Help Center/ Cloud Search Service/ Best Practices/ Using Kibana Discover for Time Series Data Visualization
Updated on 2025-12-26 GMT+08:00
View PDF

Using Kibana Discover for Time Series Data Visualization

On Kibana Discover, you can create index patterns to define which Elasticsearch indexes to explore, and visualize and query time-series data using specified time fields.

Scenario

Kibana serves as the visualization layer for Elasticsearch data. On Kibana Discover, you can query time-series data using Elasticsearch's search capabilities and visualize results through dynamic charts and histograms. Typical applications include:
  • Log analytics: Filter server logs by time to identify and diagnose abnormal events.
  • Service monitoring: Monitor real-time changes and trends in key metrics, such as order volume and user activity.
  • Data insights: Quickly browse data and verify data ingestion results.

Solution Architecture

Discover serves as Kibana's primary interface for interactive data exploration. It directly interacts with the underlying Elasticsearch cluster.

  1. User requests: Users set filters, rank data, and select time ranges on the Discover page.
  2. Kibana: Converts user requests into Elasticsearch query DSL.
  3. Elasticsearch: Executes queries and returns the results.
  4. Kibana: Visualizes the results using charts and tables (for example, showing document counts using a horizontal bar chart).

For more information, see Discover.

Highlights

  • Easy to use: An intuitive GUI enables quick data query and browsing without complex settings.
  • Flexible: Kibana's intuitive KQL (Kibana Query Language) syntax and flexible filters enable precise, real-time data discovery across your Elasticsearch indexes.
  • Real-time: Data is updated in real time. You can set time fields to query the latest data.

Prerequisites

  • A CSS Elasticsearch cluster has been created. For a security-mode cluster, make sure its username and password have been obtained.
  • The target data for query or analytics (such as logs and monitoring metrics) has been ingested into your Elasticsearch cluster. The data must contain a time field (for example, @timestamp).

Procedure

This section uses Kibana 7.10.2 as an example to describe how to use Discover for time-series data visualization. The Kibana UI varies slightly depending on the Kibana version.

  1. Log in to Kibana and go to the command execution page.

    1. Log in to the CSS management console.
    2. In the navigation pane on the left, choose Clusters > Elasticsearch.
    3. In the cluster list, find the target cluster, and click Kibana in the Operation column to log in to the Kibana console.
    4. In the left navigation pane, choose Dev Tools.

      The left part of the console is the command input box, and the triangle icon in its upper-right corner is the execution button. The right part shows the execution result.

  2. Create an index pattern.

    1. On the Kibana console, click the menu icon in the upper-left corner and choose Management > Stack Management.
    2. On the Stack Management page, choose Index Patterns and click Create index pattern.
    3. In the Index pattern name text box, enter an index name prefix (for example, kibana_sample_data*).
    4. Click Next step.
    5. Select a time field (for example, @timestamp) from the Time field drop-down list.
    6. Click Create index pattern to create an index pattern.
      Figure 1 Creating an index pattern

  3. Go to the Discover page.

    1. On the Kibana console, click the menu icon in the upper-left corner, and choose Kibana > Discover.
    2. Select the index pattern created in the previous step (for example, kibana_sample_data*) from the Index patterns drop-down list.
      Figure 2 Selecting an index pattern

  4. Browse data.

    • Bar chart: shows document counts in chronological order (aggregated every 15 minutes by default).
    • Document list: shows 500 matching documents by default (you can scroll down to load more).
    Figure 3 Browsing data

  5. Search for data.

    • Add filters: In the Add filter area, select a field and enter a value (for example, response.keyword: 200) to filter the data.
    • Use KQL to query data: Enter a Kuery query statement (for example, request.keyword: "/elasticsearch") in the search box and press Enter. For more information, see Kibana Query Language.
    Figure 4 Searching for data

  6. Set a time filter.

    1. Adjust the time range. Click the time filter in the upper-right corner and select one of the following:
      • Absolute: Specify the start time and end time (for example, from 2024-03-01 00:00 to 2024-03-02 00:00).
      • Relative: Set an offset from the current time (for example, Last 1 hour or Last 7 days).
      • Now: Always update to the latest refresh time.
      Figure 5 Time filter
    2. Perform an interactive query on a histogram. Click a time range in the bar chart to quickly locate documents that fall into this range.