Community

Blog Events Webinars Tutorials Forum
  1. Blog
  2. Events
  3. Webinars
  4. Tutorials
  5. Forum
Create Account
×
Community Blog Explore Data with Kibana Discover

Explore Data with Kibana Discover

In this tutorial, you will experience the Discover feature of Kibana, including filtering data, and saving and exporting the search results as a CSV report.

Introduction

In this tutorial, you will experience the Discover feature of Kibana, including filtering data (adding filters under the query bar or filtering using KQL syntax in the query bar), and saving and exporting the search results as a CSV report.

Alibaba Cloud Elasticsearch is based on the open-source Elasticsearch and is designed for search and analytics scenarios. It supports enterprise-level access control, security monitoring, and automatic updates.

Alibaba Cloud Elasticsearch is compatible with the open-source Elasticsearch. It optimizes kernel performance, and provides commercial features (formerly X-Pack) that are out-of-the-box (OFTB), highly available, and scalable.

For more information, see What is Alibaba Cloud Elasticsearch?

What Can I Learn from the Tutorial?

  • How to filter data
  • How to create a custom table view and save it
  • How to export search results as a CSV report

Prepare Environment and Resources.

Before you begin the tutorial, follow these steps to prepare your environment and resources.

  1. Go to the Alibaba Cloud Free Tier page. In the upper-right corner of the page, click Free Account. Then Log In to use your existing Alibaba Cloud account or create an Alibaba Cloud account for logon.
  2. After the logon, select Analytics Computing in the product categories that are displayed in the All Free Tier Products Available section of the Alibaba Cloud Free Tier page. Then, click Try Now in the Elasticsearch card.
  3. Follow the tutorial to create an Elasticsearch cluster and log on to Kibana.
  • Create an Elasticsearch cluster.
  • Log on to Kibana.
  • Add Sample flight data.

Data Filtering

Note

Before you perform subsequent operations, make sure that you have created an Elasticsearch cluster, logged on to Kibana, and added sample flight data. For more information, see How to Create an Alibaba Cloud Elasticsearch Cluster and Log on to the Kibana Console.

There are several ways to query your data in Kibana, including:

  • adding filters under the query bar
  • writing a query in the query bar using the Kibana Query Language, KQL.

1.  On the homepage of the Kibana console, click the 1 icon in the upper-left corner and select Analytics > Discover.

2.  In the upper-left corner, select Data View as Kibana Sample Data Flights.

3.  Click the time range filter in the upper-right corner. Select Relative and set 10 days ago in the From field, to Now as shown in the figure and click 2 next to the filter.

3

4.  Select either method to complete data filtering.

Add Filters under the Query Bar

a) In the list of fields on the left, click DestWeather to view the most common values for the field.

4

b) On the list of values, click 5 next to Cloudy value, which creates a filter on this value. The added filter appears at the top under the search bar.

Now the results table only shows flights where the destination weather was cloudy as shown.

6

c) Click 7 on the left of the query bar towards the top of the screen. Selsect the Cancelled field, is for the Operator, and then select true for the Value. Click Add filter.

Then the results table shows cancelled flights.

8

d) Click the filter just created Cancelled: true > Exclude Results to only display the uncancelled flights.

9

e) Add a filter with the carrier Logstash Airways or JetBeats as shown.

10

f) Finally, add a filter for flight delays between 1 and 100 minutes.

11

The complete filtering results are shown in the following figure.

12

Writing a Query to Filter Data in the Query Bar Using KQL

a) In the top query bar of the Kibana homepage, enter the following query and press Enter.

DestWeather : "Cloudy"

The number of hits (in the upper-left corner of the date histogram) changes when filtering flights where the destination weather was cloudy.

b) Add the condition on flight not being cancelled to the query.

and not Cancelled : true

or

and Cancelled : false

13

c) Add the conditions on carrier and restrict flight delay conditions to the query.

and Carrier : ("Logstash Airways" or "JetBeats") and FlightDelayMin>0 and FlightDelayMin<=100

d) Now the complete query should be as follows.

DestWeather : "Cloudy" and not Cancelled : true and Carrier : ("Logstash Airways" or "JetBeats") and FlightDelayMin>0 and FlightDelayMin<=100

14

KQL is a powerful query language that allows you to search freely on any field. For example, and Thunder* is able to search for Thunder* in any field and it will match the origin or destination weather. For more information about the KQL syntax, visit Kibana Query Language.

Save a Search

In this section, you will customize the table view, and save it as a saved search.

1.  In the top right navigation bar, click Create to reset the filter and query settings.

2.  Expand one of the documents with the arrow on the left of a line and switch to a dialog with details as shown.

15

3.  Create a custom table view that contains only certain fields.

In the Document Details dialog box, click Fields OriginCityName, DestCityName, Carrier, and FlightDelayMin in the Actions column. 16 (Switch columns in the table.)

17

4.  Use the Add Filter under Query Bar or KQL syntax method in the previous link to filter for delayed flights.

The field that identifies whether the flight is delayed is FlightDelay. If the KQL syntax is FlightDelay : true, press Enter to query.

5.  Click Save in the upper-right corner of the page. In the Save Search dialog box, enter a Delayed flights saved search in the Title field and click Save.

6.  In the top navigation bar, click New to reset the table view to the original view.

7.  Click Open in the top navigation bar and select Delayed flights saved search to return to your saved search.

Export CSV

1.  Open the Delayed flights saved search.

2.  In the top navigation bar, choose Share > CSV Report > Generate CSV.

On the Kibana homepage, click the 1 icon in the upper-left corner and choose Stack Management > Alerts and Insights > Reporting to view the download progress.

3.  After the CSV is generated, a pop-up message appears in the lower-right corner of the page.

You can click Download Report or click the 1 icon in the upper-left corner of the Kibana homepage and choose Stack Management > Alerts and Insights > Reporting.

Complete

After completing the above operations, you have completed the data filtering based on the Kibana Sample Data Flights data view, saving and exporting the search results as a CSV report, as shown in the image.

18

Cleanup and Follow-up

Cleanup

Resources that are charged based on the subscription billing method have validity periods. After the validity periods elapse, the resources are automatically released. After you complete the tutorial, you can refer to the following instructions to process the resources:

  • If you no longer require the test data and resources used in the tutorial, you can delete them.

    • Delete the index. On the Console tab of the Kibana console, run the following command to delete the index to prevent resource wastes. The deleted index cannot be recovered. Therefore, before you delete the index, you must make sure that the delete operation does not affect your business.
DELETE /product_info
- Delete the VPC. For more information, see Delete a VPC.
  • If you still require the Elasticsearch cluster, you can renew the cluster before it expires or renew the cluster within seven days after it expires. For more information, see Renew a cluster. If the Elasticsearch cluster is not renewed, the system releases the cluster seven days after the cluster expires. In this case, data stored in the Elasticsearch cluster is permanently deleted and cannot be recovered.
  • If the preceding command is successfully run, the following result is returned:
{
  "acknowledged" : true
}

Follow-up

Based on the created instance, you can try other tutorials of the search and analysis service for Elasticsearch to experience the data visualization feature of Kibana Discover and the basic search feature of Alibaba Cloud Elasticsearch.

Big Data Data analysis ElasticSearch Kibana Tutorials Search and Analysis Data Filtering Kibana Discover
0 1 0
Share on

Read previous post:

How to Create an Alibaba Cloud Elasticsearch Cluster and Log on to the Kibana Console

Read next post:

What is Vector Search?

Data Geek

32 posts | 1 followers

You may also like

Comments

Data Geek

32 posts | 1 followers

Related Products

More Posts by Data Geek

See All