This functionality is in beta and is subject to change. The design and code is less mature than official GA features and is being provided as-is with no warranties. Beta features are not subject to the support SLA of official GA features.
You can visualize your rolled up data in a variety of charts, tables, maps, and more. Most visualizations support rolled up data, with the exception of Timelion, Visual Builder, and Vega visualizations.
You create an index pattern for rolled up data the same way you do for any data, in Management > Kibana > Index patterns. Clicking Create index pattern includes an item for creating a rollup index pattern, if a rollup index is detected in the cluster.
You can match an index pattern to only rolled up data, or mix both rolled up and raw data to visualize all data together. An index pattern can match only one rolled up index, not multiple. There is no restriction on the number of standard indices that an index pattern can match.
Combination index patterns use the same
notation as other multiple indices in Elasticsearch. To match multiple indices to create a
combination index pattern, use a comma to separate the names, with no space after the comma.
The notation for wildcards (
*) and the ability to "exclude" (
-) also apply
When creating an index pattern, you’re asked to set a time field for filtering. With a rollup index, the time filter field is the same field used for the rolled up date histogram aggregation.
Keep the following in mind when creating a visualization from rolled up data:
- The data in a rollup index only has summarized metrics for specific fields. You can’t search any other field from the original raw data.
- Data is summarized into time buckets that might be split into sub buckets for numeric field values or terms. You can ask for a time aggregation that takes several time buckets and combines them to lower granularity. For example, if the rollup job was aggregated by hours, you can ask for buckets of days.
The data represented in this visualization comes from a rollup index and standard indices.
You can mix rollup visualizations and regular visualizations in a dashboard. The following dashboard shows this mix, along with a field filter. Note that not all queries and filters are supported by rollups.