoomed out. Darker colors will symbolize grids with more web log traffic, and lighter colors will symbolize grids with less traffic. Larger circles will symbolize grids with more total bytes transferred, and smaller circles will symbolize grids with less bytes transferred.

  1. Click Add layer, and select Clusters and grids.
  2. Set Index pattern to kibana_sample_data_logs.
  3. Click Add layer.
  4. In Layer settings, set:

    • Name to Total Requests and Bytes
    • Visibility to the range [0, 9]
    • Opacity to 100%
  5. In Metrics:

    • Set Agregation to Count.
    • Click Add metric.
    • Set Aggregation to Sum with Field set to bytes.
  6. In Layer style, change Symbol size:

    • Set the field select to sum bytes.
    • Set the min size to 7 and the max size to 25 px.
  7. Click Save & close button.

    Your map will look like this between zoom levels 0 and 9:

    sample data web logs

Step 4. Save the mapedit

Now that your map is complete, save it and return to the dashboard.

  1. In the toolbar, click Save and return.

Step 5. Explore your data from the dashboardedit

View your geospatial data alongside a heat map and pie chart, and then filter the data. When you apply a filter in one panel, it is applied to all panels on the dashboard.

  1. Click Add from library to open a list of panels that you can add to the dashboard.
  2. Add [Logs] Unique Visitor Heatmap and [Logs] Bytes distribution to the dashboard.

    gs dashboard with map
  3. To filter for documents with unusually high byte values, click and drag in the Bytes distribution chart.
  4. Remove the filter by clicking x next to its name in the filter bar.
  5. Set a filter from the map:

    1. Open a tooltip by clicking anywhere in the United States vector.
    2. To show only documents where geo.src is US, click the filter icon in the row for ISO 3066-1 alpha-2.

      gs dashboard with terms filter

What’s next?edit