The most frequently used visualizations allow you to plot aggregated data from a saved search or index pattern. They all support a single level of Elasticsearch Elasticsearch metric aggregations, and one or more levels of Elasticsearch bucket aggregations.
The most frequently used visualizations include:
- Line, area and bar charts
- Pie charts
- Data tables
- Metrics, goals, and gauges
- Heat maps
- Tag clouds
Configure your visualizationedit
You configure visualizations using the default editor, which is broken into metrics and buckets, and includes a default count metric. Each visualization supports different configurations for what the metrics and buckets represent. For example, a Bar chart allows you to add an X-axis:
A common configuration for the X-axis is to use a Elasticsearch date histogram aggregation:
To see your changes, click Apply changes
If it’s supported by the visualization, you can add more buckets. In this example we have
Elasticsearch terms aggregation on the field
geo.src to show the top 5 sources of log traffic.
The new aggregation is added after the first one, so the result shows the top 5 sources of traffic per 3 hours. If you want to change the aggregation order, you can do so by dragging:
The visualization now shows the top 5 sources of traffic overall, and compares them in 3 hour increments:
For more information about how aggregations are used in visualizations, see supported aggregations.
Each visualization also has its own customization options. Most visualizations allow you to customize the color of a specific series: