Build your first dashboard

edit

Build your first dashboard

edit

Learn the most common ways to build a dashboard from your own data. The tutorial will use sample data from the perspective of an analyst looking at website logs, but this type of dashboard works on any type of data. Before using this tutorial, you should be familiar with the Kibana concepts.

Final dashboard vis

Add the data and create the dashboard

edit

Add the sample web logs data that you’ll use to create the dashboard panels.

  1. Go to the Kibana Home page, then click Try our sample data.
  2. On the Sample web logs card, click Add data.

Create the dashboard where you’ll display the visualization panels.

  1. Open the main menu, then click Dashboard.
  2. Click Create dashboard.
  3. Set the time filter to Last 90 days.

Open Lens and get familiar with the data

edit
  1. On the dashboard, click Create visualization.
  2. Make sure the kibana_sample_data_logs index appears.

    Lens index pattern selector
  3. To create the visualizations in this tutorial, you’ll use the Records, timestamp, bytes, clientip, and referer.keyword fields. To see the most frequent values of a field, hover over the field name, then click i.

Create your first visualization

edit

Pick a field you want to analyze, such as clientip. If you want to analyze only this field, you can use the Metric visualization to display a big number. The only number function that you can use with clientip is Unique count. Unique count, also referred to as cardinality, approximates the number of unique values of the clientip field.

  1. To select the visualization type, open the Chart type dropdown, then select Metric.

    Chart Type dropdown with Metric selected
  2. From the Available fields list, drag clientip to the workspace.

    Changed type and dropped clientip field

    Lens selects the Unique count function because it is the only numeric function that works for IP addresses. You can also drag clientip to the layer pane for the same result.

  3. In the layer pane, click Unique count of clientip.

    1. In the Display name field, enter Unique visitors.
    2. Click Close.
  4. Click Save and return.

    The metric visualization has its own label, so you do not need to add a panel title.

View a metric over time

edit

Lens has two shortcuts that simplify viewing metrics over time. If you drag a numeric field to the workspace, Lens adds the default time field from the index pattern. When you use the Date histogram function, you can replace the time field by dragging the field to the workspace.

To visualize the bytes field over time:

  1. On the dashboard, click Create visualization.
  2. From the Available fields list, drag bytes to the workspace.

    Lens creates a bar chart with the timestamp and Median of bytes fields, and automatically chooses a date interval.

  3. To zoom in on the data you want to view, click and drag your cursor across the bars.

    Zoom in on the data

To emphasize the change in Median of bytes over time, change to a line chart with one of the following options:

  • From the Suggestions, click the line chart.
  • Open the Chart type dropdown in the editor toolbar, then select Line.
  • Open the Chart type menu in the layer pane, then click the line chart.

You can increase and decrease the minimum interval that Lens uses, but you are unable to decrease the interval below the Advanced Settings.

To set the minimum time interval:

  1. In the layer pane, click timestamp.
  2. Select Customize time interval.
  3. Change the Minimum interval to 1 days, then click Close.

To save space on the dashboard, hide the vertical and horizontal axis labels.

  1. Open the Left axis menu, then deselect Show.

    Turn off axis label
  2. Open the Bottom axis menu, then deselect Show.
  3. Click Save and return

Add a panel title to explain the panel, which is necessary because you removed the axis labels.

  1. Open the panel menu, then select Edit panel title.
  2. In the Panel title field, enter Median of bytes, then click Save.

View the top values of a field

edit

The Top values function ranks the unique values of a field by another function. The values are the most frequent when ranked by a Count function, and the largest when ranked by the Sum function.

Create a visualization that displays the most frequent values of request.keyword on your website, ranked by the unique visitors. To create the visualization, use Top values of request.keyword ranked by Unique count of clientip, instead of being ranked by Count of records.

  1. On the dashboard, click Create visualization.
  2. From the Available fields list, drag clientip to the Vertical axis field in the layer pane.

    Lens automatically chooses the Unique count function. If you drag clientip to the workspace, Lens adds the field to the incorrect axis.

    When you drag a text or IP address field to the workspace, Lens adds the Top values function ranked by Count of records to show the most frequent values.

  3. Drag request.keyword to the workspace.

    Vertical bar chart with top values of request.keyword by most unique visitors

    Lens adds Top values of request.keyword to the Horizontal axis.

The chart is hard to read because the request.keyword field contains long text. You could try using one of the Suggestions, but the suggestions also have issues with long text. Instead, create a Table visualization.

  1. Open the Chart type dropdown, then select Table.

    Table with top values of request.keyword by most unique visitors
  2. In the layer pane, click Top values of request.keyword.

    1. In the Number of values field, enter 10.
    2. In the Display name field, enter Page URL.
    3. Click Close.
  3. Click Save and return.

    The table does not need a panel title because the columns are clearly labeled.

Compare a subset of documents to all documents

edit

Create a proportional visualization that helps you to determine if your users transfer more bytes from documents under 10KB versus documents over 10 Kb.

  1. On the dashboard, click Create visualization.
  2. From the Available fields list, drag bytes to the Vertical axis field in the layer pane.
  3. Click Median of bytes, click the Sum function, then click Close.
  4. From the Available fields list, drag bytes to the Break down by field in the layer pane.

Use the Intervals function to select documents based on the number range of a field. If the ranges were non numeric, or if the query required multiple clauses, you could use the Filters function.

  1. To specify the file size ranges, click bytes in the layer pane.
  2. Click Create custom ranges, enter the following, then press Return:

    • Ranges010240
    • LabelBelow 10KB
  3. Click Add range, enter the following, then press Return:

    • Ranges10240+∞
    • LabelAbove 10KB

      Custom ranges configuration
  4. From the Value format dropdown, select Bytes (1024), then click Close.

To display the values as a percentage of the sum of all values, use the Pie chart.

  1. Open the Chart Type dropdown, then select Pie.
  2. Click Save and return.
  3. Add a panel title.

    1. Open the panel menu, then select Edit panel title.
    2. In the Panel title field, enter Sum of bytes from large requests, then click Save.

View the distribution of a number field

edit

Knowing the distribution of a number helps you find patterns. For example, you can analyze the website traffic per hour to find the best time to do routine maintenance.

  1. On the dashboard, click Create visualization.
  2. From the Available fields list, drag bytes to Vertical axis field in the layer pane.
  3. In the layer pane, click Median of bytes

    1. Click the Sum function.
    2. In the Display name field, enter Transferred bytes.
    3. From the Value format dropdown, select Bytes (1024), then click Close.
  4. From the Available fields list, drag hour_of_day to Horizontal axis field in the layer pane.
  5. In the layer pane, click hour_of_day, then slide the Intervals granularity slider until the horizontal axis displays hourly intervals.

    The Intervals function displays an evenly spaced distribution of the field.

  6. Click Save and return.

Create a multi-level chart

edit

You can use multiple functions in data tables and proportion charts. For example, to create a chart that breaks down the traffic sources and user geography, use Filters and Top values.

  1. On the dashboard, click Create visualization.
  2. Open the Chart type dropdown, then select Treemap.
  3. From the Available fields list, drag Records to the Size by field in the layer pane.
  4. In the editor, click the Drop a field or click to add field for Group by, then create a filter for each website traffic source.

    1. From Select a function, click Filters.
    2. Click All records, enter the following, then press Return:

      • KQLreferer : *facebook.com*
      • LabelFacebook
    3. Click Add a filter, enter the following, then press Return:

      • KQLreferer : *twitter.com*
      • LabelTwitter
    4. Click Add a filter, enter the following, then press Return:

      • KQLNOT referer : *twitter.com* OR NOT referer: *facebook.com*
      • LabelOther
    5. Click Close.

Add a geography grouping:

  1. From the Available fields list, drag geo.src to the workspace.
  2. To change the Group by order, drag Top values of geo.src so that it appears first.

    Treemap visualization
  3. To view only the Facebook and Twitter data, remove the Other category.

    1. In the layer pane, click Top values of geo.src.
    2. Open the Advanced dropdown, deselect Group other values as "Other", then click Close.
  4. Click Save and return.
  5. Add a panel title.

    1. Open the panel menu, then select Edit panel title.
    2. In the Panel title field, enter Page views by location and referrer, then click Save.

Arrange the dashboard panels

edit

Resize and move the panels so they all appear on the dashboard without scrolling.

Decrease the size of the following panels, then move them to the first row:

  • Unique visitors
  • Median of bytes
  • Sum of bytes from large requests
  • hour_of_day

Save the dashboard

edit

Now that you have a complete overview of your web server data, save the dashboard.

  1. In the toolbar, click Save.
  2. On the Save dashboard window, enter Logs dashboard in the Title field.
  3. Select Store time with dashboard.
  4. Click Save.