Metric / Visual Builder: how to configure the builder to aggregate the target data set

Elastic Stack Kibana
1

I am trying to create visualization using the Visual Builder introduced in Kibana 5.4. After I specify the target index, I have problems setting up the filter to get my target data. Does the panel filter under Panel Options follow the same query language/rule when query the data through discovery?

Is there a how-to guide about visual builder available? I really want to use this feature but I am stuck with the very basic stuff. Appreciate all helps. Thanks.

2

The best source of info is the documentation: https://www.elastic.co/guide/en/kibana/current/time-series-visual-builder.html

When you go a few sections deep into the documentation, you can see that filters are configured in the "Group By" controls: https://www.elastic.co/guide/en/kibana/current/_interface_overview.html#_group_by_controls

You can filter all your data by a single filter (choose "Filter" under "Group By") or multiple (choose "Filters"). You use the same Lucene expression syntax for these filters as you can anywhere else in Kibana. Here's a simple example of multiple filters on some Metricbeat data:

image.png1992×1634 202 KB

The filter control under "Panel Options" is for configuring the entire panel, which could be multiple visualization, instead of just a data series. See https://www.elastic.co/guide/en/kibana/current/_interface_overview.html#_panel_options_tab

Here's an example of using a filter from Panel Options on the Metricbeat data:

image.png2516×1392 331 KB

Another good source of information for getting started with the Time Series Visual Builder is the blog article: https://www.elastic.co/blog/master-time-with-kibanas-new-time-series-visual-builder . There's a demo video there from the creator of the feature.

3

Thanks. I am reading the documentation. I might come back if there are any further questions.

4

Hello Tim,

Thanks for the documentation. I tried, and it didn't work for me. :frowning:

I just updated to Kibana 5.5 yesterday. What I tried to display is the value from a field called udppm_cpu under the following conditions:

Panel options:

  1. Index name: systest_db-
  2. Time field: @ timestamp (to display the latest value based on when the data is ingested into Elasticsearch.)
  3. Panel filter: apl_name:"mercury" (the udppm_cpu usage of the appliance called Mercury.)

Under Data:
4. Labeled the field as udppm cpu (the label didn't even come up in the display)
5. Metrics/Aggregation: Max (I tried every one of the aggregation, none of them worked)
6. Metrics/Field: udppm_cpu
7. Metrics/Group by Terms; by udppm_cpu; Top: 1; order by max of udppm_cpu.

I can see the visualizations available in the visual builder can really help us create a kick ass dashboard. I just couldn't get it work. I appreciate if you can help me figure out what I did wrong here. Thanks a lot.

Regards,
Nars

5

I recommend going one step at a time.

  • Do you see anything if you don't enter a panel filter? If not, then something could be wrong with your index name or time field.
  • Do you see anything if you start with a Time Series chart? Looking there first may help to make sure the data you expect to see is coming up correctly in the query.
1 Like
6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.