From a915b98e94714912f168f3895126f2b688de4d0f Mon Sep 17 00:00:00 2001 From: KOTungseth Date: Wed, 4 Mar 2020 14:49:37 -0600 Subject: [PATCH 1/2] [DOCS] Moved rolled up index content --- docs/management/index-patterns.asciidoc | 12 ++- .../create_and_manage_rollups.asciidoc | 3 +- docs/user/visualize.asciidoc | 77 ++++++++++--------- 3 files changed, 50 insertions(+), 42 deletions(-) diff --git a/docs/management/index-patterns.asciidoc b/docs/management/index-patterns.asciidoc index d8073e4590c3c..f5444db30f656 100644 --- a/docs/management/index-patterns.asciidoc +++ b/docs/management/index-patterns.asciidoc @@ -52,9 +52,8 @@ If {kib} detects an index with a timestamp, you’re asked to choose a field to filter your data by time. If you don’t specify a field, you won’t be able to use the time filter. - - [float] +[[rollup-index-pattern]] ==== Rollup index pattern If a rollup index is detected in the cluster, clicking *Create index pattern* @@ -62,7 +61,14 @@ includes an item for creating a rollup index pattern. You can match an index pattern to only rolled up data, or mix both rolled up and raw data to explore and visualize all data together. An index pattern can match -only one rollup index. +only one rollup index. When matching multiple indices, +use a comma to separate the names, with no space after the comma. + +For specific fields, the data in a rollup index includes only summarized metrics. +From the original raw data, you are unable to search any other field. + +[role="screenshot"] +image::images/management_create_rollup_menu.png[Create index pattern menu] [float] [[management-cross-cluster-search]] diff --git a/docs/management/rollups/create_and_manage_rollups.asciidoc b/docs/management/rollups/create_and_manage_rollups.asciidoc index b07f075f88032..bfb48704cd5ff 100644 --- a/docs/management/rollups/create_and_manage_rollups.asciidoc +++ b/docs/management/rollups/create_and_manage_rollups.asciidoc @@ -138,8 +138,7 @@ is `rollup_logstash,kibana_sample_data_logs`. image::images/management_rollup_job_vis.png[][Visualization of rolled up data] You can then create a dashboard that contains visualizations of the rolled up -data, raw data, or both. See <> -for more information. +data, raw data, or both. For more information, refer to <>. [role="screenshot"] image::images/management_rollup_job_dashboard.png[][Dashboard with rolled up data] diff --git a/docs/user/visualize.asciidoc b/docs/user/visualize.asciidoc index a78b4604ed1e6..b2207da389039 100644 --- a/docs/user/visualize.asciidoc +++ b/docs/user/visualize.asciidoc @@ -7,74 +7,79 @@ _Visualize_ enables you to create visualizations of the data from your {es} indi {kib} visualizations are based on {es} queries. By using a series of {es} {ref}/search-aggregations.html[aggregations] to extract and process your data, you can create charts that show you the trends, spikes, and dips you need to know about. +To begin, open *Visualize*, then click *Create new visualization*. + [float] -[[create-a-visualization]] -== Create visualizations +[[visualization-types]] +== Types of visualizations + +To help you choose the best visualization for your data, {kib} supports many types of visualizations. -. Open *Visualize*. -. Click *Create new visualization*. -. Choose the visualization type: -+ -* Basic charts -[horizontal] <>:: Quickly build several types of basic visualizations by simply dragging and dropping the data fields you want to display. -* *<>* -[horizontal] -Line, area, and bar charts:: Compare different series in X/Y charts. +<>:: -Pie chart:: Display each source contribution to a total. +* *Line, area, and bar charts* — Compare different series in X/Y charts. -Data table:: Flattens aggregations into table format. +* *Pie chart* — Display each source contribution to a total. -Metric:: Display a single number. +* *Data table* — Flattens aggregations into table format. -Goal and gauge:: Display a number with progress indicators. +* *Metric* — Display a single number. -Tag cloud:: Display words in a cloud, where the size of the word corresponds to its importance. +* *Goal and gauge* — Display a number with progress indicators. + +* *Tag cloud* — Display words in a cloud, where the size of the word corresponds to its importance. -* *Time series optimized* -[horizontal] <>:: Visualize time series data using pipeline aggregations. <>:: Compute and combine data from multiple time series data sets. -* *Maps* -[horizontal] -<>:: The most powerful way of visualizing map data in {kib}. +<>:: +* *<>* — The most powerful way of visualizing map data in {kib}. + +* *Coordinate map* — Displays points on a map using a geohash aggregation. -<>:: Displays points on a map using a geohash aggregation. +* *Region map* — Merge any structured map data onto a shape. -<>:: Merge any structured map data onto a shape. +* *Heat map* — Display shaded cells within a matrix. -<>:: Display shaded cells within a matrix. +<>:: -* *<>* -[horizontal] -Controls:: Adds interactive inputs to a Dashboard. +* *Markdown widget* — Display free-form information or instructions. -Markdown widget:: Display free-form information or instructions. +* *Controls* — Add interactive inputs to a Dashboard. -* *For developers* -[horizontal] <>:: Complete control over query and display. -. Specify a search query to retrieve the data for your visualization: -** To enter new search criteria, select the <> for the indices that +[float] +[[choose-your-data]] +== Choose your data + +Specify a search query to retrieve the data for your visualization, or used rolled up data. + +* To enter new search criteria, select the <> for the indices that contain the data you want to visualize. The visualization builder opens with a wildcard query that matches all of the documents in the selected indices. -** To build a visualization from a saved search, click the name of the saved + +* To build a visualization from a saved search, click the name of the saved search you want to use. The visualization builder opens and loads the selected query. + NOTE: When you build a visualization from a saved search, any subsequent -modifications to the saved search are automatically reflected in the -visualization. To disable automatic updates, you can disconnect a visualization +modifications to the saved search are reflected in the +visualization. To disable automatic updates, disconnect the visualization from the saved search. +* Visualize <>. Data is summarized into +time buckets that can be split into sub buckets for numeric field values or +terms. To lower granularity, use a time aggregation that uses and combines +several time buckets. For example, if the rollup job is aggregated by hours, +bucket by days. + [float] [[vis-inspector]] == Inspect visualizations @@ -124,8 +129,6 @@ to view an embedded visualization. * Generate a PNG report. -- -include::{kib-repo-dir}/visualize/visualize_rollup_data.asciidoc[] - include::{kib-repo-dir}/visualize/aggregations.asciidoc[] include::{kib-repo-dir}/visualize/lens.asciidoc[] From 390fd7515307fffa5eebe510e57d41972693fb6a Mon Sep 17 00:00:00 2001 From: KOTungseth Date: Mon, 9 Mar 2020 12:27:34 -0500 Subject: [PATCH 2/2] Review comments --- docs/management/index-patterns.asciidoc | 3 -- .../create_and_manage_rollups.asciidoc | 1 + docs/user/visualize.asciidoc | 38 +++++++++---------- 3 files changed, 20 insertions(+), 22 deletions(-) diff --git a/docs/management/index-patterns.asciidoc b/docs/management/index-patterns.asciidoc index f5444db30f656..45f8bd13a5c54 100644 --- a/docs/management/index-patterns.asciidoc +++ b/docs/management/index-patterns.asciidoc @@ -67,9 +67,6 @@ use a comma to separate the names, with no space after the comma. For specific fields, the data in a rollup index includes only summarized metrics. From the original raw data, you are unable to search any other field. -[role="screenshot"] -image::images/management_create_rollup_menu.png[Create index pattern menu] - [float] [[management-cross-cluster-search]] ==== {ccs-cap} index pattern diff --git a/docs/management/rollups/create_and_manage_rollups.asciidoc b/docs/management/rollups/create_and_manage_rollups.asciidoc index bfb48704cd5ff..fcc8712ddfb77 100644 --- a/docs/management/rollups/create_and_manage_rollups.asciidoc +++ b/docs/management/rollups/create_and_manage_rollups.asciidoc @@ -56,6 +56,7 @@ job—reusing the same name can lead to problems with mismatched job configu You can read more at {ref}/rollup-job-config.html[rollup job configuration]. [float] +[[rollup-data-tutorial]] === Try it: Create and visualize rolled up data This example creates a rollup job to capture log data from sample web logs. diff --git a/docs/user/visualize.asciidoc b/docs/user/visualize.asciidoc index b2207da389039..f6be2040e3e8c 100644 --- a/docs/user/visualize.asciidoc +++ b/docs/user/visualize.asciidoc @@ -13,46 +13,46 @@ To begin, open *Visualize*, then click *Create new visualization*. [[visualization-types]] == Types of visualizations -To help you choose the best visualization for your data, {kib} supports many types of visualizations. +{kib} supports several types of visualizations. <>:: Quickly build several types of basic visualizations by simply dragging and dropping the data fields you want to display. <>:: -* *Line, area, and bar charts* — Compare different series in X/Y charts. +* *Line, area, and bar charts* — Compares different series in X/Y charts. -* *Pie chart* — Display each source contribution to a total. +* *Pie chart* — Displays each source contribution to a total. * *Data table* — Flattens aggregations into table format. -* *Metric* — Display a single number. +* *Metric* — Displays a single number. -* *Goal and gauge* — Display a number with progress indicators. +* *Goal and gauge* — Displays a number with progress indicators. -* *Tag cloud* — Display words in a cloud, where the size of the word corresponds to its importance. +* *Tag cloud* — Displays words in a cloud, where the size of the word corresponds to its importance. -<>:: Visualize time series data using pipeline aggregations. +<>:: Visualizes time series data using pipeline aggregations. -<>:: Compute and combine data from multiple time series +<>:: Computes and combine data from multiple time series data sets. <>:: -* *<>* — The most powerful way of visualizing map data in {kib}. +* *<>* — Displays geospatial data in {kib}. * *Coordinate map* — Displays points on a map using a geohash aggregation. -* *Region map* — Merge any structured map data onto a shape. +* *Region map* — Merges any structured map data onto a shape. -* *Heat map* — Display shaded cells within a matrix. +* *Heat map* — Displays shaded cells within a matrix. <>:: -* *Markdown widget* — Display free-form information or instructions. +* *Markdown widget* — Displays free-form information or instructions. -* *Controls* — Add interactive inputs to a Dashboard. +* *Controls* — Adds interactive inputs to a dashboard. -<>:: Complete control over query and display. +<>:: Completes control over query and display. [float] [[choose-your-data]] @@ -71,14 +71,14 @@ selected query. + NOTE: When you build a visualization from a saved search, any subsequent modifications to the saved search are reflected in the -visualization. To disable automatic updates, disconnect the visualization -from the saved search. +visualization. To disable automatic updates, delete the visualization +on the *Saved Object* page. -* Visualize <>. Data is summarized into +* To build a visualization using <>, select +the index pattern that includes the data. Rolled up data is summarized into time buckets that can be split into sub buckets for numeric field values or terms. To lower granularity, use a time aggregation that uses and combines -several time buckets. For example, if the rollup job is aggregated by hours, -bucket by days. +several time buckets. For an example, refer to <>. [float] [[vis-inspector]]