Supported aggregationsedit
Use the supported aggregations to build your visualizations.
Metric aggregationsedit
Metric aggregations extract field from documents to generate data values.
 Average
 The mean value.
 Count
 The total number of documents that match the query, which allows you to visualize the number of documents in a bucket. Count is the default value.
 Max
 The highest value.
 Median
 The value that is in the 50% percentile.
 Min
 The lowest value.
 Percentile ranks
 Returns the percentile rankings for the values in the specified numeric field. Select a numeric field from the dropdown, then specify one or more percentile rank values in the Values fields.
 Percentiles
 Divides the values in a numeric field into specified percentile bands. Select a field from the dropdown, then specify one or more ranges in the Percentiles fields.
 Standard Deviation
 Requires a numeric field. Uses the extended stats aggregation.
 Sum
 The total value.
 Top hit
 Returns a sample of individual documents. When the Top Hit aggregation is matched to more than one document, you must choose a technique for combining the values. Techniques include average, minimum, maximum, and sum.
 Unique Count
 The Cardinality of the field within the bucket.
Alternatively, you can override the field values with a script using JSON input. For example:
{ "script" : "doc['grade'].value * 1.2" }
The example implements a Elasticsearch Script Value Source, which replaces the value in the metric. The options available depend on the aggregation you choose.
Parent pipeline aggregationsedit
Parent pipeline aggregations assume the bucket aggregations are ordered and are especially useful for time series data. For each parent pipeline aggregation, you must define a bucket aggregation and metric aggregation.
You can also nest these aggregations. For example, if you want to produce a third derivative.
 Bucket script
 Executes a script that performs computations for each bucket that specifies metrics in the parent multibucket aggregation.
 Cumulative sum
 Calculates the cumulative sum of a specified metric in a parent histogram.
 Derivative
 Calculates the derivative of specific metrics.
 Moving avg
 Slides a window across the data and emits the average value of the window.
 Serial diff
 Values in a time series are subtracted from itself at different time lags or periods.
Sibling pipeline aggregationsedit
Sibling pipeline aggregations condense many buckets into one. For each sibling pipeline aggregation, you must define a bucket aggregations and metric aggregation.
 Average bucket
 Calculates the mean, or average, value of a specified metric in a sibling aggregation.
 Max Bucket
 Calculates the maximum value of a specified metric in a sibling aggregation.
 Min Bucket
 Calculates the minimum value of a specified metric in a sibling aggregation.
 Sum Bucket
 Calculates the sum of the values of a specified metric in a sibling aggregation.
Bucket aggregationsedit
Bucket aggregations sort documents into buckets, depending on the contents of the document.
 Date histogram
 Splits a date field into buckets by interval. If the date field is the primary time field for the index pattern, it chooses an automatic interval for you. Intervals are labeled at the start of the interval, using the datekey returned by Elasticsearch. For example, the tooltip for a monthly interval displays the first day of the month.
 Date range
 Reports values that are within a range of dates that you specify. You can specify the ranges for the dates using date math expressions.
 Filter
 Each filter creates a bucket of documents. You can specify a filter as a KQL or Lucene query string.
 Geohash
 Displays points based on a geohash. Supported by data table visualizations and Maps.
 Geotile
 Groups points based on web map tiling. Supported by data table visualizations and Maps.
 Histogram
 Builds from a numeric field.
 IPv4 range
 Specify ranges of IPv4 addresses.
 Range
 Specify ranges of values for a numeric field.
 Significant terms
 Returns interesting or unusual occurrences of terms in a set. Supports Elasticsearch exclude and include patterns.
 Terms
 Specify the top or bottom n elements of a given field to display, ordered by count or a custom metric. Supports Elasticsearch exclude and include patterns.
Kibana filters string fields with only regular expression patterns, and does not filter numeric fields or match with arrays.
For example:

You want to exclude the metricbeat process from your visualization of top processes:
metricbeat.*

You only want to show processes collecting beats:
.*beat

You want to exclude two specific values, the string
"empty"
and"none"
:emptynone
Patterns are case sensitive.