Visualizing data with Kibana

Kibana is a tool that is part of the ELK stack and lets you visualize data in real time. This guide will show how to make a graph report displaying the most commonly used Now Assistant cards in the last 30 days using the data coming from Now Assistant. Let's begin!

Creating a visualization

In order to create a visualization, we shall navigate to the "Visualize" tab inside of Kibana and click on "Create a visualization":

Create a visualization button

In the next window select the type of visualization you want to use. Kibana provides a variety of chart types ranging from Heat Maps to Pie charts. It is important to consider which visualization structure will be most suitable to represent your data in advance. Line and bar charts are generally a good choice for time-bound data, therefore we'll use a line chart for this guide.

Next you should select which Elasticsearch index the data for our visualizations will be coming from. We have only one index named "logstash-*" present for this guide, therefore we're going to select it:

Select your elasticsearch index from the list

Imagine that you'd like to know which Now Assistant cards were the most commonly used in your company, or maybe how a new card was adopted in comparison to other cards in the last 30 days. You could gather this intelligence by analysing the activity data that comes into Kibana from Now Assistant.

Every time Now Assistant cards are displayed on the page a cardaction event is sent, which contains the data about the card such as its title and id. We could count the number of occurrences of each card over a period of time and project them as lines on a graph.

If we look at Kibana we can see that our Y axis is already set to show the count of whatever parameter we set:

Y axis already set to show the count

To get insights from our graph it would be a good idea to split the data into reasonable time periods. For example, we might want to see how many times each card has been viewed per day over a period of 30 days.

We can achieve that by adding a X-Axis bucket and setting its aggregation to 'Date Histogram' at a daily interval:

Set X axis to represent a daily interval

Now let's change the time range of the graph to show data from the last 30 days:

Setting a time range of 30 days

We've set the time and count - 2 out of 3 things that we want to visualize. Now it's time to add the third piece of information - our card names. First we need to click 'Add sub-buckets':

Add sub-buckets

And then add a 'Split Series' sub-bucket. For sub aggregation we're going to set 'Terms', which will allow us to use Now Assistant fields in the graph. Then, we're going to select card_title field since we want to know the names of the most popular cards.

Finally, to only display the top 5 cards we're going to keep the display order as descending and size as 5. The final graph configuration looks like this:

Kibana Split series configuration

Now if we activate the graph it should display the 5 most displayed cards over the last 30 days:

Final graph result

Importing visualizations

To save you time we have created visualizations that you can import straight into Kibana. Bellow you will find links to visualization files that you can import to Kibana:

Using the top left navigation menu in Kibana navigate to Management → Saved Objects and click on 'Import':

Click on import

Select the downloaded visualization file and click 'OK'. You should now be able to view the imported visualization in the 'Visualize' section of Kibana.

Last updated: Sun 08 Oct, 2017