Blog Detail

Covid-19 Global Tracker
preview image Programming
by Anurag Srivastava, Dec 24, 2018, 5:25:28 PM | 3 minutes |

Create a Pie Chart in Kibana

In this blog, I am going to explain how you can create a pie chart in Kibana to show Apache2 log data captured through Filebeat. So basically I will plot the pie chart to show multiple field values like response code, HTTP method and total bytes sent.

We will create a simple pie chart that will show multidimensional data where it will create buckets for each of the fields. Following Filebeat data structure we are going to use for creating Pie chart:

{
  "_index": "filebeat-6.5.2-2018.12.13",
  "_type": "doc",
  "_id": "-Z9Ap2cBI_XuAVP8QgYj",
  "_version": 1,
  "_score": null,
  "_source": {
    "offset": 2508,
    "apache2": {
      "access": {
        "referrer": "http://localhost/test/admin.php?username=root&db=mysite",
        "response_code": "200",
        "remote_ip": "127.0.0.1",
        "method": "GET",
        "user_name": "-",
        "http_version": "1.1",
        "body_sent": {
          "bytes": "4180"
        },
        "url": "/test/admin.php?username=root&db=mysite&script=db",
        "user_agent": {
          "original": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0",
          "major": "63",
          "minor": "0",
          "os": "Ubuntu",
          "name": "Firefox",
          "os_name": "Ubuntu",
          "device": "Other"
        }
      }
    },
    "prospector": {
      "type": "log"
    },
    "read_timestamp": "2018-12-13T10:56:32.756Z",
    "source": "/var/log/apache2/access.log",
    "fileset": {
      "module": "apache2",
      "name": "access"
    },
    "input": {
      "type": "log"
    },
    "@timestamp": "2018-12-13T08:03:29.000Z",
    "beat": {
      "hostname": "DLILPTP0305",
      "name": "DLILPTP0305",
      "version": "6.5.2"
    },
    "host": {
      "name": "DLILPTP0305"
    }
  },
  "fields": {
    "@timestamp": [
      "2018-12-13T08:03:29.000Z"
    ]
  },
  "highlight": {
    "apache2.access.method": [
      "@kibana-highlighted-field@GET@/kibana-highlighted-field@"
    ]
  },
  "sort": [
    1544688209000
  ]
}

The above document of the filebeat index is showing the metrics of Apache log data. So I will use the fields from this document in order to create the pie chart. We need to do the following for creating the chart:

  • Click on Visualize link from the left menu. This will open the save visualization link.
  • Click on the plus icon the create a new visualization.
  • From Select visualization type screen, click on the pie chart box. This will open a screen to select the index or saved search object.
  • Click on Filebeat if you have a Filebeat index or choose your own index pattern.
  • Select count under the "Metrics" option.
  • Under Buckets option, select terms for aggregation and select the response_code field of Apache under field option.
  • Add the custom label as per the field name.
  • Now click on the "Add sub-buckets" button to add more fields to aggregate.
  • Add HTTP method and total bytes sent field for aggregation.
  • After adding all these fields click on the "Apply Changes" button icon on the configuration panel.

This will load the visualization as shown in the below screen-shot.

We can click on any section of the visualization to drill-down into the chart and in this way we can get the desired set of data using the visualization. For example, if we want to see only POST requests with response code 302, we can directly click on these sections to filter out the chart. 

If you found this article interesting, then you can explore “Mastering Kibana 6.0”, “Kibana 7 Quick Start Guide”, “Learning Kibana 7”, and “Elasticsearch 7 Quick Start Guide” books to get more insight about Elastic Stack, how to perform data analysis, and how you can create dashboards for key performance indicators using Kibana.

About Author

Anurag Srivastava

Author of “Mastering Kibana 6.x”, “Kibana 7 Quick Start Guide”, “Learning Kibana 7”, &“Elasticsearch 7 Quick Start Guide” books & AWS Certified Solutions Architect.

View Profile

Comments (0)

Leave a comment

Related Blogs

Introduction to Elasticsearch Aggregations

Aug 14, 2018, 4:47:56 PM | Anurag Srivastava

Wildcard and Boolean Search in Elasticsearch

Aug 10, 2018, 7:14:40 PM | Anurag Srivastava

Bucket Aggregation in Elasticsearch

Aug 29, 2018, 7:15:06 PM | Anurag Srivastava

Elasticsearch Rest API

Jul 31, 2018, 6:16:42 PM | Anurag Srivastava

Basics of Data Search in Elasticsearch

Aug 4, 2018, 7:02:21 AM | Anurag Srivastava

Metrics Aggregation in Elasticsearch

Aug 18, 2018, 6:02:20 PM | Anurag Srivastava

Handling files and folders using Python

Feb 2, 2018, 7:29:35 PM | jitender yadav

Create a Chess board in PHP

Mar 9, 2020, 8:45:41 AM | Rocky Paul

Handle Excel file using Python (Part 1)

Dec 30, 2019, 11:20:08 AM | Anurag Srivastava

Handle Excel file using Python (Part 2)

Dec 31, 2019, 1:33:53 PM | Anurag Srivastava

Top Blogs

Configure SonarQube Scanner with Jenkins

Jun 21, 2018, 4:58:11 AM | Anurag Srivastava

Deploying Angular code using Python script

Jun 26, 2018, 4:50:18 PM | Anurag Srivastava

Configure Jenkins for Automated Code Deployment

Jun 13, 2018, 3:44:01 PM | Anurag Srivastava

Execute Commands on Remote Machines using sshpass

Jul 16, 2018, 5:00:02 PM | Anurag Srivastava

SonarQube installation on Ubuntu

May 12, 2018, 4:47:07 PM | Anurag Srivastava

Wildcard and Boolean Search in Elasticsearch

Aug 10, 2018, 7:14:40 PM | Anurag Srivastava

Why SonarQube is important for IT projects ?

Apr 24, 2018, 2:52:28 PM | Anurag Srivastava

Configuring Logstash to send MongoDB data into Elasticsearch

Mar 9, 2019, 8:20:38 AM | Anurag Srivastava

Elasticsearch Rest API

Jul 31, 2018, 6:16:42 PM | Anurag Srivastava

Analyze your project with SonarQube

Jun 2, 2018, 10:49:54 AM | Anurag Srivastava