Visualizations

Visualizations transform raw data into charts, graphs, and other visual representations that make patterns and insights immediately apparent.

Creating Your First Visualization

Option 1: From Discover

1. In Discover, set up your search with filters
2. Click "Visualize" button in top-right
3. Choose a visualization type
4. Configure and save

Option 2: From Visualize Library

1. Go to Visualize Library in navigation
2. Click "Create visualization"
3. Choose between:

• Lens (recommended - drag and drop)
• Aggregation-based (traditional, more control)
• TSVB (Time Series Visual Builder)
• Vega/Vega-Lite (custom, code-based)

Visualization Types

1. Area Chart

Shows data over time with filled area under the line.

Best for:

• Trends over time
• Cumulative metrics
• Stacked categories

Example: Total revenue over time by category

Y-axis: Sum of taxful_total_price
X-axis: order_date (date histogram)
Break down by: category.keyword

2. Line Chart

Displays one or more lines showing trends.

Best for:

• Time series data
• Comparing multiple metrics
• Identifying trends and patterns

Example: Orders per day

Y-axis: Count (document count)
X-axis: order_date (daily interval)

3. Bar Chart

Vertical or horizontal bars comparing categories.

Best for:

• Comparing categories
• Top N analysis
• Distribution across groups

Example: Top 10 selling products

Y-axis: Count
X-axis: products.product_name.keyword (Top 10)
Sort: Descending by count

4. Pie Chart

Shows proportions as slices of a circle.

Best for:

• Part-to-whole relationships
• Category distribution
• Simple percentage breakdowns

Example: Sales by category

Slice by: category.keyword
Size by: Sum of taxful_total_price

Note: Pie charts work best with 5-7 categories max.

5. Metric

Displays a single large number.

Best for:

• KPIs (Key Performance Indicators)
• Summary statistics
• Dashboard highlights

Example: Total revenue

Metric: Sum
Field: taxful_total_price
Format: Currency

6. Data Table

Tabular display of aggregated data.

Best for:

• Detailed breakdowns
• Export-ready data
• Multiple metrics side-by-side

Example: Revenue by category

Rows: category.keyword
Metrics:
- Count
- Sum of taxful_total_price
- Average of taxful_total_price

7. Tag Cloud

Words sized by frequency or value.

Best for:

• Text analysis
• Category emphasis
• Quick scanning of terms

Example: Popular product names

Tags: products.product_name.keyword
Size: Count (or sum of metric)

8. Heat Map

Grid showing intensity with color.

Best for:

• Correlation between two dimensions
• Pattern identification
• Time-based patterns (hour of day day of week)

Example: Orders by hour and day of week

Y-axis: hour_of_day
X-axis: day_of_week
Cell intensity: Count

9. Gauge

Semi-circular gauge showing a metric within a range.

Best for:

• Goals and targets
• Capacity indicators
• Status at-a-glance

Example: Today's revenue vs. target

Metric: Sum of taxful_total_price
Ranges:
- 0-5000: Red (Below target)
- 5000-8000: Yellow (Near target)
- 8000+: Green (Target met)

10. Goal

Progress toward a numeric goal.

Best for:

• Target tracking
• Percentage completion
• Simple progress indicators

Example: Monthly order goal

Metric: Count
Goal: 1000 orders

11. Markdown

Text and formatting using Markdown syntax.

Best for:

• Dashboard titles and descriptions
• Instructions and documentation
• Formatted text content

Example:

# Sales Dashboard

**Updated**: {{date}}

This dashboard shows real-time sales metrics.

[View Full Report](https://example.com/report)

Creating a Visualization with Lens

Lens is the easiest way to create visualizations in Kibana 8.x.

Step-by-Step: Revenue Over Time

1. Navigate to Lens

• Go to Visualize Library → Create visualization
• Or from Dashboard, click "Create visualization"

2. Select Data View

• Choose kibana_sample_data_ecommerce

3. Drag and Drop Fields

• Drag order_date to the X-axis (horizontal)
• Drag taxful_total_price to the Y-axis (vertical)

4. Configure

• Lens automatically chooses appropriate visualization (line chart)
• Y-axis automatically uses "Sum" aggregation
• X-axis automatically creates date histogram

5. Customize

• Change Y-axis label: "Total Revenue"
• Format numbers: Currency
• Adjust time interval if needed

6. Save

• Click "Save"
• Name: "Revenue Over Time"
• Add to dashboard (optional)

Step-by-Step: Top Products Bar Chart

1. Start in Lens

• Create new visualization

2. Drag Fields

• Drag products.product_name.keyword to horizontal axis
• Drag any field to vertical axis for count

3. Configure Top Values

• Click on the horizontal axis
• Change to "Top values"
• Number of values: 10
• Order by: Descending

4. Change to Bar Chart

• Click visualization type (top toolbar)
• Select "Bar horizontal"

5. Customize

• Add axis labels
• Change colors if desired
• Add data labels (show values on bars)

6. Save

Aggregations Explained

Visualizations use aggregations to summarize data.

Metric Aggregations

Calculate a single value from documents:

Bucket Aggregations

Group documents into buckets:

Example: Multi-Level Aggregation

Revenue by category, broken down by manufacturer:

Bucket 1: Terms aggregation on category.keyword
 └── Bucket 2: Terms aggregation on manufacturer.keyword
 └── Metric: Sum of taxful_total_price

Result structure:

Men's Clothing ($45,000)
├── Nike ($15,000)
├── Adidas ($12,000)
└── Puma ($18,000)

Women's Clothing ($38,000)
├── Nike ($20,000)
└── Adidas ($18,000)

Advanced Visualization Features

1. Filters and Queries

Add filters to individual visualizations:

Use case: Show only high-value orders

1. In visualization editor
2. Click "Add filter"
3. taxful_total_price > 100
4. Filter applies only to this visualization

2. Split Series/Groups

Break down data by additional dimensions:

Example: Revenue over time by category

X-axis: order_date (date histogram)
Y-axis: Sum of taxful_total_price
Split series: category.keyword

Result: Multiple lines, one per category

3. Panel Settings

Configure how visualization appears:

• Title: Custom title
• Description: Tooltip text
• Time range: Override dashboard time
• Refresh interval: Auto-refresh data

4. Color Mapping

Control colors for consistency:

1. In visualization editor
2. Click color swatch next to legend item
3. Choose custom color
4. Colors persist across dashboards

5. Data Labels

Show values directly on charts:

Bar charts: Values at end of bars Line charts: Points on line Pie charts: Percentages on slices

Enable in visualization options → "Show values"

6. Axis Configuration

Fine-tune axis appearance:

Y-axis options:

• Scale type: Linear, logarithmic, square root
• Start from zero (or min value)
• Custom bounds (min/max)
• Label rotation

X-axis options:

• Label truncation
• Interval (for histograms)
• Custom date format

Using TSVB (Time Series Visual Builder)

TSVB handles time series cases that regular charts cannot.

When to Use TSVB

• Multiple indices with different time fields
• Complex math between series
• Advanced annotations
• Threshold lines and reference lines

Creating a TSVB Visualization

1. Create Visualization → TSVB

2. Choose Panel Type:

• Time Series (line/area chart)
• Metric (big number)
• Top N (bar chart)
• Gauge
• Markdown
• Table

3. Configure Series

Data:
- Aggregation: Sum
- Field: taxful_total_price
- Group by: Terms on category.keyword

Options:
- Chart type: Line/Area/Bar
- Stacked: Yes/No
- Fill: 0.5
- Line width: 2

4. Add Annotations (optional)

• Mark important events
• Show deployments, incidents, etc.

5. Panel Options

• Legend position
• Axis labels
• Background color

TSVB Math

Combine series with math:

Example: Calculate profit margin

Series 1 (Revenue): Sum of taxful_total_price
Series 2 (Cost): Sum of taxless_total_price
Series 3 (Profit): params.revenue - params.cost
Series 4 (Margin): (params.profit / params.revenue) * 100

Visualization Best Practices

1. Choose the Right Chart Type

2. Keep It Simple

 Single metric per visualization
 5-7 categories max in pie charts
 Clear, descriptive titles
 Consistent color scheme

 Too many series (cluttered)
 3D effects (harder to read)
 Unnecessary decorations
 Confusing axis scales

3. Use Appropriate Aggregations

 Count for frequency
 Sum for totals
 Average for typical values
 Percentiles for distribution
 Unique count for cardinality

 Average of counts (usually meaningless)
 Sum of percentages (incorrect)

4. Label Clearly

 "Total Revenue ($)" - clear unit
 "Orders Per Day" - clear metric
 "Top 10 Products by Sales" - clear scope

 "taxful_total_price" - technical field name
 "Count" - count of what?
 "Data" - too vague

5. Consider Color Accessibility

• Use colorblind-friendly palettes
• Don't rely solely on color to convey information
• Provide patterns or labels as well
• Test with different themes (light/dark mode)

6. Performance Optimization

 Limit data points (top 10, not top 1000)
 Use keyword fields for terms aggregation
 Sample large datasets if appropriate
 Cache unchanged visualizations

 Querying millions of unique terms
 Using text fields for aggregation
 Real-time updates on static data

Practical Examples

Example 1: Sales Dashboard KPIs

Four metric visualizations:

1. Total Revenue
 - Metric: Sum of taxful_total_price
 - Format: $0,0.00

2. Total Orders
 - Metric: Count
 - Format: 0,0

3. Average Order Value
 - Metric: Average of taxful_total_price
 - Format: $0,0.00

4. Unique Customers
 - Metric: Unique count of customer_id
 - Format: 0,0

Example 2: Product Performance

Horizontal bar chart:

Setup:
- Y-axis: products.product_name.keyword (top 10)
- X-axis: Sum of taxful_total_price
- Sort: Descending by sum
- Colors: By category

Insights: Shows top-selling products by revenue

Example 3: Hourly Traffic Pattern

Heat map:

Setup:
- Y-axis: Hour of day (0-23)
- X-axis: Day of week (Mon-Sun)
- Cell value: Count of orders
- Colors: Green (low) to Red (high)

Insights: Identifies peak shopping times

Example 4: Geographic Sales

Coordinate map (covered more in later chapters):

Setup:
- Use geoip.location field
- Size: Sum of taxful_total_price
- Color: Average order value

Insights: Shows where sales are coming from

Saving and Managing Visualizations

Saving

1. Click "Save" in top menu
2. Provide name: "Revenue by Category"
3. Optional description
4. Choose:

• Save to library: Reusable across dashboards
• Save to dashboard: Embedded in specific dashboard

Editing

To edit an existing visualization:

1. Go to Visualize Library
2. Find your visualization
3. Click to open
4. Click "Edit" (top-right)
5. Make changes
6. Click "Save"

Note: Editing a library visualization affects all dashboards using it.

Cloning

Create a copy before making major changes:

1. Open visualization
2. Click "Save as"
3. Give new name: "Revenue by Category (v2)"
4. Edit the copy safely

Deleting

1. Go to Visualize Library
2. Click "..." next to visualization
3. Click "Delete"
4. Confirm

Warning: Deleting removes the visualization from every dashboard that used it.

Troubleshooting Common Issues

"No results found"

Causes:

• No data in selected time range
• Filters exclude all data
• Index pattern has no data

Solutions:

• Expand time range
• Remove filters
• Check data in Discover first

"Field is not aggregatable"

Cause: Trying to aggregate a text field

Solution: Use the .keyword version:

 category (text field)
 category.keyword (keyword field)

Visualization won't update

Solutions:

• Click refresh button
• Check auto-refresh is enabled
• Verify data is recent enough for time range
• Check Elasticsearch cluster health

Wrong aggregation results

Common mistakes:

 Sum of count (double counting)
 Average of sums (mathematically incorrect)
 Sum at the right level
 Average of source field values

Next Steps

Continue to 05-dashboards.md for combining visualizations into dashboards.