0
0
Elasticsearchquery~10 mins

Why Kibana visualizes Elasticsearch data - Visual Breakdown

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Concept Flow - Why Kibana visualizes Elasticsearch data
User sends query in Kibana
Kibana translates query
Query sent to Elasticsearch
Elasticsearch processes query
Elasticsearch returns data
Kibana receives data
Kibana visualizes data
User sees charts and graphs
Kibana sends queries to Elasticsearch, gets data back, and then shows it as charts or graphs for easy understanding.
Execution Sample
Elasticsearch
GET /logs/_search
{
  "query": { "match_all": {} },
  "size": 5
}
This query asks Elasticsearch to return 5 log entries, which Kibana will visualize.
Execution Table
StepActionInput/QueryElasticsearch ResponseKibana ActionOutput/Visualization
1User inputs query in Kibanamatch_all query, size 5Send query to Elasticsearch
2Kibana sends queryGET /logs/_search {"query": {"match_all": {}}, "size": 5}Processes query, finds 5 log entries
3Elasticsearch returns data[5 log entries JSON]Receive data
4Kibana processes dataParse JSON data
5Kibana creates visualizationGenerate charts/graphsDisplay 5 log entries as table or graph
6User views visualizationSees charts/graphs of logs
💡 Visualization complete; user sees data in easy-to-understand form
Variable Tracker
VariableStartAfter Step 2After Step 3After Step 5Final
queryNone{"match_all": {}, "size":5}{"match_all": {}, "size":5}{"match_all": {}, "size":5}{"match_all": {}, "size":5}
response_dataNoneNone[5 log entries JSON][5 log entries JSON][5 log entries JSON]
visualizationNoneNoneNoneCharts/graphs createdCharts/graphs displayed
Key Moments - 3 Insights
Why does Kibana send a query to Elasticsearch instead of storing data itself?
Kibana is a visualization tool; it relies on Elasticsearch to store and search data. As shown in execution_table step 2, Kibana sends the query to Elasticsearch to get fresh data.
How does Kibana know what data to visualize?
Kibana receives raw data from Elasticsearch (step 3), then parses it (step 4) and creates visualizations (step 5) based on user settings.
What happens if Elasticsearch returns no data?
Kibana will receive an empty response and show empty visualizations or messages, as it depends on Elasticsearch's response (see step 3).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what does Kibana do at step 4?
ADisplay charts and graphs to the user
BSend the query to Elasticsearch
CParse the JSON data received from Elasticsearch
DUser inputs the query
💡 Hint
Check the 'Kibana Action' column at step 4 in execution_table
At which step does Elasticsearch return data to Kibana?
AStep 3
BStep 2
CStep 5
DStep 1
💡 Hint
Look at the 'Elasticsearch Response' column in execution_table
If the query size changes from 5 to 10, how does variable 'response_data' change in variable_tracker?
AIt will be empty
BIt will contain 10 log entries JSON instead of 5
CIt will still contain 5 log entries JSON
DIt will contain 15 log entries JSON
💡 Hint
Check how 'response_data' holds the number of log entries returned after query execution
Concept Snapshot
Kibana sends queries to Elasticsearch to get data.
Elasticsearch processes and returns data.
Kibana parses data and creates visual charts.
Users see data visually for easy understanding.
Kibana does not store data, only visualizes it.
Full Transcript
Kibana is a tool that helps users see data stored in Elasticsearch. When a user types a query in Kibana, it sends that query to Elasticsearch. Elasticsearch searches its data and sends back the results. Kibana then takes this data and turns it into charts or graphs that are easy to understand. This process helps users explore and analyze data without needing to read raw data. The key steps are: user inputs query, Kibana sends query, Elasticsearch returns data, Kibana visualizes data, and user sees the visualization.