Kibana Visualizations (Part 2)

This is the second part of a two part tutorial featuring Elasticsearch and Kibana. The first part describes how to setup Elasticsearch on AWS, which can be found here. Now that Elasticsearch is set up, you are now able to explore Kibana, a tool built on top of Elasticsearch that allows you to create elaborate dashboards and play with your datasets.

Elasticsearch requires specific API calls in order to query your data. Kibana is an Elasticsearch plugin written in Node.js, Angular and D3, which helps abstract Elasticsearch through visualizations instead of manually building out queries and creating graphs.

Lets begin.

Go to your Kibana dashboard (located at {{server-ip-address}}/_plugin/kibana4-static/public/#/settings/indices/?_g=()), it will ask you what indices to use. Uncheck “Index contains time-based events” and enter Shakespeare as the index.

Configuing an index pattern

Pie Chart

Here we will find out which character has the most lines in the play “Romeo and Juliet”.

  1. Click on visualize in the tabs, select pie chart.

  2. Create a new search, and select split chart.

  3. Select ‘Terms’ as the aggregation, with the field set to ‘play_name’.

  4. Click ‘Add Sub Aggregation’. Select split slices.

  5. For the sub aggregation, select terms, and for the field select ‘speaker’.

Pie chart

Not quite what we want. It’s returning the five plays with the most lines. ‘Romeo and Juliet’ is nowhere in sight. What we want is the results for only ‘Romeo and Juliet’.

  1. Repeat the first two steps from the previous effort.

  2. In the top bar, type in play_name="ROMEO AND JULIET".

  3. Click ‘‘Terms’ for the aggregation. For the field, select ‘Speaker’.

  4. For order, select the top 15.

  5. Click apply.

Now we can see the characters with the most lines in “Romeo and Juliet”. The important part to note is the search bar, in this we can tell Kibana to filter the data to only data that has the play name of “Romeo and Juliet”. It is also possible to use the aggregation type "Filter" and for the query enter in play_name="ROMEO AND JULIET".

Vertical Bar Chart

Next up, lets search for the most common words shakespeare used in his plays.

  1. Create another visualization, but this time select vertical bar chart.

  2. Select x-axis for the bucket, and ‘Terms’ for the aggregation

  3. Choose ‘text_entry’ as the field and return the top 30 results.

Top words

Unfortunately, the most common words are the very much expected (though thou makes an appearance).

What we want is to limit the search to words that are longer than a few characters. Let’s say words between five and ten letters long.

  1. Click on advanced, and you’ll see the include pattern. Include pattern allows you to use Java’s Regex class to specify what should be in the string.

  2. Select case-insensitive. this will ignore cases.

  3. For the pattern use ([a-z]){5,10}. This says return any grouping of letters that are between five and ten characters long.

Top words between 5 and 10

Now we can see that the most common word between 5 and 10 Shakespeare used in his plays, is shall. He also uses blood, death, father, heart, and heaven quite frequently.

That’s a quick intro on using Kibana to display datasets. In addition to the graphs covered in this article, Kibana includes other visualizations such as area charts, data tables, line graphs and I think the most interesting the tile map. A tile map allows you to visualize data over a geographical area.

Hopefully this tutorial was able to introduce you to enough ideas to let you dive deeper into Elasticsearch and Kibana.

Dashboard example

comments powered by Disqus