Skip to content

Track 3 Kibana Visualizations, with aggregations

Abstract

This track introduces Kibana visualizations, which lets you display your data in several different ways.

Create visualizations

Refer to the Punch Kibana Visualize guide.

Tip

You can add formatting to your data, for example adding a color to a field depending on its values.

Aggregations

Refer to the ElasticSearch aggregation documentation.

Tip

Aggregations allow for powerful data analytics. Search is about running a query to find documents that matches criteria, but aggregations are about getting insights into your data, from a higher view.

Question

Why do we have to use .keyword for textual fields in aggregations ?

In aggregations, we use ".keyword" because the actual text value of the field has gone into the inverted index, so it's already processed through an analyzer. ES doesn't aggregate on raw textual data, so "keyword" tells it to consider the value as one big word, to use the exact value.

Danger

Be careful not to write too complex aggregations