Bird
Raised Fist0
Elasticsearchquery~20 mins

Lens for drag-and-drop analysis in Elasticsearch - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Lens Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the output of this Lens drag-and-drop configuration?

Given a Lens visualization in Elasticsearch where you drag the "bytes" field to the Y-axis and the "extension.keyword" field to the X-axis, what will the chart display?

Elasticsearch
Lens config:
- Y-axis: Sum of bytes
- X-axis: Terms of extension.keyword

Data sample:
{
  "extension": "jpg",
  "bytes": 1000
},
{
  "extension": "png",
  "bytes": 2000
},
{
  "extension": "jpg",
  "bytes": 1500
}
AA pie chart showing count of documents per extension without bytes aggregation
BA line chart showing average bytes per document regardless of extension
CA bar chart showing total bytes for each file extension, e.g., jpg: 2500, png: 2000
DA table listing each document with bytes and extension fields
Attempts:
2 left
💡 Hint

Think about what happens when you drag a numeric field to the Y-axis and a keyword field to the X-axis in Lens.

🧠 Conceptual
intermediate
1:30remaining
Which Lens feature allows you to change the aggregation type for a dragged field?

In Elasticsearch Lens, after dragging a field to an axis, how can you change the aggregation method (e.g., from sum to average)?

ABy clicking the field on the axis and selecting the aggregation from the dropdown menu
BBy editing the Elasticsearch query manually in the Lens interface
CBy dragging the field again to the other axis
DBy changing the index pattern in the Lens settings
Attempts:
2 left
💡 Hint

Look for interactive controls on the axis field after dragging.

🔧 Debug
advanced
2:30remaining
Why does this Lens visualization show no data after dragging fields?

You dragged timestamp to the X-axis and bytes to the Y-axis in Lens, but the chart shows no data. What is the most likely cause?

Elasticsearch
Lens config:
- X-axis: Date histogram on timestamp
- Y-axis: Sum of bytes

Data sample:
{
  "timestamp": "2023-01-01T00:00:00Z",
  "bytes": 1000
}

Index pattern uses a different time field named "@timestamp".
ALens requires a keyword field on the X-axis, not a date field
BThe index pattern's time field is different from the dragged timestamp field, so Lens cannot filter data by time
CThe date histogram interval is too large to show data
DThe bytes field is not numeric, so sum aggregation fails silently
Attempts:
2 left
💡 Hint

Check the index pattern's configured time field and the field used in the visualization.

📝 Syntax
advanced
2:00remaining
Which Lens drag-and-drop configuration will produce a stacked bar chart by default?

In Lens, you want to create a stacked bar chart showing total bytes per extension, split by the geo.src field. Which drag-and-drop setup achieves this?

AY-axis: Terms of geo.src.keyword; X-axis: Sum of bytes; Break down by: Terms of extension.keyword
BY-axis: Count; X-axis: Terms of extension.keyword; Break down by: Terms of geo.src.keyword
CY-axis: Sum of bytes; X-axis: Terms of geo.src.keyword; Break down by: Terms of extension.keyword
DY-axis: Sum of bytes; X-axis: Terms of extension.keyword; Break down by: Terms of geo.src.keyword
Attempts:
2 left
💡 Hint

Think about which axis shows the main grouping and which field breaks down the bars.

🚀 Application
expert
3:00remaining
How to create a Lens visualization that shows average bytes per day for top 3 extensions?

You want a Lens chart that shows the average bytes per day on the Y-axis, with the X-axis as a date histogram on @timestamp, but only for the top 3 file extensions by count. How do you configure Lens?

AY-axis: Average of bytes; X-axis: Date histogram on @timestamp; Use 'Break down by' with extension.keyword limited to 3 terms
BY-axis: Sum of bytes; X-axis: Date histogram on @timestamp; Use 'Break down by' with extension.keyword limited to 3 terms
CY-axis: Average of bytes; X-axis: Terms of extension.keyword limited to 3; Use 'Break down by' with date histogram on @timestamp
DY-axis: Average of bytes; X-axis: Date histogram on @timestamp; Add a filter to include only top 3 extensions by terms aggregation on extension.keyword
Attempts:
2 left
💡 Hint

Consider how to limit the number of extensions shown and how to arrange date histogram and terms fields.

Practice

(1/5)
1.

What is the main purpose of Lens in Elasticsearch?

easy
A. To write complex Elasticsearch queries manually
B. To manage Elasticsearch cluster settings
C. To analyze data visually by dragging and dropping fields
D. To monitor server hardware performance

Solution

  1. Step 1: Understand Lens functionality

    Lens provides a visual interface to analyze data without coding.

  2. Step 2: Compare options with Lens features

    Only To analyze data visually by dragging and dropping fields describes visual drag-and-drop analysis, matching Lens's purpose.

  3. Final Answer:

    To analyze data visually by dragging and dropping fields -> Option C

  4. Quick Check:

    Lens = Visual drag-and-drop analysis [OK]
Hint: Lens is for visual data analysis, not manual coding [OK]
Common Mistakes:
  • Thinking Lens requires writing queries
  • Confusing Lens with cluster management tools
  • Assuming Lens monitors hardware
2.

Which of the following is the correct way to add a field to a Lens visualization?

Drag the field from the left panel and _______

easy
A. drop it onto the visualization workspace
B. double-click the field name in the index pattern
C. type the field name in the search bar
D. right-click and select 'Add to Lens'

Solution

  1. Step 1: Recall Lens drag-and-drop method

    Lens uses drag-and-drop to add fields to the visualization workspace.

  2. Step 2: Evaluate options for adding fields

    Only drop it onto the visualization workspace describes dragging and dropping onto the workspace, matching Lens usage.

  3. Final Answer:

    drop it onto the visualization workspace -> Option A

  4. Quick Check:

    Drag field + drop on workspace = Add field [OK]
Hint: Drag fields directly onto the workspace to add [OK]
Common Mistakes:
  • Trying to add fields by typing names
  • Using double-click instead of drag-and-drop
  • Looking for right-click menu options
3.

Given a Lens visualization with a date histogram on the x-axis and a count metric, what will happen if you drag a status.keyword field to the 'Break down by' area?

medium
A. The chart will show only the total count without breakdown
B. The chart will split counts by each unique status value
C. The chart will display an error and not render
D. The date histogram will be removed automatically

Solution

  1. Step 1: Understand 'Break down by' in Lens

    Dragging a field to 'Break down by' splits the chart by unique values of that field.

  2. Step 2: Apply to status.keyword field

    The chart will show counts split by each unique status value over time.

  3. Final Answer:

    The chart will split counts by each unique status value -> Option B

  4. Quick Check:

    Break down by field = split chart by field values [OK]
Hint: 'Break down by' splits chart by unique field values [OK]
Common Mistakes:
  • Expecting no change in chart
  • Thinking the date histogram is removed
  • Assuming an error occurs
4.

In Lens, you try to drag a numeric field to the 'Y-axis' but the chart does not update. What is the most likely cause?

medium
A. The field is not mapped as a numeric type in the index pattern
B. You need to refresh the browser to see changes
C. Lens only supports string fields on the Y-axis
D. The drag-and-drop feature is disabled in settings

Solution

  1. Step 1: Check field type requirements for Y-axis

    Y-axis requires numeric fields to aggregate values like count or sum.

  2. Step 2: Identify cause of no update

    If the field is not numeric in the index pattern, Lens cannot use it on Y-axis, so chart won't update.

  3. Final Answer:

    The field is not mapped as a numeric type in the index pattern -> Option A

  4. Quick Check:

    Y-axis needs numeric field type [OK]
Hint: Y-axis fields must be numeric type in index pattern [OK]
Common Mistakes:
  • Assuming browser refresh fixes it
  • Thinking Lens supports strings on Y-axis
  • Believing drag-and-drop can be disabled
5.

You want to create a Lens visualization showing average response time per user, but only for users with more than 10 requests. How can you achieve this using Lens drag-and-drop features?

hard
A. Use Lens to write a custom query filtering users with more than 10 requests, then drag fields normally
B. Drag 'user.keyword' to 'X-axis', 'requests' to 'Y-axis' with 'Sum' aggregation, then filter 'response_time < 10'
C. Drag 'response_time' to 'Break down by', 'user.keyword' to 'Y-axis' with 'Count' aggregation, no filters needed
D. Drag 'user.keyword' to 'Break down by', 'response_time' to 'Y-axis' with 'Average' aggregation, then add a filter 'requests > 10' to the visualization

Solution

  1. Step 1: Set up breakdown and metric

    Drag 'user.keyword' to 'Break down by' to split by user, and 'response_time' to 'Y-axis' with 'Average' aggregation to get average response time.

  2. Step 2: Apply filter for requests count

    Add a filter 'requests > 10' to include only users with more than 10 requests.

  3. Final Answer:

    Drag 'user.keyword' to 'Break down by', 'response_time' to 'Y-axis' with 'Average' aggregation, then add a filter 'requests > 10' to the visualization -> Option D

  4. Quick Check:

    Breakdown + average metric + filter = correct Lens setup [OK]
Hint: Use filters plus breakdown and aggregation to refine Lens charts [OK]
Common Mistakes:
  • Filtering wrong field or with wrong condition
  • Mixing up X-axis and Break down by roles
  • Trying to write queries instead of using filters