Graph
Aggregation Based
Lens
Timelion
Pros
- plot a combination of data sources
Cons
# pull data from data source
es, elasticsearch
index # string, index name
timefield # string, time field name
metric
count # default
avg # avg:field
sum # sum:field
min # min:field
max # max:field
percentiles # percentiles:field
cardinality # cardinality:field
fit # fills null values using a defined fit function, one of average, carry, nearest, none, scale
interval # aggregation interval, for instance, interval='12h'
kibana # true, enable filter on Kibana; false, otherwise
offset # time offset, s:second, m:minute, h:hour, d:day, w:week, M:month, y:year, for instance, offset='-6h', or offset='timerange:-0.5'
q # KQL query
split # field:num_of_top_categories
graphite
quandl
wbi, worldbank_indicators # pull world bank data
country # ISO code
indicator # pull indicator from URL at https://data.worldbank.org/indicator
wb, worldbank # pull world bank data
code # string, Worldbank API path
# mathematics
abs
add, plus, sum # numeric, add a value to the values on y axis
subtract # numeric, subtract a value from the values on y axis
derivative # null, calculate derivate
mvstd, movingstd # moving standard deviation over a given window
window # int
position # left, right, center
divide # numeric, divide a value by the values on y axis
cusum # null, cumulative sum
multiply # numeric, multiply a value by the values on y axis
log # null, log values
max # give a threshold value if a value is less than a threshold, for instance, .max(.es(), 37)
min # give a threshold value if a value is greater than a threshold, for instance, .min(.es(), 25)
fit # fills null values using a defined fit function, one of average, carry, nearest, none, scale
trend # regression plot
holt # conduct forecast
alpha # 0-1
beta # 0-1
gamma # 0-1
# horizontal line
aggregate
avg # create line represent the average
cardinality
min
max
last
first
sum
static, value # create constant horizontal line, for instance, .static(3, label='average')
# plots
lines # line plot
fill # 0-10, fill area under the lines
width # line thickness
show # boolean, true/false, display the lines or not
steps # boolean or int, true, do not interpolate between points; false, otherwise
bars # bar plot
points # scatter plot
# style
color # color code, plot color
label # string, create a label for the current plot
legend
position # nw, ne, se, sw, set up legend position
columns # int, number of columns to divide the legend into
showTime # boolean, true/false, display time or not
timeFormat # HH:mm:ss.SSS, set up time format
title, # string, create a title
range # set up max and min of the y axis
mvavg, movingaverage # smooth plots
window # smooth window size
position # center, left, right
precision # int, set value precision
trim # set N buckets at the start or end of a series to null to fit the "partial bucket issue"
scale_interval # string, changes interval, s, m, h, d, w, M, y
hide # hide plot
yaxis
yaxis # int, numbered y axis
min # numeric, minimum value on y axis
max # numeric, maximum value on y axis
position # left or right
label # string, label on axis
color # string, label color
units # bits, bits/s, bytes, bytes/s, currency, percent, custom:prefix:suffix
tickDecimals # int, digital numbers after decimal point
props # set value for arbitary properties, for instance, props(label=Regression)
# decision
condition, if # logical operation, lt, lte, eq, gt, gte, for instance, if(lt, 500, 0, 1), if a value is less than 500, set the value to 0, else set the value to 1
# multiple plots with multiple indices
.es(index=elicsarhackathon,metric=avg:domains_length,).yaxis(label=Length, min=37.9, max=40, color=red, tickDecimals=1).label(max),
.es(index=elicsarhackathon,metric=avg:domains_length,).if(gt, 38.2, 38.2).lines(fill=5)
TSVB
Pros
- Provide Time Series, Metric, Top N, Gauge, Markdown, Table
- Support multiple plots with one data source
Cons
- Only support single data source
- Only on time series
# plot
1. Time Series -> Panel options, set index patern, filter
2. Time Series -> Panel options -> Metrics, set aggregation, group by
3. Time Series -> Panel options -> Options, set data formater, filter, chart type, axis, legend
4. Time Series -> Annotations, set annotations with other data sources
Vega
Mark
- area, bar, circle, line, point, rect, rule, square, text, and tick
# Line chart
{
$schema: https://vega.github.io/schema/vega-lite/v4.json
title: Event Counts // graph title
// Define the data source
data: {
url: {
%context%: true // apply dashboard context filters
%timefield%: @timestamp // use the time filter of Kibana
index: hackathon // data source
body: { // define query body
aggs: {
time_buckets: {
date_histogram: {
field: @timestamp
interval: {%autointerval%: true}
extended_bounds: {
min: {%timefilter%: "min"}
max: {%timefilter%: "max"}
}
min_doc_count: 0
}
}
}
size: 0
}
}
format: {property: "aggregations.time_buckets.buckets"} // define the data used in the graph, time_buckets is the query name, buckets is a key of the return
}
mark: line
encoding: {
x: {
field: key
type: temporal
axis: {title: false} // no X axis title
}
y: {
field: doc_count
type: quantitative
axis: {title: "Document count"} // define Y axis title
}
}
}
# Scatter plot
{
$schema: "https://vega.github.io/schema/vega-lite/v4.json"
mark: point
data: {
url: {
%context%: true
%timefield%: @timestamp
index: elicsarhackathon
body: {
size: 100,
_source: ["@timestamp", "domains_length"]
}
}
format: { property: "hits.hits" }
}
transform: [
{
calculate: "toDate(datum._source['@timestamp'])"
as: "time"
}
]
encoding: {
x: {
field: time
type: temporal
axis: { title: false }
}
y: {
field: _source.domains_length
type: quantitative
axis: { title: "Domain Length" }
}
}
}
# Multiple subplots
{
$schema: "https://vega.github.io/schema/vega-lite/v4.json"
mark: point
data: {
url: {
%context%: true
%timefield%: @timestamp
index: elicsarhackathon
body: {
size: 100,
_source: ["@timestamp", "domains_length", "domains_num","status"]
}
}
format: { property: "hits.hits" }
}
transform: [
{
calculate: "toDate(datum._source['@timestamp'])"
as: "time"
}
]
encoding: {
"row": {"field": "_source.status"}, // create a subplot for each category
x: {
field: time
type: temporal
axis: { title: false }
},
y: {
field: _source.domains_length
type: quantitative
axis: { title: "Domain Length" }
}
}
}
# Multiple plots with one index
{
$schema: "https://vega.github.io/schema/vega-lite/v4.json"
mark: point
data: {
url: {
%context%: true
%timefield%: @timestamp
index: elicsarhackathon
body: {
size: 100,
_source: ["@timestamp", "domains_length", "domains_num"]
}
}
format: { property: "hits.hits" }
}
transform: [
{
calculate: "toDate(datum._source['@timestamp'])"
as: "time"
}
]
encoding: {
x: {
field: time
type: temporal
axis: { title: false }
}
y: {
field: _source.domains_length
type: quantitative
axis: { title: "Domain Length" }
}
}
"layer": [
{ // layer one, same as the layer in the above encoding
"mark": {"type": "point", "size": 100, "opacity": 0.8},
"encoding": {
"y": {"field": "_source.domains_length"}
}
},
{ // layer two
"mark": {"type": "line", "color": "red", "size": 1, "opacity": 0.5},
"encoding": {
"y": {"field": "_source.domains_num"}
}
}
]
}
Text
Control
Reference