Elastic added a heavyweight release to the 7.5 release, Lens. In my previous post, “Elastic Stack 7.5.0 Blockbuster Release,” I covered some of this. In today’s exercise, I’ll briefly show you how to use Elastic Lens to make creating visualizations easier. Kibana Lens features:
- Lens is so intuitive that even if you have no previous technical experience or knowledge of Elasticsearch, you can quickly create meaningful visualizations based on raw data
- Lens enables a new drag-and-drop experience, and with Lens you can easily switch between different chart types and index modes
- Lens gives you smart suggestions and shows you other views of your data
Before Lens, if we want to make a meaningful visualization, but without the basic knowledge of Elasticsearch Aggregation, it would be hard to make a pretty statistical graph.
So let’s start our Kibana Lens tour.
To prepare data
Before we can start our exercise we have to install Elasticsearch and Kibana and start them up as per my previous tutorial “Elastic: Beginner’s Guide”. We opened Kibana:
Let’s click on the “Load a Data Set and a Kibana Dashboard” link above:
Let’s click the Add Data button above. This completes the import of our kiBANA_SAMple_DATA_LOGS index data.
Lens Actual Practice
Next, let’s visualize Lens for the kiBANA_SAMPLE_DATA_LOGS index that we just imported. Let’s first click Visualization:
Click Create Visualization above:
Under normal circumstances, we visualise our data at Visualization on the left. As shown in the picture above, this time we choose Go to Lens. It can create a more intuitive visualization method for us. Often this can happen when we don’t know what we want at first, perhaps by dragging and dropping methods to generate some insight for us to analyze. This method can also be used by people who don’t know anything about Elasicsearch. Click on Go to Lens above:
Above we select Kibana_sample_data_logs as our index and click Show All Fields to expand the index fields:
So we can see this interface up here. On the left it shows all the fields of the index. Before we can explore the data, we must use the Time picker to select our favorite time periods. Otherwise we might not have data to look at.
To explore the data
We may not know at the beginning what kind of data analysis we want. We can explore our data through Lens. We click on any of the fields:
Click on the bytes field above and it immediately shows us a statistical graph of the current field. Here are the statistics we clicked on the extension.keyword field:
With this simple click, we can instantly get a snapshot of our data.
Drag and drop to visualize
We’ve had a brief exploration of our data above. Next, let’s visualize our data by dragging and dropping.
We drag and Drop the bytes field into the middle Drop some fields here to start field:
Above we can immediately see the time series distribution of the current bytes. Lens automatically does this visualization for us. We can select a period of time for the current data, or we can search for it:
Also at the bottom of the middle of the figure above, there is a statistical chart for visual reference. It allows us to choose the visualization we need. If you’re happy with the current visualization, you can even Save it by clicking on the Save link in the upper left:
Isn’t that amazing to us so far? We didn’t plan to do anything, even though we didn’t know Elaticsearch very well, we visualized the data and provided insight into our data. It is worth mentioning that we can also select and customize Y-axis:
Further analysis
We analyzed the bytes field above. But Lens doesn’t just do that; you can even drag and drop more fields in the visualization area above. We drag another field called extension.keyword:
We can see the visualization of such as:
Obviously, in the above visualization, we used two fields bytes and extensions.keyword. In the figure above, we can see the extensions.keyword distribution size for each time. It’s more intuitive and gives us a visual analysis. Similarly, in the suggestions area below, we can see a variety of visual options for us to choose from.
Before Elastic Lens was available, you had to go through the following complicated steps, and you had to have a good understanding of Elasticsearch. To achieve the above visualization, we can select a Vertical Bar:
To get the effect of adding extension.keyword a second time, we must also add a Y-axis:
Through the above operations, we can see the renderings similar to those in Lens before. However, in the process of visualization, we need a strong understanding of Elasticsearch and aggregation. Lens greatly simplifies data analysis and provides a wide range of options for data-driven analysis.
Lens advice
We can see the proposed visualization below the visualization area:
We select the right-most table for visualization:
We can drag more fields of interest to the Drop a field here area on the right. We can also remove uninteresting fields such as TIMESTAMP.
Above, we can tabulate the fields we are interested in.
Flexibility of Lens
Lens visualization is very flexible. We can adjust it dynamically anytime, anywhere. For the sake of illustration, let’s choose the second visualization in the figure above:
We now drag timestamp back from the previous drop:
Select the “Stacked Area” above:
From above we can see a completely different visualization. We are free to change and customize our visualizations anytime, anywhere. You can search for data anywhere, anytime:
Isn’t that Elastic Lens cool? It’s very simple and practical. Let’s try it together. It is currently in Beta testing. If you have good suggestions, let’s improve this product together!