Create a Pie Chart in Kibana
{
"_index": "filebeat-6.5.2-2018.12.13",
"_type": "doc",
"_id": "-Z9Ap2cBI_XuAVP8QgYj",
"_version": 1,
"_score": null,
"_source": {
"offset": 2508,
"apache2": {
"access": {
"referrer": "http://localhost/test/admin.php?username=root&db=mysite",
"response_code": "200",
"remote_ip": "127.0.0.1",
"method": "GET",
"user_name": "-",
"http_version": "1.1",
"body_sent": {
"bytes": "4180"
},
"url": "/test/admin.php?username=root&db=mysite&script=db",
"user_agent": {
"original": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0",
"major": "63",
"minor": "0",
"os": "Ubuntu",
"name": "Firefox",
"os_name": "Ubuntu",
"device": "Other"
}
}
},
"prospector": {
"type": "log"
},
"read_timestamp": "2018-12-13T10:56:32.756Z",
"source": "/var/log/apache2/access.log",
"fileset": {
"module": "apache2",
"name": "access"
},
"input": {
"type": "log"
},
"@timestamp": "2018-12-13T08:03:29.000Z",
"beat": {
"hostname": "DLILPTP0305",
"name": "DLILPTP0305",
"version": "6.5.2"
},
"host": {
"name": "DLILPTP0305"
}
},
"fields": {
"@timestamp": [
"2018-12-13T08:03:29.000Z"
]
},
"highlight": {
"apache2.access.method": [
"@kibana-highlighted-field@GET@/kibana-highlighted-field@"
]
},
"sort": [
1544688209000
]
}The above document of the filebeat index is showing the metrics of Apache log data. So I will use the fields from this document in order to create the pie chart. We need to do the following for creating the chart:
- Click on Visualize link from the left menu. This will open the save visualization link.
- Click on the plus icon the create a new visualization.
- From Select visualization type screen, click on the pie chart box. This will open a screen to select the index or saved search object.
- Click on Filebeat if you have a Filebeat index or choose your own index pattern.
- Select count under the "Metrics" option.
- Under Buckets option, select terms for aggregation and select the response_code field of Apache under field option.
- Add the custom label as per the field name.
- Now click on the "Add sub-buckets" button to add more fields to aggregate.
- Add HTTP method and total bytes sent field for aggregation.
- After adding all these fields click on the "Apply Changes" button icon on the configuration panel.
This will load the visualization as shown in the below screen-shot.
We can click on any section of the visualization to drill-down into the chart and in this way we can get the desired set of data using the visualization. For example, if we want to see only POST requests with response code 302, we can directly click on these sections to filter out the chart.
If you found this article interesting, then you can explore “Mastering Kibana 6.0”, “Kibana 7 Quick Start Guide”, “Learning Kibana 7”, and “Elasticsearch 7 Quick Start Guide”
books to get more insight about Elastic Stack, how to perform data
analysis, and how you can create dashboards for key performance
indicators using Kibana.
Comments (0)
Leave a comment
Related Blogs
Introduction to Kibana
Aug 1, 2020, 6:19:45 PM | Anurag Srivastava
Bucket Aggregation in Elasticsearch
Aug 29, 2018, 7:15:06 PM | Anurag Srivastava
Metrics Aggregations in Elasticsearch
Aug 18, 2018, 6:02:20 PM | Anurag Srivastava
Introduction to Elasticsearch Aggregations
Aug 14, 2018, 4:47:56 PM | Anurag Srivastava
Wildcard and Boolean Search in Elasticsearch
Aug 10, 2018, 7:14:40 PM | Anurag Srivastava
Basics of Data Search in Elasticsearch
Aug 4, 2018, 7:02:21 AM | Anurag Srivastava
Top Blogs
Wildcard and Boolean Search in Elasticsearch
Aug 10, 2018, 7:14:40 PM | Anurag Srivastava
Elasticsearch REST APIs
Jul 31, 2018, 6:16:42 PM | Anurag Srivastava
How to count number of words in a HTML string and find Read time in Python 3
Jun 30, 2018, 12:07:47 PM | jitender yadav
Create a Chess board in PHP
Mar 9, 2020, 8:45:41 AM | Rocky Paul
Bucket Aggregation in Elasticsearch
Aug 29, 2018, 7:15:06 PM | Anurag Srivastava
Metrics Aggregations in Elasticsearch
Aug 18, 2018, 6:02:20 PM | Anurag Srivastava