Visualizations

Visualizations transform raw data into charts, graphs, and other visual representations that make patterns and insights immediately apparent.

Creating Your First Visualization

Option 1: From Discover

1. In Discover, set up your search with filters
2. Click "Visualize" button in top-right
3. Choose a visualization type
4. Configure and save

Option 2: From Visualize Library

1. Go to Visualize Library in navigation
2. Click "Create visualization"
3. Choose between:
   • Lens (recommended - drag and drop)
   • Aggregation-based (traditional, more control)
   • TSVB (Time Series Visual Builder)
   • Vega/Vega-Lite (custom, code-based)

Visualization Types

1. Area Chart

Shows data over time with filled area under the line.

Best for:

• Trends over time
• Cumulative metrics
• Stacked categories

Example: Total revenue over time by category

Y-axis: Sum of taxful_total_price
X-axis: order_date (date histogram)
Break down by: category.keyword

2. Line Chart

Displays one or more lines showing trends.

Best for:

• Time series data
• Comparing multiple metrics
• Identifying trends and patterns

Example: Orders per day

Y-axis: Count (document count)
X-axis: order_date (daily interval)

3. Bar Chart

Vertical or horizontal bars comparing categories.

Best for:

• Comparing categories
• Top N analysis
• Distribution across groups

Example: Top 10 selling products

Y-axis: Count
X-axis: products.product_name.keyword (Top 10)
Sort: Descending by count

4. Pie Chart

Shows proportions as slices of a circle.

Best for:

• Part-to-whole relationships
• Category distribution
• Simple percentage breakdowns

Example: Sales by category

Slice by: category.keyword
Size by: Sum of taxful_total_price

Note: Pie charts work best with 5-7 categories max.

5. Metric

Displays a single large number.

Best for:

• KPIs (Key Performance Indicators)
• Summary statistics
• Dashboard highlights

Example: Total revenue

Metric: Sum
Field: taxful_total_price
Format: Currency

6. Data Table

Tabular display of aggregated data.

Best for:

• Detailed breakdowns
• Export-ready data
• Multiple metrics side-by-side

Example: Revenue by category

Rows: category.keyword
Metrics:
- Count
- Sum of taxful_total_price
- Average of taxful_total_price

7. Tag Cloud

Words sized by frequency or value.

Best for:

• Text analysis
• Category emphasis
• Quick scanning of terms

Example: Popular product names

Tags: products.product_name.keyword
Size: Count (or sum of metric)

8. Heat Map

Grid showing intensity with color.

Best for:

• Correlation between two dimensions
• Pattern identification
• Time-based patterns (hour of day × day of week)

Example: Orders by hour and day of week

Y-axis: hour_of_day
X-axis: day_of_week
Cell intensity: Count

9. Gauge

Semi-circular gauge showing a metric within a range.

Best for:

• Goals and targets
• Capacity indicators
• Status at-a-glance

Example: Today's revenue vs. target

Metric: Sum of taxful_total_price
Ranges:
- 0-5000: Red (Below target)
- 5000-8000: Yellow (Near target)
- 8000+: Green (Target met)

10. Goal

Progress toward a numeric goal.

Best for:

• Target tracking
• Percentage completion
• Simple progress indicators

Example: Monthly order goal

Metric: Count
Goal: 1000 orders

11. Markdown

Text and formatting using Markdown syntax.

Best for:

• Dashboard titles and descriptions
• Instructions and documentation
• Formatted text content

Example:

# Sales Dashboard

**Updated**: {{date}}

This dashboard shows real-time sales metrics.

[View Full Report](https://example.com/report)

Creating a Visualization with Lens

Lens is the easiest way to create visualizations in Kibana 8.x.

Step-by-Step: Revenue Over Time

1. Navigate to Lens

   • Go to Visualize Library → Create visualization
   • Or from Dashboard, click "Create visualization"

2. Select Data View

   • Choose kibana_sample_data_ecommerce

3. Drag and Drop Fields

   • Drag order_date to the X-axis (horizontal)
   • Drag taxful_total_price to the Y-axis (vertical)

4. Configure

   • Lens automatically chooses appropriate visualization (line chart)
   • Y-axis automatically uses "Sum" aggregation
   • X-axis automatically creates date histogram

5. Customize

   • Change Y-axis label: "Total Revenue"
   • Format numbers: Currency
   • Adjust time interval if needed

6. Save

   • Click "Save"
   • Name: "Revenue Over Time"
   • Add to dashboard (optional)

Step-by-Step: Top Products Bar Chart

1. Start in Lens

   • Create new visualization

2. Drag Fields

   • Drag products.product_name.keyword to horizontal axis
   • Drag any field to vertical axis for count

3. Configure Top Values

   • Click on the horizontal axis
   • Change to "Top values"
   • Number of values: 10
   • Order by: Descending

4. Change to Bar Chart

   • Click visualization type (top toolbar)
   • Select "Bar horizontal"

5. Customize

   • Add axis labels
   • Change colors if desired
   • Add data labels (show values on bars)

6. Save

Aggregations Explained

Visualizations use aggregations to summarize data.

Metric Aggregations

Calculate a single value from documents:

Bucket Aggregations

Group documents into buckets:

Example: Multi-Level Aggregation

Revenue by category, broken down by manufacturer:

Bucket 1: Terms aggregation on category.keyword
  └── Bucket 2: Terms aggregation on manufacturer.keyword
       └── Metric: Sum of taxful_total_price

Result structure:

Men's Clothing ($45,000)
├── Nike ($15,000)
├── Adidas ($12,000)
└── Puma ($18,000)

Women's Clothing ($38,000)
├── Nike ($20,000)
└── Adidas ($18,000)

Advanced Visualization Features

1. Filters and Queries

Add filters to individual visualizations:

Use case: Show only high-value orders

1. In visualization editor
2. Click "Add filter"
3. taxful_total_price > 100
4. Filter applies only to this visualization

2. Split Series/Groups

Break down data by additional dimensions:

Example: Revenue over time by category

X-axis: order_date (date histogram)
Y-axis: Sum of taxful_total_price
Split series: category.keyword

Result: Multiple lines, one per category

3. Panel Settings

Configure how visualization appears:

• Title: Custom title
• Description: Tooltip text
• Time range: Override dashboard time
• Refresh interval: Auto-refresh data

4. Color Mapping

Control colors for consistency:

1. In visualization editor
2. Click color swatch next to legend item
3. Choose custom color
4. Colors persist across dashboards

5. Data Labels

Show values directly on charts:

Bar charts: Values at end of bars Line charts: Points on line Pie charts: Percentages on slices

Enable in visualization options → "Show values"

6. Axis Configuration

Fine-tune axis appearance:

Y-axis options:

• Scale type: Linear, logarithmic, square root
• Start from zero (or min value)
• Custom bounds (min/max)
• Label rotation

X-axis options:

• Label truncation
• Interval (for histograms)
• Custom date format

Using TSVB (Time Series Visual Builder)

TSVB is powerful for advanced time series visualizations.

When to Use TSVB

• Multiple indices with different time fields
• Complex math between series
• Advanced annotations
• Threshold lines and reference lines

Creating a TSVB Visualization

1. Create Visualization → TSVB

2. Choose Panel Type:

   • Time Series (line/area chart)
   • Metric (big number)
   • Top N (bar chart)
   • Gauge
   • Markdown
   • Table

3. Configure Series

   Data:
   - Aggregation: Sum
   - Field: taxful_total_price
   - Group by: Terms on category.keyword
   
   Options:
   - Chart type: Line/Area/Bar
   - Stacked: Yes/No
   - Fill: 0.5
   - Line width: 2
   

4. Add Annotations (optional)

   • Mark important events
   • Show deployments, incidents, etc.

5. Panel Options

   • Legend position
   • Axis labels
   • Background color

TSVB Math

Combine series with math:

Example: Calculate profit margin

Series 1 (Revenue): Sum of taxful_total_price
Series 2 (Cost): Sum of taxless_total_price
Series 3 (Profit): params.revenue - params.cost
Series 4 (Margin): (params.profit / params.revenue) * 100

Visualization Best Practices

1. Choose the Right Chart Type

2. Keep It Simple

✅ Single metric per visualization
✅ 5-7 categories max in pie charts
✅ Clear, descriptive titles
✅ Consistent color scheme

❌ Too many series (cluttered)
❌ 3D effects (harder to read)
❌ Unnecessary decorations
❌ Confusing axis scales

3. Use Appropriate Aggregations

✅ Count for frequency
✅ Sum for totals
✅ Average for typical values
✅ Percentiles for distribution
✅ Unique count for cardinality

❌ Average of counts (usually meaningless)
❌ Sum of percentages (incorrect)

4. Label Clearly

✅ "Total Revenue ($)" - clear unit
✅ "Orders Per Day" - clear metric
✅ "Top 10 Products by Sales" - clear scope

❌ "taxful_total_price" - technical field name
❌ "Count" - count of what?
❌ "Data" - too vague

5. Consider Color Accessibility

• Use colorblind-friendly palettes
• Don't rely solely on color to convey information
• Provide patterns or labels as well
• Test with different themes (light/dark mode)

6. Performance Optimization

✅ Limit data points (top 10, not top 1000)
✅ Use keyword fields for terms aggregation
✅ Sample large datasets if appropriate
✅ Cache unchanged visualizations

❌ Querying millions of unique terms
❌ Using text fields for aggregation
❌ Real-time updates on static data

Practical Examples

Example 1: Sales Dashboard KPIs

Four metric visualizations:

1. Total Revenue
   - Metric: Sum of taxful_total_price
   - Format: $0,0.00

2. Total Orders
   - Metric: Count
   - Format: 0,0

3. Average Order Value
   - Metric: Average of taxful_total_price
   - Format: $0,0.00

4. Unique Customers
   - Metric: Unique count of customer_id
   - Format: 0,0

Example 2: Product Performance

Horizontal bar chart:

Setup:
- Y-axis: products.product_name.keyword (top 10)
- X-axis: Sum of taxful_total_price
- Sort: Descending by sum
- Colors: By category

Insights: Shows top-selling products by revenue

Example 3: Hourly Traffic Pattern

Heat map:

Setup:
- Y-axis: Hour of day (0-23)
- X-axis: Day of week (Mon-Sun)
- Cell value: Count of orders
- Colors: Green (low) to Red (high)

Insights: Identifies peak shopping times

Example 4: Geographic Sales

Coordinate map (covered more in later chapters):

Setup:
- Use geoip.location field
- Size: Sum of taxful_total_price
- Color: Average order value

Insights: Shows where sales are coming from

Saving and Managing Visualizations

Saving

1. Click "Save" in top menu
2. Provide name: "Revenue by Category"
3. Optional description
4. Choose:
   • Save to library: Reusable across dashboards
   • Save to dashboard: Embedded in specific dashboard

Editing

To edit an existing visualization:

1. Go to Visualize Library
2. Find your visualization
3. Click to open
4. Click "Edit" (top-right)
5. Make changes
6. Click "Save"

Note: Editing a library visualization affects all dashboards using it.

Cloning

Create a copy before making major changes:

1. Open visualization
2. Click "Save as"
3. Give new name: "Revenue by Category (v2)"
4. Edit the copy safely

Deleting

1. Go to Visualize Library
2. Click "..." next to visualization
3. Click "Delete"
4. Confirm

Warning: Deleting removes visualization from all dashboards!

Troubleshooting Common Issues

"No results found"

Causes:

• No data in selected time range
• Filters exclude all data
• Index pattern has no data

Solutions:

• Expand time range
• Remove filters
• Check data in Discover first

"Field is not aggregatable"

Cause: Trying to aggregate a text field

Solution: Use the .keyword version:

❌ category (text field)
✅ category.keyword (keyword field)

Visualization won't update

Solutions:

• Click refresh button
• Check auto-refresh is enabled
• Verify data is recent enough for time range
• Check Elasticsearch cluster health

Wrong aggregation results

Common mistakes:

❌ Sum of count (double counting)
❌ Average of sums (mathematically incorrect)
✅ Sum at the right level
✅ Average of source field values

Summary

In this chapter, you learned:

• ✅ Different visualization types and their use cases
• ✅ Creating visualizations with Lens (drag-and-drop)
• ✅ Understanding aggregations (metrics and buckets)
• ✅ Advanced features like split series and filters
• ✅ Using TSVB for complex time series
• ✅ Best practices for effective visualizations
• ✅ Saving, managing, and troubleshooting visualizations

Next: Combining visualizations into powerful dashboards!