Visualization Using Kibana ( Part 2 )

In the previous article, we introduced Kibana and two simple visualizations. In this installment of the ELK series, we discuss more types of visualizations available in Kibana in detail. The visualizations panel allows for several options, such as the pie chart, line chart, bar chart, tile maps, and more. Let us try them out.

Pie Chart

Let us start by creating a pie chart, with the details of the top 5 client IPs from the indexed logs. Open the visualization panel and under the create new visualization section, click on the Pie Chart tab.

To the left of the visualization settings panel, we have numerous configuration options. Click the first option split slices. This gives us the option to do different types of aggregation. Do a terms aggregation on the field clientip.raw, which will give us the details of the aggregate of IPs of the client logins in our logs. After setting the aggregations, click the play button to the right of the visualization settings panel. The pie chart will generate with different slices showing the IP share for the selected time period.

 

 

Save this visualization as pie chart visualization.

Multi Layered Pie Chart

Suppose we need the information of the corresponding country names to the IP address occurrences. The best way to represent such information is the stacked pie chart, which can represent information on each layer. To create the stacked pie chart, click on the visualization tab, select the index pattern logstash-test-01 and then click on the pie chart section from the resulting window. Now apply the settings which we have applied to create the above pie chart.

Afterwards, you can see an add sub buckets option in the visualization settings panel. Click on that and select split slices. Now set the sub aggregations as terms and the field as geoip.country_name.raw. After this, click the play button to apply the necessary changes. This is what our stacked pie chart should look like:

 

 

After clicking the apply button, Kibana will generate a stacked pie chart as above. Save this visualization as multi layered pie chart. Clicking on the inner individual sections will zoom in and create a stacked pie chart of only one section. Click on the any section of the inner pie chart and it will zoom in and generate a pie chart like below:

 

 

This pie chart can be reverted to the original by clicking on the delete icon on the green tab, marked 1 in the figure.

Bar Chart

We also have data about the cities where the client has logged in. We can use a bar chart for the above purposes. Select the bar chart option from the visualization tab as we have selected the pie chart in the above case. The field in which the city names are embedded is geoip.city_name.raw. The following are the settings for rendering this bar chart:

 

 

Here you can see the top 5 cities from which people have logged into our website. After the bar chart generates, save it as BarChart-city-names.

Line Graph

Now create a line chart showing the hits count vs date. Select the line chart visualization from the visualization panel. Then proceed to apply the following settings to the visualization settings panel:

 

 

As shown in the figure, the hit-count and the date-values plot as a line graph. When this occurs, the graph renders in a tiny area as shown above. You can drag the mouse over the relevant part and Kibana automatically adjusts the graph to the selected time period. Save it with the name line chart visualization.

Bubble Chart

A few modifications to the bubble chart will allow us to visualize the line chart in a bubble chart model. Bubble charts are a great tool for visualization as it can represent three-dimensional data. For example, in the previous line chart, all the peak dots are of the same size and we need to hover over it to get the count info at that particular time. In bubble charts, the peak dots vary according to the size of the corresponding hit values. This means bigger values of hit-counts will have bigger circles.

Let us focus on how we can set up a bubble chart from the above line graph visualization. Create a new visualization and select the line graph tab and apply the above settings for line graph. In the visualization settings panel in the left, you can see the select metrics type. From there select the option Dot size and then select count as the aggregation value. This makes the dot size vary according to the count value. After this, select the options button (marked 1) and uncheck show connecting lines. Now click the play button to render the bubble chart.

 

 

As you can see in the picture, the size of the peak dots vary according to their hit size. Save the visualization as bubble chart.

Tile Map (Rework)

Tile maps are a new addition to Kibana. They will allow us to see, in a world map, the origins of client requests. This is possible by using the geohash aggregation on geoip.location fields. The geoip.location field generates via logstash with latitude and longitude information extracted from the IP address. To generate the tile map, select tile map from the visualizations tab and apply the following settings:

 

 

Save the above visualization as Tile Map.

Regarding tile maps, there is much to explore in the options panel (marked 1). Let us take a brief look. Click on the options panel, there will be a drop-down which has the following options:

 

 

In the drop down, selecting each option will change the map accordingly. An interesting new option is the heat-map, which is provided in this version of Kibana. Try it out and see the difference.

Conclusion

In this installment of the ELK series, we have learned how to create line, pie, bar charts, and tile maps. Questions/Comments? Drop us a line below.