Data Visualization with Kibana

Before getting started with Kibana, let's begin by having a look at what you will learn in this course.

What is Kibana? What is it used for, and what can we do with it? After completing this lecture, you will know the answers to those questions and more.

When it comes to installing Kibana (and Elasticsearch), we have a couple of options. Let's review which options we have available, and pros and cons of each.

Learn how to create an Elasticsearch and Kibana deployment on Elastic Cloud, which is usually the easiest and fastest way to get started learning Kibana.

Learn how to install both Elasticsearch and Kibana on macOS and Linux.

Learn how to install both Elasticsearch and Kibana on Windows.

To get the most out of Kibana, we need to activate a trial license. This way, we can access and use all Kibana features. This is only required for local Kibana deployments/installations.

In this lecture, we are going to look at a super useful development tool. Namely the Console tool, which is used to send queries to Elasticsearch.

Before importing the test data that we will use throughout this course, we need to add two so-called index templates. In this lecture you will learn how to do so, along with learning the basics of what index templates are.

Kibana is not much fun without any data, so let's import some test data. We will be working with two datasets throughout the course; one for HTTP access logs, and one for orders.

Let's talk a bit about the test data that we imported in the previous lecture. Specifically which fields it contains.

The last thing we need to do before everything is set up, is to create two data views. Along the way, you will learn what data views are all about and why we need to add them.

Data views used to be called index patterns.

Before we dive into specific Kibana features, let's take a moment to walk through the various apps that Kibana contains. We won't cover all of the apps, but you will learn which ones are available and what we can do with them.

When working with data within Kibana, we need to define which time period we would like to see data for. This is especially the case since our test data is dated back to the beginning of 2020. In this lecture, you will learn the various ways of using Kibana's time filter.

In this lecture, you will learn what the Kibana Query Language — or KQL — is. You will also see a lot of example queries so that you will be proficient with using it yourself.

In this lecture you will learn everything there is to know about the Discover app, being where we can filter and search for documents.

Unlike saving searches, let's see how we can save queries. Besides learning how to save queries, you will also learn the difference between the two.

Sometimes it might be useful to see which requests Kibana sends to Elasticsearch on our behalf. You will learn how to inspect the requests in this lecture.

Kibana does a bit of time zone conversion when working with timestamps, both in regards to the time filter and document fields. Learn how this time zone conversion works.

Sometimes we might not want Kibana to convert timestamps to our local time zone. Learn how to change Kibana's time zone to avoid this.

Let's introduce the concept of visualizations and take a quick peek at which ones are available.

Before getting started with visualizations, you need to understand the basics of Elasticsearch aggregations. In case you are not already familiar with them, here is a quick introduction.

Just a quick note regarding recent UI changes.

As the first visualization type, let's look at the Metric visualization, which simply presents a numeric value.

Sometimes we might want to change how numbers are formatted. Learn how to change how a field's value is displayed — not just numeric fields.

Let's look at a slightly more interesting visualization type, namely the Vertical Bar visualization. Learn how this visualization type can be used to display values over time, for instance.

Although conceptually similar to the Vertical Bar visualization, let's look at how to create an Area chart. While doing so, we will look at a different example, being to show multiple values within the visualization.

Similar to both the Vertical Bar and Area visualizations, let's look at the Line visualization. Since this visualization type is not much different, let's use a different example, being to automatically render multiple line charts.

Since the Vertical Bar, Area, and Line visualizations are so similar, we can actually switch between them with a visualization option.

Let's now take a look at a significantly different visualization type, being pie charts. While doing so, you will see a number of different examples, such as showing the sales channels.

In this lecture, you will see how KQL can be used to split data into multiple series. In particular, an Area visualization with multiple series, where each matches a KQL query.

In this lecture, we will take a look at how to work with numeric ranges. As it turns out, Kibana has a convenient interface for doing so.

Sometimes we might not be able to define ranges ahead of time. By using histograms, we can have Elasticsearch automatically generate ranges for us based on how we configure things within Kibana. That's what we will look at in this lecture.

The appearance of visualizations can be customized in many ways. We will take a look at some of the basics in this lecture.

Another way of presenting data within Kibana is within data tables. Data tables themselves are quite simple, so you will also learn a couple of more things in this lecture, including a metric named "Top hit."

Time for a super cool and useful visualization; heat maps. With heat maps, we can visualize magnitude between two values. In this lecture, we will visualize the number of HTTP requests for the most popular pages during the day.

Time to look at tag clouds, which you might have seen before. A tag cloud is essentially a number of terms with their sizes representing their significance. In our case, we will show the most popular cities from which our HTTP requests come from.

The Goal and Gauge visualizations are very similar. For instance, the former can be used to visualize how close we are to reaching a given sales goal, while the latter can show the CPU usage of a server. After completing this lecture, you will be proficient with both of these visualization types.

Visualizations can actually be linked to saved searches, which is a great way of reusing searches. In this lecture you will learn how to do this, as well as how to manage the link between the two — and also a few gotchas.

Instead of linking visualizations to saved searches, we can also apply saved queries to them. You will see how to do just that in this lecture.

Before creating our first dashboards, let's take a short moment to talk about what dashboards are all about and what we can do with them.

Time to create our first dashboard. Specifically, one for the orders dataset. Along the way, you will learn the basics of dashboards and how to place visualizations on them.

Now that our dashboards contains a couple of visualizations, let's look at how we can edit them. As it turns out, there are a couple of gotchas that might catch you by surprise.

As with the Discover app, we can also filter documents on dashboards, which you will learn how to do in this lecture.

Earlier in the course you saw how to inspect which requests Kibana sends to Elasticsearch. This can also. be done for dashboard panels, which I will show you how to do.

Before proceeding, we need to add another dashboard. Specifically, one for the HTTP access logs dataset.

Within dashboards, we can actually interact with our data in a number of ways — besides just filtering the data. This lecture shows you how to interact with a number of different visualizations.

Another way of interacting with dashboards is with something called drilldowns. Learn how to use drilldowns to navigate between dashboards while retaining context.

A quick introduction to this section, and why we even need users, roles, and spaces in the first place.

If you are using a local deployment of Elasticsearch and Kibana, you need to do a bit of configuration before we can make use of certain features covered in this section.

Let's take a look at what spaces are and how they can be used to configure Kibana feature visibility.

Kibana objects are stored within spaces, so let's see how we can copy objects between spaces.

Using Kibana with just a single user is not recommended, so let's see how to create and manage users.

Let's talk about roles and what we can do with them. We will start out simple and use preconfigured roles before creating our own ones in the next lecture.

Now that we have made use of preconfigured roles, let's see how we can create our own ones.

Spaces configure feature visibility. Roles configure feature privileges from a security perspective. But what happens if we combine the two? Which features will then be available to users? That's what we will cover in this lecture.

What happens if a user contains multiple roles and the roles define privileges to the same Kibana features? Which role takes precedence? That's what we will look at in this lecture — how role privileges are merged together.

That's the end of this section. Let's take a short moment to recap on what we covered.