See how you can save 70% of the cost by reducing log volume and staying compliant.

Introduction to Kibana Visualizations

Learning Objectives

• Understand what Kibana is.

• Understand the different types of data visualizations.

• Understand what a Kibana dashboard is.

• Understand how to import and export Kibana dashboards.

Kibana is an open-source front-end application that is part of the Elastic product suite, sitting at the top of the stack of Elasticsearch, Logstash, and Kibana, known colloquially as ELK stack. Kibana itself, among its various utilities, can be used through a web interface to monitor and secure ELK Stack instances and create centralized access to enterprise search and usability applications built into and developed on the ELK Stack. One of the most valuable functions of Kibana is its ability to turn application monitoring, performance data, and other analytics into visualizations--visually-comprehensible actionable intelligence to help support decision making and troubleshooting in real-time. 


Basics Building Blocks of Kibana Visualizations

Kibana visualizations take after queries from Elasticsearch. Kibana makes use of Elasticsearch aggregations, which are at their most basic level, any of several different simple units of work that assemble analytics information over a set of documents. These Kibana aggregations are the foundational building blocks of the data that we can visualize. We can break down aggregations into two classes: bucket aggregations and metric aggregations. Bucket aggregations are documents grouped according to logic and criteria determined by the user. Metric aggregations enable users to calculate values for the items within buckets based on the documents inside of them. Examples of aggregations from buckets include histograms, date range visualizations, terms, and geohash. Examples of aggregations that come from metrics include sum, average, maximum and minimum, percentiles, standard deviation, and unique counts. 


Types of Data Visualizations 

Kibana efficiently extracts aggregations to process data to turn disparate, esoteric data points into usable, understandable information in the form of graphics. These are crucial for monitoring performance, tracking analytics, and making other decisions using information specific to each operation.


We can create numerous types of visualizations in Kibana by combining the information available in aggregations. From there, we can break down the visualizations into the following categories: basic charts, data, maps, time series, and others. Each category contains basic visualizations, many of which have their subseries of options for display and configuration. Here are some of the highlights of capabilities within each category:


Basic Charts

Basic charts include traditional, simple types of visualization. Basic chart capabilities include:


  • Area--combined line chart and bar chart that shows how a group’s numeric values change corresponding to a progression of a second variable
  • Example: number of visitors over time
  • Heat Map--shows the magnitude of a phenomenon
  • Example--latency and outliers 
  • Horizontal Bar--a visual representation of comparative values of categorical information
  • Example--source URLs of visitors
  • Line--shows how information changes over time
  • Example--average processing power used by a server, over time
  • Pie--illustrates proportional quantities
  • Example--top memory consuming processes
  • Vertical Bar--a visual representation of comparative values of categorical information
  • Example--the number of visitors over time


Different basic charts lend themselves to different types of data. In general, however, this type of visual representation helps show relationships between two fields or values, particularly for plotting performance over time and locating trends and anomalies.


Data

The Data category of visualizations includes visual representations of raw numbers in tailored ways to highlight important information. Types of visualizations in the Data category include:


  • Data table--visually draws out and centralizes multiple categories of information
  • Example--Top users, host pod, container user
  • Gauge--show status of a metric compared to a predefined threshold
  • Example--memory consumption relative to the determined limit
  • Goal--Similar to a gauge, but it is tracking progress toward a goal
  • Example--the number of new visitors, as compared to the target number of unique visitors
  • Metric--a called-out individual number to show importance
  • Example--the number of active users


Maps

Map data adds geographical dimension to IP-based logs for ease of pinpointing trends and patterns relative to location. Types of maps include

  • Coordinate Map--shows the exact location of users
  • Region Map--groups users based on regions such as country or metropolitan area


Time Series

Time series visualizations allow users to develop more advanced queries based on time series data. Types of time series data include

  • Timeline--shows performance over time
  • Visual Builder--enables users to combine an infinite number of aggregations 


Other

There are also several uncategorized visualizations, including some experimental types of visualizations. These other visualizations include

  • Controls--which allows users to add sliders for alternating between visual options
  • Markdown--adds customized text or image-based visualizations to the dashboard
  • Tag Cloud--displays groups of words that are resized into a word cloud, relative to frequency or importance
  • Tags--allow users to add custom visualizations based on Vega and VegaLite


Kibana Dashboards

A Kibana dashboard serves as a centralized display of the collections of visualizations from Elasticsearch queries chosen to be extracted and displayed. Each Kibana dashboard is customizable in terms of the look and the specific choices of information that it shows. A user begins from the Kibana site by clicking the Dashboard button on the main menu and then selecting Create Dashboard. (Note: It may be helpful for a new user to become familiar with the functions of Kibana visualizations by using Kibana’s sample data, which is available under the Sample Weblogs card.)


To create a visualization, a user then selects a field to be analyzed and then a metric to visualize this data from the chart type dropdown. Each type of visualization discussed above has its distinct input parameters that show as visual prompts. 


Importing and Exporting Kibana Dashboards

The different Kibana visualizations can be imported and exported as JSON files. Recreating Kibana objects can be reused in other ELK deployments, saving time over having to play them from scratch. Under the Management dropdown, users can select Saved Objects to see a complete list of created and saved objects. We can export these as JSON files by clicking Export. Clicking Import will allow users to import objects into Kibana.


Conclusion

Kibana Visualizations are one of the more valuable and applicable functions of Kibana as a tool. The whole ability to customize within more than 18 types of visualizations varies in complexity. Still, it can all be beneficial when extrapolating voluminous amounts of esoteric data and turning it into actionable insight.


It’s time to let data charge