Explore Kibana using sample dataedit

Ready to get some hands-on experience with Kibana? In this tutorial, you’ll work with Kibana sample data and learn to:

Note

If security is enabled, you must have read, write, and manage privileges on the kibana_sample_data_* indices. See Security Privileges for more information.

Add sample dataedit

Install the Flights sample data set, if you haven’t already.

  1. On the Kibana home page, click the link underneath Add sample data.
  2. On the Sample flight data card, click Add data.
  3. Once the data is added, click View data > Dashboard.

    You’re taken to the Global Flight dashboard, a collection of charts, graphs, maps, and other visualizations of the the data in the kibana_sample_data_flights index.

    tutorial sample dashboard

Filter and query the dataedit

You can use filters and queries to narrow the view of the data. For more detailed information on these actions, see Query and filter context.

Filter the dataedit

  1. In the Controls visualization, set an Origin City and a Destination City.
  2. Click Apply changes.

    The OriginCityName and the DestCityName fields are filtered to match the data you specified.

    For example, this dashboard shows the data for flights from London to Oslo.

    tutorial sample filter
  3. To add a filter manually, click Add filter in the filter bar, and specify the data you want to view.
  4. When you are finished experimenting, remove all filters.

Query the dataedit

  1. To find all flights out of Rome, enter this query in the query bar and click Update:

    OriginCityName:Rome
  2. For a more complex query with AND and OR, try this:

    OriginCityName:Rome AND (Carrier:JetBeats OR "Kibana Airlines")

    The dashboard updates to show data for the flights out of Rome on JetBeats and Kibana Airlines.

    tutorial sample query
  3. When you are finished exploring the dashboard, remove the query by clearing the contents in the query bar and clicking Update.

Discover the dataedit

In Discover, you have access to every document in every index that matches the selected index pattern. The index pattern tells Kibana which Elasticsearch index you are currently exploring. You can submit search queries, filter the search results, and view document data.

  1. In the side navigation, click Discover.
  2. Ensure kibana_sample_data_flights is the current index pattern. You might need to click New in the menu bar to refresh the data.

    You’ll see a histogram that shows the distribution of documents over time. A table lists the fields for each matching document. By default, all fields are shown.

    tutorial sample discover1
  3. To choose which fields to display, hover the pointer over the list of Available fields, and then click add next to each field you want include as a column in the table.

    For example, if you add the DestAirportID and DestWeather fields, the display includes columns for those two fields.

    tutorial sample discover2

Edit a visualizationedit

You have edit permissions for the Global Flight dashboard, so you can change the appearance and behavior of the visualizations. For example, you might want to see which airline has the lowest average fares.

  1. In the side navigation, click Recently viewed and open the Global Flight Dashboard.
  2. In the menu bar, click Edit.
  3. In the Average Ticket Price visualization, click the gear icon in the upper right.
  4. From the Options menu, select Edit visualization.

    Average Ticket Price is a metric visualization. To specify which groups to display in this visualization, you use an Elasticsearch bucket aggregation. This aggregation sorts the documents that match your search criteria into different categories, or buckets.

Create a bucket aggregationedit

  1. In the Buckets pane, select Add > Split group.
  2. In the Aggregation dropdown, select Terms.
  3. In the Field dropdown, select Carrier.
  4. Set Descending to 4.
  5. Click Apply changes apply changes button.

    You now see the average ticket price for all four airlines.

    tutorial sample edit1

Save the visualizationedit

  1. In the menu bar, click Save.
  2. Leave the visualization name as is and confirm the save.
  3. Go to the Global Flight dashboard and scroll the Average Ticket Price visualization to see the four prices.
  4. Optionally, edit the dashboard. Resize the panel for the Average Ticket Price visualization by dragging the handle in the lower right. You can also rearrange the visualizations by clicking the header and dragging. Be sure to save the dashboard.

    tutorial sample edit2

Inspect the dataedit

Seeing visualizations of your data is great, but sometimes you need to look at the actual data to understand what’s really going on. You can inspect the data behind any visualization and view the Elasticsearch query used to retrieve it.

  1. In the dashboard, hover the pointer over the pie chart, and then click the icon in the upper right.
  2. From the Options menu, select Inspect.

    The initial view shows the document count.

    tutorial sample inspect1
  3. To look at the query used to fetch the data for the visualization, select View > Requests in the upper right of the Inspect pane.

Remove the sample data setedit

When you’re done experimenting with the sample data set, you can remove it.

  1. Go to the Sample data page.
  2. On the Sample flight data card, click Remove.

Next stepsedit

Now that you have a handle on the Kibana basics, you might be interested in the tutorial Build your own dashboard, where you’ll learn to:

  • Load data
  • Define an index pattern
  • Discover and explore data
  • Create visualizations
  • Add visualizations to a dashboard