Bird
Raised Fist0
Elasticsearchquery~10 mins

Lens for drag-and-drop analysis in Elasticsearch - Step-by-Step Execution

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Concept Flow - Lens for drag-and-drop analysis
Open Lens Interface
Select Data Source
Drag Field to Visualization Area
Lens Auto-Detects Visualization Type
Adjust Visualization Settings
View Updated Visualization
Repeat Drag-and-Drop for More Fields
Save or Export Analysis
Lens lets you drag fields from your data to create visualizations quickly, auto-selecting the best chart type and updating it as you add more fields.
Execution Sample
Elasticsearch
1. Open Lens in Kibana
2. Choose an index pattern
3. Drag 'timestamp' to X-axis
4. Drag 'count' to Y-axis
5. Lens shows a time series chart
This example shows how dragging fields creates a time series chart automatically.
Execution Table
StepActionInput FieldLens ResponseVisualization State
1Open Lens Interface-Lens ready for inputEmpty canvas
2Select Data Sourceindex-pattern: logs-*Fields loadedEmpty canvas
3Drag fieldtimestampAssign to X-axisX-axis set to timestamp
4Drag fieldcountAssign to Y-axisY-axis set to count, chart type: line
5Lens auto-selects chart-Line chart displayedTime series line chart shown
6Drag fieldhost.keywordAdd as breakdownChart splits by host.keyword
7Adjust settingsChange color paletteColors updatedChart colors changed
8Save analysis-Saved successfullyAnalysis saved
9Exit--Lens closed
💡 User finishes analysis and closes Lens interface
Variable Tracker
VariableStartAfter Step 3After Step 4After Step 6Final
X-axis fieldNonetimestamptimestamptimestamptimestamp
Y-axis fieldNoneNonecountcountcount
Breakdown fieldNoneNoneNonehost.keywordhost.keyword
Chart typeNoneNonelinelineline
Visualization stateEmptyX-axis setLine chartSplit by host.keywordFinal saved chart
Key Moments - 3 Insights
Why does Lens automatically choose a line chart after dragging timestamp and count?
Lens detects that timestamp is a time field and count is numeric, so it picks a line chart to best show trends over time, as seen in execution_table row 5.
What happens if you drag a keyword field after setting X and Y axes?
Lens adds the keyword field as a breakdown or split dimension, updating the chart to show multiple lines or segments, shown in execution_table row 6.
Can you change the chart type manually after Lens auto-selects it?
Yes, you can adjust visualization settings like chart type or colors anytime, as shown in execution_table row 7.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the visualization state after step 4?
AY-axis set to count, chart type: line
BX-axis set to timestamp only
CY-axis set to count only
DChart splits by host.keyword
💡 Hint
Check the Visualization State column at step 4 in execution_table
At which step does Lens add a breakdown field to the visualization?
AStep 3
BStep 4
CStep 6
DStep 7
💡 Hint
Look for when 'host.keyword' is dragged in execution_table
If you drag a numeric field instead of 'count' at step 4, how would the visualization state change?
ALens would show a pie chart
BLens would still show a line chart with the new numeric field on Y-axis
CLens would remove the X-axis field
DLens would not update the chart
💡 Hint
Lens auto-selects chart types based on field types, see step 5 in execution_table
Concept Snapshot
Lens lets you drag fields from your data to build visualizations.
Drag a time field to X-axis and a numeric field to Y-axis.
Lens auto-selects the best chart type (like line chart for time series).
Add keyword fields to split data by categories.
Adjust colors and settings anytime.
Save your analysis when done.
Full Transcript
Lens is a tool in Kibana that helps you create visualizations by dragging fields from your data. First, you open Lens and select your data source. Then you drag a time field like 'timestamp' to the X-axis and a numeric field like 'count' to the Y-axis. Lens automatically chooses a line chart to show trends over time. You can add more fields, such as a keyword field, to split the chart into categories. You can also change colors and other settings. Finally, you save your analysis. This step-by-step process helps you explore data visually without writing code.

Practice

(1/5)
1.

What is the main purpose of Lens in Elasticsearch?

easy
A. To write complex Elasticsearch queries manually
B. To manage Elasticsearch cluster settings
C. To analyze data visually by dragging and dropping fields
D. To monitor server hardware performance

Solution

  1. Step 1: Understand Lens functionality

    Lens provides a visual interface to analyze data without coding.

  2. Step 2: Compare options with Lens features

    Only To analyze data visually by dragging and dropping fields describes visual drag-and-drop analysis, matching Lens's purpose.

  3. Final Answer:

    To analyze data visually by dragging and dropping fields -> Option C

  4. Quick Check:

    Lens = Visual drag-and-drop analysis [OK]
Hint: Lens is for visual data analysis, not manual coding [OK]
Common Mistakes:
  • Thinking Lens requires writing queries
  • Confusing Lens with cluster management tools
  • Assuming Lens monitors hardware
2.

Which of the following is the correct way to add a field to a Lens visualization?

Drag the field from the left panel and _______

easy
A. drop it onto the visualization workspace
B. double-click the field name in the index pattern
C. type the field name in the search bar
D. right-click and select 'Add to Lens'

Solution

  1. Step 1: Recall Lens drag-and-drop method

    Lens uses drag-and-drop to add fields to the visualization workspace.

  2. Step 2: Evaluate options for adding fields

    Only drop it onto the visualization workspace describes dragging and dropping onto the workspace, matching Lens usage.

  3. Final Answer:

    drop it onto the visualization workspace -> Option A

  4. Quick Check:

    Drag field + drop on workspace = Add field [OK]
Hint: Drag fields directly onto the workspace to add [OK]
Common Mistakes:
  • Trying to add fields by typing names
  • Using double-click instead of drag-and-drop
  • Looking for right-click menu options
3.

Given a Lens visualization with a date histogram on the x-axis and a count metric, what will happen if you drag a status.keyword field to the 'Break down by' area?

medium
A. The chart will show only the total count without breakdown
B. The chart will split counts by each unique status value
C. The chart will display an error and not render
D. The date histogram will be removed automatically

Solution

  1. Step 1: Understand 'Break down by' in Lens

    Dragging a field to 'Break down by' splits the chart by unique values of that field.

  2. Step 2: Apply to status.keyword field

    The chart will show counts split by each unique status value over time.

  3. Final Answer:

    The chart will split counts by each unique status value -> Option B

  4. Quick Check:

    Break down by field = split chart by field values [OK]
Hint: 'Break down by' splits chart by unique field values [OK]
Common Mistakes:
  • Expecting no change in chart
  • Thinking the date histogram is removed
  • Assuming an error occurs
4.

In Lens, you try to drag a numeric field to the 'Y-axis' but the chart does not update. What is the most likely cause?

medium
A. The field is not mapped as a numeric type in the index pattern
B. You need to refresh the browser to see changes
C. Lens only supports string fields on the Y-axis
D. The drag-and-drop feature is disabled in settings

Solution

  1. Step 1: Check field type requirements for Y-axis

    Y-axis requires numeric fields to aggregate values like count or sum.

  2. Step 2: Identify cause of no update

    If the field is not numeric in the index pattern, Lens cannot use it on Y-axis, so chart won't update.

  3. Final Answer:

    The field is not mapped as a numeric type in the index pattern -> Option A

  4. Quick Check:

    Y-axis needs numeric field type [OK]
Hint: Y-axis fields must be numeric type in index pattern [OK]
Common Mistakes:
  • Assuming browser refresh fixes it
  • Thinking Lens supports strings on Y-axis
  • Believing drag-and-drop can be disabled
5.

You want to create a Lens visualization showing average response time per user, but only for users with more than 10 requests. How can you achieve this using Lens drag-and-drop features?

hard
A. Use Lens to write a custom query filtering users with more than 10 requests, then drag fields normally
B. Drag 'user.keyword' to 'X-axis', 'requests' to 'Y-axis' with 'Sum' aggregation, then filter 'response_time < 10'
C. Drag 'response_time' to 'Break down by', 'user.keyword' to 'Y-axis' with 'Count' aggregation, no filters needed
D. Drag 'user.keyword' to 'Break down by', 'response_time' to 'Y-axis' with 'Average' aggregation, then add a filter 'requests > 10' to the visualization

Solution

  1. Step 1: Set up breakdown and metric

    Drag 'user.keyword' to 'Break down by' to split by user, and 'response_time' to 'Y-axis' with 'Average' aggregation to get average response time.

  2. Step 2: Apply filter for requests count

    Add a filter 'requests > 10' to include only users with more than 10 requests.

  3. Final Answer:

    Drag 'user.keyword' to 'Break down by', 'response_time' to 'Y-axis' with 'Average' aggregation, then add a filter 'requests > 10' to the visualization -> Option D

  4. Quick Check:

    Breakdown + average metric + filter = correct Lens setup [OK]
Hint: Use filters plus breakdown and aggregation to refine Lens charts [OK]
Common Mistakes:
  • Filtering wrong field or with wrong condition
  • Mixing up X-axis and Break down by roles
  • Trying to write queries instead of using filters