Line Charts

edit

This chart’s Y axis is the metrics axis. The following aggregations are available for this axis:

Count
The count aggregation returns a raw count of the elements in the selected index pattern.
Average
This aggregation returns the average of a numeric field. Select a field from the drop-down.
Sum
The sum aggregation returns the total sum of a numeric field. Select a field from the drop-down.
Min
The min aggregation returns the minimum value of a numeric field. Select a field from the drop-down.
Max
The max aggregation returns the maximum value of a numeric field. Select a field from the drop-down.
Unique Count
The cardinality aggregation returns the number of unique values in a field. Select a field from the drop-down.
Standard Deviation
The extended stats aggregation returns the standard deviation of data in a numeric field. Select a field from the drop-down.
Percentiles
The percentile aggregation divides the values in a numeric field into percentile bands that you specify. Select a field from the drop-down, then specify one or more ranges in the Percentiles fields. Click the X to remove a percentile field. Click + Add to add a percentile field.
Percentile Rank
The percentile ranks aggregation returns the percentile rankings for the values in the numeric field you specify. Select a numeric field from the drop-down, then specify one or more percentile rank values in the Values fields. Click the X to remove a values field. Click +Add to add a values field.

You can add an aggregation by clicking the + Add Aggregation button.

Before you choose a buckets aggregation, specify if you are splitting slices within a single chart or splitting into multiple charts. A multiple chart split must run before any other aggregations. When you split a chart, you can change if the splits are displayed in a row or a column by clicking the Rows | Columns selector.

The X axis of this chart is the buckets axis. You can define buckets for the X axis, for a split area on the chart, or for split charts.

This chart’s X axis supports the following aggregations. Click the linked name of each aggregation to visit the main Elasticsearch documentation for that aggregation.

Date Histogram
A date histogram is built from a numeric field and organized by date. You can specify a time frame for the intervals in seconds, minutes, hours, days, weeks, months, or years. You can also specify a custom interval frame by selecting Custom as the interval and specifying a number and a time unit in the text field. Custom interval time units are s for seconds, m for minutes, h for hours, d for days, w for weeks, and y for years. Different units support different levels of precision, down to one second.
Histogram
A standard histogram is built from a numeric field. Specify an integer interval for this field. Select the Show empty buckets checkbox to include empty intervals in the histogram.
Range
With a range aggregation, you can specify ranges of values for a numeric field. Click Add Range to add a set of range endpoints. Click the red (x) symbol to remove a range.
Date Range
A date range aggregation reports values that are within a range of dates that you specify. You can specify the ranges for the dates using date math expressions. Click Add Range to add a set of range endpoints. Click the red (/) symbol to remove a range.
IPv4 Range
The IPv4 range aggregation enables you to specify ranges of IPv4 addresses. Click Add Range to add a set of range endpoints. Click the red (/) symbol to remove a range.
Terms
A terms aggregation enables you to specify the top or bottom n elements of a given field to display, ordered by count or a custom metric.
Filters
You can specify a set of filters for the data. You can specify a filter as a query string or in JSON format, just as in the Discover search bar. Click Add Filter to add another filter. Click the Label button icon label button to open the label field, where you can type in a name to display on the visualization.
Significant Terms
Displays the results of the experimental significant terms aggregation.

Once you’ve specified an X axis aggregation, you can define sub-aggregations to refine the visualization. Click + Add Sub Aggregation to define a sub-aggregation, then choose Split Area or Split Chart, then select a sub-aggregation from the list of types.

When multiple aggregations are defined on a chart’s axis, you can use the up or down arrows to the right of the aggregation’s type to change the aggregation’s priority.

You can customize the colors of your visualization by clicking the color dot next to each label to display the color picker.

An array of color dots that users can select

You can click the Advanced link to display more customization options for your metrics or bucket aggregation:

Exclude Pattern
Specify a pattern in this field to exclude from the results.
Exclude Pattern Flags
A standard set of Java flags for the exclusion pattern.
Include Pattern
Specify a pattern in this field to include in the results.
Include Pattern Flags
A standard set of Java flags for the inclusion pattern.
JSON Input
A text field where you can add specific JSON-formatted properties to merge with the aggregation definition, as in the following example:
{ "script" : "doc['grade'].value * 1.2" }

In Elasticsearch releases 1.4.3 and later, this functionality requires you to enable dynamic Groovy scripting.

The availability of these options varies depending on the aggregation you choose.

Select the Options tab to change the following aspects of the chart:

Y-Axis Scale
You can select linear, log, or square root scales for the chart’s Y axis. You can use a log scale to display data that varies exponentially, such as a compounding interest chart, or a square root scale to regularize the display of data sets with variabilities that are themselves highly variable. This kind of data, where the variability is itself variable over the domain being examined, is known as heteroscedastic data. For example, if a data set of height versus weight has a relatively narrow range of variability at the short end of height, but a wider range at the taller end, the data set is heteroscedastic.
Smooth Lines
Check this box to curve the line from point to point. Bear in mind that smoothed lines necessarily affect the representation of your data and create a potential for ambiguity.
Show Connecting Lines
Check this box to draw lines between the points on the chart.
Show Circles
Check this box to draw each data point on the chart as a small circle.
Current time marker
For charts of time-series data, check this box to draw a red line on the current time.
Set Y-Axis Extents
Check this box and enter values in the y-max and y-min fields to set the Y axis to specific values.
Show Tooltip
Check this box to enable the display of tooltips.
Show Legend
Check this box to enable the display of a legend next to the chart.
Scale Y-Axis to Data Bounds
The default Y-axis bounds are zero and the maximum value returned in the data. Check this box to change both upper and lower bounds to match the values returned in the data.

After changing options, click the green Apply changes button to update your visualization, or the grey Discard changes button to keep your visualization in its current state.

Bubble Charts

edit

You can convert a line chart visualization to a bubble chart by performing the following steps:

  1. Click Add Metrics for the visualization’s Y axis, then select Dot Size.
  2. Select a metric aggregation from the drop-down list.
  3. In the Options tab, uncheck the Show Connecting Lines box.
  4. Click the Apply changes button.

Viewing Detailed Information

edit

To display the raw data behind the visualization, click the bar at the bottom of the container. Tabs with detailed information about the raw data replace the visualization:

TableA representation of the underlying data, presented as a paginated data grid. You can sort the items in the table by clicking on the table headers at the top of each column.

RequestThe raw request used to query the server, presented in JSON format.

ResponseThe raw response from the server, presented in JSON format.

StatisticsA summary of the statistics related to the request and the response, presented as a data grid. The data grid includes the query duration, the request duration, the total number of records found on the server, and the index pattern used to make the query.

To export the raw data behind the visualization as a comma-separated-values (CSV) file, click on either the Raw or Formatted links at the bottom of any of the detailed information tabs. A raw export contains the data as it is stored in Elasticsearch. A formatted export contains the results of any applicable Kibana field formatters.