Complete Examples¶
This section provides real-world YAML dashboard examples demonstrating various features and capabilities of the Dashboard Compiler.
How to Use These Examples¶
- Browse: Click on any example bundle below to view its README with complete documentation
- Copy: Each bundle contains YAML files you can copy to your local directory
- Compile: Run the compiler using uvx (no clone required):
- Upload (Optional): To upload directly to Kibana:
For contributors: If you've cloned the repository, you can compile examples from the repo:
uvx kb-dashboard-cli compile --input-dir packages/kb-dashboard-docs/content/examples --output-dir output
Standalone Examples¶
These single-file examples demonstrate specific features:
Controls Example¶
Demonstrates dashboard controls including options list, range slider, time slider, control chaining, and custom label positions.
Dashboard Definition (controls-example.yaml)
---
dashboards:
- name: '[Example] Interactive Controls'
description: Demonstrates dashboard controls for dynamic filtering
controls:
- type: options
label: Select Host
data_view: logs-*
field: host.name
match_technique: contains
- type: options
label: Log Level
width: small
data_view: logs-*
field: log.level
match_technique: prefix
panels:
- title: Using Dashboard Controls
size:
w: 48
h: 4
position:
x: 0
y: 0
markdown:
content: "# Interactive Dashboard Controls\nThis dashboard demonstrates the use of **controls** for interactive filtering.\nControls\
\ appear at the top of the dashboard and allow users to filter data dynamically.\n**Available Controls:**\n- **Host Selector** - Filter\
\ by specific host(s)\n- **Log Level** - Filter by log severity level\nSelect values from the controls above to filter all panels\
\ on this dashboard.\n"
- title: Selected Events Count
description: Total events matching control filters
size:
w: 16
h: 6
position:
x: 0
y: 4
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Filtered Events
- title: Unique Hosts in Selection
description: Number of unique hosts in filtered data
size:
w: 16
h: 6
position:
x: 16
y: 4
lens:
type: metric
data_view: logs-*
primary:
aggregation: unique_count
field: host.name
label: Hosts
- title: Average Response Time
description: Average response time for selected events
size:
w: 16
h: 6
position:
x: 32
y: 4
lens:
type: metric
data_view: logs-*
primary:
aggregation: average
field: http.response.time
label: Avg Response (ms)
filters:
- exists: http.response.time
- title: Events Over Time (Filtered)
description: Time series view of filtered events
size:
w: 48
h: 12
position:
x: 0
y: 10
lens:
type: line
data_view: logs-*
dimension:
field: '@timestamp'
type: date_histogram
label: Time
metrics:
- aggregation: count
label: Event Count
- title: Service Distribution (Filtered)
description: Distribution of events across services
size:
w: 24
h: 12
position:
x: 0
y: 22
lens:
type: pie
data_view: logs-*
breakdowns:
- field: service.name
type: values
size: 8
metrics:
- aggregation: count
- title: Top URLs (Filtered)
description: Most frequently accessed URLs
size:
w: 24
h: 12
position:
x: 24
y: 22
lens:
type: bar
mode: stacked
data_view: logs-*
dimension:
field: url.path
type: values
size: 10
sort:
by: Requests
direction: desc
metrics:
- aggregation: count
label: Requests
filters:
- exists: url.path
Dimensions Example¶
Shows how to configure dimensions in Lens visualizations including multiple dimension types, custom formatting, and breakdown configurations.
Dashboard Definition (dimensions-example.yaml)
---
dashboards:
- id: dimensions-example-001
name: '[Example] Multi-Dimensional Charts'
description: Demonstrates complex dimension configurations and breakdowns
panels:
- title: Multi-Dimensional Visualizations
size:
w: 48
h: 5
position:
x: 0
y: 0
markdown:
content: "# Multi-Dimensional Chart Examples\nThis dashboard demonstrates advanced dimension and breakdown configurations:\n- **Single\
\ dimension** - Basic time series\n- **Multiple dimensions** - Cross-tabulation\n- **Breakdowns** - Additional grouping layer\n- **Top\
\ N with sorting** - Size limits and sort orders\n- **Other bucket** - Handling remaining values\n"
- title: Simple Time Series
description: Single time dimension, no breakdown
size:
w: 24
h: 10
position:
x: 0
y: 5
lens:
type: line
data_view: logs-*
dimension:
field: '@timestamp'
type: date_histogram
label: Time
metrics:
- aggregation: count
label: Events
- title: Multi-Dimensional Line Chart
description: Time dimension with log level breakdown
size:
w: 24
h: 10
position:
x: 24
y: 5
lens:
type: line
data_view: logs-*
dimension:
field: '@timestamp'
type: date_histogram
label: Time
breakdown:
field: log.level
type: values
size: 5
sort:
by: Event Count
direction: desc
metrics:
- aggregation: count
label: Event Count
- title: Top 10 Hosts by Traffic
description: Sorted by metric value, showing top N
size:
w: 24
h: 12
position:
x: 0
y: 15
lens:
type: bar
mode: stacked
data_view: logs-*
dimension:
field: host.name
type: values
label: Host
size: 10
sort:
by: Event Count
direction: desc
metrics:
- aggregation: count
label: Event Count
- title: HTTP Response Analysis
description: Multiple metrics on same chart
size:
w: 24
h: 12
position:
x: 24
y: 15
lens:
type: line
data_view: logs-*
dimension:
field: '@timestamp'
type: date_histogram
label: Time
metrics:
- aggregation: count
label: Request Count
- aggregation: average
field: http.response.time
label: Avg Response Time (ms)
- aggregation: max
field: http.response.time
label: Max Response Time (ms)
filters:
- exists: http.response.time
- title: Stacked Area with Breakdown
description: Time dimension with service breakdown
size:
w: 24
h: 12
position:
x: 0
y: 27
lens:
type: area
mode: stacked
data_view: logs-*
dimension:
field: '@timestamp'
type: date_histogram
label: Time
metrics:
- aggregation: count
label: Events
breakdown:
field: service.name
type: values
size: 8
sort:
by: Events
direction: desc
- title: HTTP Methods by Status Code
description: 'Cross-tabulation: method × status_code'
size:
w: 24
h: 12
position:
x: 24
y: 27
lens:
type: bar
mode: stacked
data_view: logs-*
dimension:
field: http.request.method
type: values
label: HTTP Method
size: 10
sort:
by: Request Count
direction: desc
metrics:
- aggregation: count
label: Request Count
breakdown:
field: http.response.status_code
type: values
size: 10
filters:
- exists: http.request.method
- exists: http.response.status_code
- title: Response Time Percentiles
description: Multiple percentile metrics
size:
w: 24
h: 12
position:
x: 0
y: 39
lens:
type: line
data_view: logs-*
dimension:
field: '@timestamp'
type: date_histogram
label: Time
metrics:
- aggregation: median
field: http.response.time
label: P50 Response Time
- aggregation: percentile
field: http.response.time
percentile: 95
label: P95 Response Time
- aggregation: percentile
field: http.response.time
percentile: 99
label: P99 Response Time
filters:
- exists: http.response.time
- field: http.response.time
gte: '0'
- title: Unique Users per Service
description: Unique count aggregation with breakdown
size:
w: 24
h: 12
position:
x: 24
y: 39
lens:
type: bar
mode: stacked
data_view: logs-*
dimension:
field: service.name
type: values
label: Service
size: 8
sort:
by: Unique Users
direction: desc
metrics:
- aggregation: unique_count
field: user.id
label: Unique Users
filters:
- exists: user.id
- exists: service.name
Color Palette Example¶
Demonstrates color customization for charts including custom palettes, manual color assignments, and per-chart configuration.
Note: Manual color assignments are an advanced topic. See the Custom Color Assignments guide.
Dashboard Definition (color-palette-examples.yaml)
---
# Color Palette Configuration Examples
# This file demonstrates the various color mapping features for charts
dashboards:
- name: Color Palette Examples
panels:
# Example 1: Categorical colors with custom palette
- title: CPU States (Custom Colors)
size: {w: 12, h: 8}
position: {x: 0, y: 0}
lens:
type: pie
data_view: metrics-*
breakdowns:
- field: attributes.state
type: values
metrics:
- aggregation: average
field: metrics.system.cpu.utilization
color:
palette: eui_amsterdam_color_blind
assignments:
- value: idle
color: '#00BF6F' # Green for idle
- value: user
color: '#0077CC' # Blue for user
- values:
- system
- nice
- iowait
color: '#FFA500' # Orange for system processes
# Example 2: Line chart with OS-specific colors
- title: CPU Load by OS Type
size: {w: 12, h: 8}
position: {x: 12, y: 0}
lens:
type: line
data_view: metrics-*
dimension:
field: '@timestamp'
type: date_histogram
breakdown:
field: resource.attributes.os.type
type: values
metrics:
- aggregation: average
field: metrics.system.cpu.load_average.1m
color:
palette: eui_amsterdam_color_blind
assignments:
- value: linux
color: '#00BF6F' # Green
- value: darwin
color: '#0077CC' # Blue
- value: windows
color: '#FFA500' # Orange
- value: solaris
color: '#9170B8' # Purple
# Example 3: Bar chart with memory state colors
- title: Memory Utilization by State
size: {w: 24, h: 8}
position: {x: 24, y: 0}
lens:
type: bar
mode: stacked
data_view: metrics-*
dimension:
field: resource.attributes.host.name
type: values
breakdown:
field: attributes.state
type: values
metrics:
- aggregation: average
field: metrics.system.memory.utilization
color:
palette: default
assignments:
- value: used
color: '#BD271E' # Red
- value: free
color: '#00BF6F' # Green
- value: cached
color: '#0077CC' # Blue
- value: buffered
color: '#98A2B3' # Gray
# Example 4: Area chart with elastic brand palette
- title: Disk Operations by Device (Elastic Brand Colors)
size: {w: 12, h: 8}
position: {x: 0, y: 8}
lens:
type: area
mode: stacked
data_view: metrics-*
dimension:
field: '@timestamp'
type: date_histogram
breakdown:
field: attributes.device
type: values
metrics:
- aggregation: average
field: metrics.system.disk.operations
color:
palette: elastic_brand
# Example 5: Pie chart with grayscale palette
- title: Filesystem Usage by Mount Point (Grayscale)
size: {w: 12, h: 8}
position: {x: 12, y: 8}
lens:
type: pie
data_view: metrics-*
breakdowns:
- field: attributes.mountpoint
type: values
metrics:
- aggregation: average
field: metrics.system.filesystem.utilization
color:
palette: gray
# Example 6: Multi-value assignment example
- title: OS Types (Grouped Colors)
size: {w: 12, h: 8}
position: {x: 24, y: 8}
lens:
type: pie
data_view: metrics-*
breakdowns:
- field: resource.attributes.os.type
type: values
metrics:
- aggregation: unique_count
field: resource.attributes.host.name
color:
palette: eui_amsterdam_color_blind
assignments:
- values:
- linux
- darwin
color: '#00BF6F' # Green for Unix-like
- values:
- windows
color: '#0077CC' # Blue for Windows
- values:
- solaris
- aix
- hpux
color: '#FFA500' # Orange for other Unix
# Example 7: Legacy Kibana palette
- title: Hosts by Cloud Provider (Legacy Colors)
size: {w: 12, h: 8}
position: {x: 36, y: 8}
lens:
type: bar
data_view: metrics-*
dimension:
field: resource.attributes.cloud.provider
type: values
metrics:
- aggregation: unique_count
field: resource.attributes.host.name
color:
palette: kibana_palette
# Example 8: XY chart with custom breakdown colors
- title: CPU Utilization by State Over Time
size: {w: 12, h: 8}
position: {x: 0, y: 16}
lens:
type: line
data_view: metrics-*
dimension:
field: '@timestamp'
type: date_histogram
breakdown:
field: attributes.state
type: values
metrics:
- aggregation: average
field: metrics.system.cpu.utilization
color:
palette: eui_amsterdam_color_blind
assignments:
- value: idle
color: '#00BF6F' # Green
- value: user
color: '#0077CC' # Blue
- value: system
color: '#FFA500' # Orange
- value: iowait
color: '#BD271E' # Red
- value: nice
color: '#9170B8' # Purple
Filters Example¶
Comprehensive filter demonstrations including field existence, phrase filters, range filters, custom DSL, and combined filters.
Dashboard Definition (filters-example.yaml)
---
dashboards:
- id: filters-example-001
name: '[Example] Advanced Filtering Techniques'
description: Demonstrates various panel-level filter types and combinations
panels:
- title: Filter Types Reference
size:
w: 48
h: 6
position:
x: 0
y: 0
markdown:
content: "# Advanced Filtering Techniques\nThis dashboard demonstrates various filter types available for panels:\n\n## Filter Types\n\
1. **Equals Filter** - Exact field value match\n2. **Exists Filter** - Field existence check\n3. **Comparison Filters** - Greater\
\ than/less than (gte, gt, lte, lt)\n4. **Not Filter** - Negation of other filters\n5. **Combined Filters** - Multiple filters on\
\ same panel\nEach panel below demonstrates a different filtering pattern.\n"
- title: Error Logs Only
description: "Using equals filter: log.level = 'error'"
size:
w: 12
h: 8
position:
x: 0
y: 6
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Error Count
filters:
- field: log.level
equals: error
- title: HTTP Requests Only
description: 'Using exists filter: http.response.status_code exists'
size:
w: 12
h: 8
position:
x: 12
y: 6
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: HTTP Events
filters:
- exists: http.response.status_code
- title: Slow Requests (≥500ms)
description: 'Using gte filter: http.response.time >= 500'
size:
w: 12
h: 8
position:
x: 24
y: 6
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Slow Requests
filters:
- field: http.response.time
gte: '500'
- title: Non-Success HTTP Codes
description: 'Using not filter: NOT (http.response.status_code = 200)'
size:
w: 12
h: 8
position:
x: 36
y: 6
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Non-200 Responses
filters:
- exists: http.response.status_code
- not:
field: http.response.status_code
equals: '200'
- title: Critical Production Errors
description: "Multiple filters: level='error' AND environment='production'"
size:
w: 24
h: 10
position:
x: 0
y: 14
lens:
type: line
data_view: logs-*
dimension:
field: '@timestamp'
type: date_histogram
label: Time
metrics:
- aggregation: count
label: Production Errors
filters:
- field: log.level
equals: error
- field: environment
equals: production
- exists: error.message
- title: 4xx HTTP Status Codes
description: 'Range filter: 400 <= status_code < 500'
size:
w: 24
h: 10
position:
x: 24
y: 14
lens:
type: bar
mode: stacked
data_view: logs-*
dimension:
field: http.response.status_code
type: values
size: 10
sort:
by: Count
direction: desc
metrics:
- aggregation: count
label: Count
filters:
- field: http.response.status_code
gte: '400'
- field: http.response.status_code
lt: '500'
- title: Non-Health-Check Requests
description: Excluding health check endpoints
size:
w: 24
h: 12
position:
x: 0
y: 24
lens:
type: area
mode: stacked
data_view: logs-*
dimension:
field: '@timestamp'
type: date_histogram
metrics:
- aggregation: count
breakdown:
type: values
field: http.request.method
filters:
- exists: url.path
- not:
field: url.path
equals: /health
- not:
field: url.path
equals: /ping
- title: Application Logs Only
description: Filter by data stream dataset
size:
w: 24
h: 12
position:
x: 24
y: 24
lens:
type: line
data_view: logs-*
dimension:
field: '@timestamp'
type: date_histogram
label: Time
breakdown:
field: log.level
type: values
size: 5
sort:
by: Count
direction: desc
metrics:
- aggregation: count
label: Count
filters:
- field: data_stream.dataset
equals: application.logs
Multi-Panel Showcase¶
A complete dashboard featuring multiple panel types: markdown, metrics, pie charts, XY charts, images, links, and grid layouts.
Dashboard Definition (multi-panel-showcase.yaml)
---
dashboards:
- name: '[Example] Multi-Panel Showcase'
description: Comprehensive example demonstrating all available panel types and chart variations
panels:
- title: Multi-Panel Dashboard Showcase
hide_title: false
description: Introduction panel showing markdown capabilities
size:
w: 48
h: 6
position:
x: 0
y: 0
markdown:
content: "# Welcome to the Multi-Panel Showcase\nThis dashboard demonstrates all supported panel types in the kb-yaml-to-lens compiler:\n\
- **Markdown panels** - Rich text content with formatting\n- **Links panels** - Navigation to dashboards and external URLs\n- **Chart\
\ panels** - Multiple visualization types (Metric, Pie, Line, Bar, Area, Tagcloud)\n_Note: Image panels are defined in the schema\
\ but compilation is not yet implemented._\nUse this as a reference for building your own dashboards!\n"
links_in_new_tab: true
- title: Quick Links
description: Example links panel with horizontal layout
size:
w: 48
h: 3
position:
x: 0
y: 6
links:
layout: horizontal
items:
- label: Kibana Documentation
url: https://www.elastic.co/guide/en/kibana/current/index.html
- label: Elasticsearch Guide
url: https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html
- label: Project Repository
url: https://github.com/strawgate/kb-yaml-to-lens
- title: Total Document Count
description: Simple metric chart showing total count
size:
w: 24
h: 10
position:
x: 0
y: 9
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
- title: Distribution by Log Level
description: Pie chart showing categorical distribution
size:
w: 24
h: 15
position:
x: 24
y: 9
lens:
type: pie
data_view: logs-*
breakdowns:
- field: log.level
type: values
size: 10
metrics:
- aggregation: count
- title: Events Over Time
description: Line chart showing time series data
size:
w: 24
h: 15
position:
x: 0
y: 24
lens:
type: line
data_view: logs-*
dimension:
type: date_histogram
field: '@timestamp'
metrics:
- aggregation: count
- title: Top Hosts by Event Count
description: Horizontal bar chart with breakdown
size:
w: 24
h: 15
position:
x: 24
y: 24
lens:
type: bar
mode: stacked
data_view: logs-*
dimension:
type: values
field: host.name
metrics:
- aggregation: count
- title: Cumulative Events
description: Area chart showing cumulative trends over time
size:
w: 24
h: 15
position:
x: 0
y: 39
lens:
type: area
mode: stacked
data_view: logs-*
dimension:
type: date_histogram
field: '@timestamp'
metrics:
- aggregation: count
breakdown:
type: values
field: log.level
- title: Common Tags Word Cloud
description: Tagcloud visualization showing weighted terms
size:
w: 24
h: 15
position:
x: 24
y: 39
lens:
type: tagcloud
data_view: logs-*
dimension:
type: values
field: tags
metric:
aggregation: count
Navigation Example¶
Demonstrates dashboard navigation features including links panels, dashboard linking patterns, and URL parameter passing.
Dashboard Definition (navigation-example.yaml)
---
dashboards:
- id: nav-overview-001
name: '[Example] Navigation - Overview Dashboard'
description: Demonstrates navigation patterns with links panel and basic metric charts
panels:
- title: Dashboard Navigation
description: Navigate between related dashboards
size:
w: 48
h: 2
position:
x: 0
y: 0
links:
layout: horizontal
items:
- label: Overview
dashboard: nav-overview-001
- label: Details
dashboard: nav-details-001
- label: Analytics
dashboard: nav-analytics-001
- title: Overview Dashboard Guide
hide_title: false
size:
w: 48
h: 3
position:
x: 0
y: 2
markdown:
content: "# Overview Dashboard\nThis dashboard provides high-level metrics across your log data. Use the navigation links above to\n\
drill into more detailed views.\n**Key Metrics:**\n- Total log volume\n- Unique hosts reporting\n- Log level distribution\n"
- title: Total Events
description: Total log events in the selected time range
size:
w: 12
h: 6
position:
x: 0
y: 5
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Events
- title: Unique Hosts
description: Number of unique hosts reporting
size:
w: 12
h: 6
position:
x: 12
y: 5
lens:
type: metric
data_view: logs-*
primary:
aggregation: unique_count
field: host.name
label: Hosts
- title: Error Events
description: Total number of error-level logs
size:
w: 12
h: 6
position:
x: 24
y: 5
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Errors
filters:
- field: log.level
equals: error
- title: Warning Events
description: Total number of warning-level logs
size:
w: 12
h: 6
position:
x: 36
y: 5
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Warnings
filters:
- field: log.level
equals: warning
- title: Event Trends Over Time
description: Time series view of log events
size:
w: 48
h: 12
position:
x: 0
y: 11
lens:
type: line
data_view: logs-*
dimension:
field: '@timestamp'
type: date_histogram
label: Time
metrics:
- aggregation: count
label: Events per interval
breakdown:
field: log.level
type: values
size: 5
- id: nav-details-001
name: '[Example] Navigation - Details Dashboard'
description: Detailed view with host-level breakdowns
panels:
- title: Dashboard Navigation
size:
w: 48
h: 2
position:
x: 0
y: 0
links:
layout: horizontal
items:
- label: Overview
dashboard: nav-overview-001
- label: Details
dashboard: nav-details-001
- label: Analytics
dashboard: nav-analytics-001
- title: Events by Host
description: Top hosts by event count
size:
w: 24
h: 15
position:
x: 0
y: 2
lens:
type: bar
mode: stacked
data_view: logs-*
dimension:
field: host.name
type: values
size: 10
sort:
by: Event Count
direction: desc
metrics:
- aggregation: count
label: Event Count
- title: Log Level Distribution
description: Distribution of log severity levels
size:
w: 24
h: 15
position:
x: 24
y: 2
lens:
type: pie
data_view: logs-*
breakdowns:
- field: log.level
type: values
size: 10
metrics:
- aggregation: count
- id: nav-analytics-001
name: '[Example] Navigation - Analytics Dashboard'
description: Advanced analytics with multiple visualizations
panels:
- title: Dashboard Navigation
size:
w: 48
h: 2
position:
x: 0
y: 0
links:
layout: horizontal
items:
- label: Overview
dashboard: nav-overview-001
- label: Details
dashboard: nav-details-001
- label: Analytics
dashboard: nav-analytics-001
- title: Cumulative Event Volume
description: Stacked area chart showing cumulative trends
size:
w: 24
h: 15
position:
x: 0
y: 2
lens:
type: area
mode: stacked
data_view: logs-*
dimension:
field: '@timestamp'
type: date_histogram
metrics:
- aggregation: count
breakdown:
type: values
field: log.level
- title: Common Tags
description: Most frequent tags in log data
size:
w: 24
h: 15
position:
x: 24
y: 2
lens:
type: tagcloud
data_view: logs-*
dimension:
type: values
field: tags
metric:
aggregation: count
Drilldowns Example¶
Demonstrates panel drilldowns including dashboard-to-dashboard navigation and URL drilldowns with template variables. See the Drilldowns Example for complete documentation.
Dashboard Definition (drilldowns/01-drilldowns-demo.yaml)
---
# Drilldowns Demo Dashboard
# This dashboard demonstrates various drilldown configurations including:
# - Dashboard-to-dashboard drilldowns (navigate to another dashboard)
# - URL drilldowns (open external URLs)
# - Different trigger types (click, filter, range)
#
# Note: For the dashboard drilldowns to work, the target dashboards must exist
# in your Kibana instance. Replace the dashboard IDs with actual dashboard IDs.
#
# Prerequisites: This example expects a `logs-*` data view with fields like
# http.response.status_code, event.dataset, host.name, and event.action.
# Adjust data_view and field names for your environment.
#
# To verify compilation: kb-dashboard compile --input-file packages/kb-dashboard-docs/content/examples/drilldowns/01-drilldowns-demo.yaml
dashboards:
- name: Drilldowns Demo
description: Demonstrates dashboard and URL drilldowns on various panel types
panels:
# Overview metric with dashboard drilldown
- title: Total Events (Click for Details)
size: {w: quarter, h: 8}
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
id: total-events
drilldowns:
- name: View Event Details
dashboard: event-details-dashboard
with_filters: true
with_time: true
# Metric with URL drilldown
- title: Error Rate (Click for Docs)
size: {w: quarter, h: 8}
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
id: error-count
filters:
- field: log.level
equals: error
drilldowns:
- name: Open Error Documentation
url: https://docs.example.com/errors
new_tab: true
# Panel with multiple drilldowns
- title: Requests by Status
size: {w: half, h: 8}
lens:
type: bar
data_view: logs-*
dimension:
type: values
field: http.response.status_code
id: status-code
size: 10
metrics:
- aggregation: count
id: request-count
drilldowns:
# Dashboard drilldown for deeper analysis
- name: Analyze Status Code
dashboard: status-code-analysis
id: status-drill
with_filters: true
# URL drilldown for external reference
- name: HTTP Status Reference
url: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/{{event.value}}
id: mdn-status
new_tab: true
encode_url: true
# Time series with range trigger drilldown
- title: Events Over Time
size: {w: half, h: 12}
lens:
type: line
data_view: logs-*
dimension:
type: date_histogram
field: '@timestamp'
id: time-bucket
metrics:
- aggregation: count
id: event-count
drilldowns:
- name: Zoom to Time Range
dashboard: detailed-events-dashboard
triggers:
- range
with_time: true
with_filters: true
# Pie chart with click trigger
- title: Events by Source
size: {w: half, h: 12}
lens:
type: pie
data_view: logs-*
breakdowns:
- type: values
field: event.dataset
id: source-group
size: 5
metrics:
- aggregation: count
id: source-count
drilldowns:
- name: View Source Details
dashboard: source-specific-dashboard
triggers:
- click
- filter
# Data table with URL drilldown
- title: Top Hosts
size: {w: whole, h: 10}
lens:
type: datatable
data_view: logs-*
breakdowns:
- type: values
field: host.name
id: host-col
size: 20
metrics:
- aggregation: count
id: host-event-count
label: Event Count
- aggregation: unique_count
field: event.action
id: unique-actions
label: Unique Actions
drilldowns:
- name: View Host in Fleet
url: https://kibana.example.com/app/fleet/agents?kuery=host.name:{{event.value}}
new_tab: true
triggers:
- click
Heatmap Examples¶
Examples of heatmap visualizations.
Dashboard Definition (heatmap-examples.yaml)
---
dashboards:
- id: heatmap-examples-001
name: '[Example] Heatmap Charts'
description: Comprehensive examples of heatmap chart configurations
panels:
- title: Heatmap Examples Overview
size:
w: 48
h: 6
position:
x: 0
y: 0
markdown:
content: "# Heatmap Chart Examples\nThis dashboard demonstrates various heatmap configurations:\n- **Basic 2D heatmap** - Time series\
\ cross-referenced with categories\n- **1D heatmap** - Single dimension intensity visualization\n- **Custom grid and legend** - Appearance\
\ customization\n- **ES|QL heatmap** - Using ES|QL queries for data\n\nHeatmaps are perfect for:\n- Visualizing server load patterns\
\ by time and host\n- Analyzing user activity by hour and day of week\n- Identifying patterns in multi-dimensional data\n"
# Basic 2D Heatmap
- title: Request Activity by Hour and Service
description: Basic 2D heatmap showing request patterns
size:
w: 24
h: 15
position:
x: 0
y: 6
lens:
type: heatmap
data_view: logs-*
x_axis:
field: '@timestamp'
type: date_histogram
label: Time
y_axis:
field: service.name
type: values
label: Service
size: 10
sort:
by: Request Count
direction: desc
metric:
aggregation: count
label: Request Count
# 1D Heatmap
- title: Traffic Intensity Timeline
description: One-dimensional heatmap showing traffic over time
size:
w: 24
h: 15
position:
x: 24
y: 6
lens:
type: heatmap
data_view: logs-*
x_axis:
field: '@timestamp'
type: date_histogram
label: Time
metric:
aggregation: count
label: Events
appearance:
legend:
visible: show
position: bottom
# Heatmap with Custom Grid Configuration
- title: Response Time Heatmap (Custom Grid)
description: Heatmap with custom cell labels and axis configuration
size:
w: 24
h: 15
position:
x: 0
y: 21
lens:
type: heatmap
data_view: logs-*
x_axis:
field: '@timestamp'
type: date_histogram
minimum_interval: 1h
label: Hour
y_axis:
field: host.name
type: values
label: Server
size: 8
metric:
aggregation: average
field: response.time
label: Avg Response (ms)
format:
type: duration
appearance:
values:
visible: true
x_axis:
labels:
visible: true
title:
visible: true
y_axis:
labels:
visible: true
title:
visible: true
legend:
visible: show
position: right
# Error Rate Heatmap
- title: Error Rate by Service and Hour
description: Using formula metric to calculate error rates
size:
w: 24
h: 15
position:
x: 24
y: 21
lens:
type: heatmap
data_view: logs-*
x_axis:
field: '@timestamp'
type: date_histogram
label: Time
y_axis:
field: service.name
type: values
label: Service
size: 10
metric:
formula: count(kql='log.level:error') / count()
label: Error Rate (%)
format:
type: percent
# ES|QL Heatmap
- title: User Activity Heatmap (ES|QL)
description: Heatmap using ES|QL query
size:
w: 24
h: 15
position:
x: 0
y: 36
esql:
type: heatmap
query: |
FROM logs-*
| STATS user_count = COUNT_DISTINCT(user.id) BY hour = DATE_TRUNC(1 hour, @timestamp), region = user.geo.region
| SORT hour ASC, region ASC
x_axis:
field: hour
y_axis:
field: region
metric:
field: user_count
label: Unique Users
# Status Code Distribution Heatmap
- title: HTTP Status Codes by Endpoint
description: Visualizing status code distribution across endpoints
size:
w: 24
h: 15
position:
x: 24
y: 36
lens:
type: heatmap
data_view: logs-*
x_axis:
field: http.request.path
type: values
label: Endpoint
size: 15
sort:
by: Request Count
direction: desc
y_axis:
field: http.response.status_code
type: values
label: Status Code
size: 10
metric:
aggregation: count
label: Request Count
filters:
- exists: http.request.path
- exists: http.response.status_code
# Percentile Heatmap
- title: 95th Percentile Response Time
description: Using percentile aggregation in heatmap
size:
w: 24
h: 15
position:
x: 0
y: 51
lens:
type: heatmap
data_view: logs-*
x_axis:
field: '@timestamp'
type: date_histogram
label: Time
y_axis:
field: service.name
type: values
label: Service
size: 8
metric:
aggregation: percentile
field: response.time
percentile: 95
label: P95 Response (ms)
format:
type: duration
appearance:
values:
visible: false
x_axis:
labels:
visible: true
title:
visible: true
y_axis:
labels:
visible: true
title:
visible: true
# Memory Usage Heatmap
- title: Memory Usage by Host and Time
description: Heatmap showing memory usage patterns
size:
w: 24
h: 15
position:
x: 24
y: 51
lens:
type: heatmap
data_view: metrics-*
x_axis:
field: '@timestamp'
type: date_histogram
label: Time
y_axis:
field: host.name
type: values
label: Host
size: 10
metric:
aggregation: max
field: system.memory.used.pct
label: Max Memory %
format:
type: percent
appearance:
legend:
visible: show
position: right
Metric Formatting Examples¶
Examples of metric formatting options.
Dashboard Definition (metric-formatting-examples.yaml)
---
dashboards:
- id: metric-formatting-examples-001
name: '[Example] Metric Formatting'
description: Comprehensive examples of metric number formatting options
panels:
- title: Metric Formatting Examples Overview
size:
w: 48
h: 5
position:
x: 0
y: 0
markdown:
content: "# Metric Formatting Examples\nThis dashboard demonstrates various number formatting options for metric charts:\n- **Suffix\
\ formatting** - Add custom text after numbers (\" requests/sec\", \" users\")\n- **Compact notation** - Display large numbers as\
\ 1.2K, 500M, etc.\n- **Decimals control** - Set explicit decimal places (simpler than patterns)\n- **Custom patterns** - Use numeral.js\
\ patterns for precise formatting\n- **Built-in formats** - Bytes, duration, percent, etc.\n- **Combined options** - Mix multiple\
\ formatting features\n"
# Suffix Formatting Examples
- title: Request Rate
hide_title: true
description: Using suffix to add units
size:
w: 12
h: 8
position:
x: 0
y: 5
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Requests
format:
type: number
decimals: 0
suffix: ' req/sec'
- title: Active Users
hide_title: true
description: Suffix for context
size:
w: 12
h: 8
position:
x: 12
y: 5
lens:
type: metric
data_view: logs-*
primary:
aggregation: unique_count
field: user.id
label: Active Users
format:
type: number
decimals: 0
suffix: ' users'
- title: Temperature
hide_title: true
description: Suffix with units
size:
w: 12
h: 8
position:
x: 24
y: 5
lens:
type: metric
data_view: metrics-*
primary:
aggregation: average
field: system.cpu.temperature
label: CPU Temp
format:
type: custom
pattern: '0.0'
suffix: °C
- title: API Calls
hide_title: true
description: Suffix with period
size:
w: 12
h: 8
position:
x: 36
y: 5
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: API Calls
format:
type: number
decimals: 0
suffix: ' calls/hour'
# Compact Notation Examples
- title: Total Events (Compact)
hide_title: true
description: Compact notation for large numbers
size:
w: 12
h: 8
position:
x: 0
y: 13
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Total Events
format:
type: number
decimals: 0
compact: true
- title: Unique IPs (Compact)
hide_title: true
description: Compact with custom suffix
size:
w: 12
h: 8
position:
x: 12
y: 13
lens:
type: metric
data_view: logs-*
primary:
aggregation: unique_count
field: source.ip
label: Unique IPs
format:
type: number
decimals: 0
compact: true
suffix: ' IPs'
- title: Data Processed
hide_title: true
description: Bytes format with compact notation
size:
w: 12
h: 8
position:
x: 24
y: 13
lens:
type: metric
data_view: logs-*
primary:
aggregation: sum
field: http.request.bytes
label: Data Processed
format:
type: bytes
compact: true
- title: Response Time
hide_title: true
description: Duration format
size:
w: 12
h: 8
position:
x: 36
y: 13
lens:
type: metric
data_view: logs-*
primary:
aggregation: average
field: event.duration
label: Avg Response
format:
type: duration
# Custom Pattern Examples
- title: Revenue
hide_title: true
description: Currency pattern with 2 decimals
size:
w: 12
h: 8
position:
x: 0
y: 21
lens:
type: metric
data_view: logs-*
primary:
aggregation: sum
field: transaction.amount
label: Total Revenue
format:
type: custom
pattern: 0,0.00
suffix: ' USD'
- title: Success Rate
hide_title: true
description: Pattern with abbreviation
size:
w: 12
h: 8
position:
x: 12
y: 21
lens:
type: metric
data_view: logs-*
primary:
formula: count(kql='status:success') / count() * 100
label: Success Rate
format:
type: custom
pattern: 0.0a
suffix: '%'
- title: Cache Hit Ratio
hide_title: true
description: Percentage with 3 decimals
size:
w: 12
h: 8
position:
x: 24
y: 21
lens:
type: metric
data_view: logs-*
primary:
formula: count(kql='cache.hit:true') / count() * 100
label: Cache Hits
format:
type: percent
- title: Error Count
hide_title: true
description: No decimals with thousands separator
size:
w: 12
h: 8
position:
x: 36
y: 21
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
filter:
kql: log.level:error
label: Total Errors
format:
type: custom
pattern: 0,0
# Built-in Format Examples
- title: Network Throughput
hide_title: true
description: Bytes format
size:
w: 12
h: 8
position:
x: 0
y: 29
lens:
type: metric
data_view: metrics-*
primary:
aggregation: sum
field: network.bytes
label: Throughput
format:
type: bytes
- title: Network Bits
hide_title: true
description: Bits format
size:
w: 12
h: 8
position:
x: 12
y: 29
lens:
type: metric
data_view: metrics-*
primary:
aggregation: sum
field: network.bits
label: Network Traffic
format:
type: bits
- title: CPU Usage
hide_title: true
description: Percent format
size:
w: 12
h: 8
position:
x: 24
y: 29
lens:
type: metric
data_view: metrics-*
primary:
aggregation: average
field: system.cpu.usage
label: CPU Usage
format:
type: percent
- title: Uptime
hide_title: true
description: Duration format
size:
w: 12
h: 8
position:
x: 36
y: 29
lens:
type: metric
data_view: metrics-*
primary:
aggregation: max
field: system.uptime
label: Uptime
format:
type: duration
# Combined Format Options
- title: Bandwidth Usage
hide_title: true
description: Combining multiple format options
size:
w: 12
h: 8
position:
x: 0
y: 37
lens:
type: metric
data_view: metrics-*
primary:
aggregation: sum
field: network.bytes
label: Daily Bandwidth
format:
type: bytes
compact: true
suffix: /day
- title: Transaction Volume
hide_title: true
description: Compact with custom pattern
size:
w: 12
h: 8
position:
x: 12
y: 37
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Transactions
format:
type: custom
decimals: 0
compact: true
pattern: 0.0a
suffix: ' txn'
- title: Average Latency
hide_title: true
description: Duration with custom suffix
size:
w: 12
h: 8
position:
x: 24
y: 37
lens:
type: metric
data_view: logs-*
primary:
aggregation: average
field: response.latency
label: Avg Latency
format:
type: duration
suffix: ' (avg)'
- title: Data Transfer Rate
hide_title: true
description: Bits with rate suffix
size:
w: 12
h: 8
position:
x: 36
y: 37
lens:
type: metric
data_view: metrics-*
primary:
aggregation: average
field: network.bits
label: Transfer Rate
format:
type: bits
compact: true
suffix: /s
# Decimals Control Examples
- title: Explicit Decimals (4)
hide_title: true
description: Using decimals field for precise control
size:
w: 12
h: 8
position:
x: 0
y: 45
lens:
type: metric
data_view: metrics-*
primary:
aggregation: average
field: performance.score
label: Performance Score
format:
type: number
decimals: 4
- title: Bytes with 3 Decimals
hide_title: true
description: Overriding default decimals for bytes
size:
w: 12
h: 8
position:
x: 12
y: 45
lens:
type: metric
data_view: metrics-*
primary:
aggregation: average
field: network.bytes
label: Avg Packet Size
format:
type: bytes
decimals: 3
- title: Bits with 2 Decimals
hide_title: true
description: Bits format normally defaults to 0 decimals
size:
w: 12
h: 8
position:
x: 24
y: 45
lens:
type: metric
data_view: metrics-*
primary:
aggregation: average
field: network.bits
label: Precise Bit Rate
format:
type: bits
decimals: 2
- title: Decimals with Suffix
hide_title: true
description: Combining decimals with suffix
size:
w: 12
h: 8
position:
x: 36
y: 45
lens:
type: metric
data_view: logs-*
primary:
aggregation: average
field: response.latency
label: Latency
format:
type: number
decimals: 1
suffix: ' ms'
# Custom Format Type
- title: Custom Format Example
hide_title: true
description: Using custom format type
size:
w: 12
h: 8
position:
x: 0
y: 53
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Event Count
format:
type: custom
pattern: 0,0.0a
- title: Custom with Decimals
hide_title: true
description: Custom pattern with explicit decimals
size:
w: 12
h: 8
position:
x: 12
y: 53
lens:
type: metric
data_view: metrics-*
primary:
aggregation: average
field: performance.score
label: Performance Score
format:
type: custom
pattern: 0,0.00
decimals: 2
- title: No Formatting
hide_title: true
description: Plain number without formatting
size:
w: 12
h: 8
position:
x: 24
y: 53
lens:
type: metric
data_view: logs-*
primary:
aggregation: count
label: Raw Count
- title: Formula with Formatting
hide_title: true
description: Formula metric with custom format
size:
w: 12
h: 8
position:
x: 36
y: 53
lens:
type: metric
data_view: logs-*
primary:
formula: count(kql='log.level:error') / count() * 100
label: Error Rate
format:
type: number
decimals: 2
suffix: '%'
Integration Bundles¶
Complete dashboard bundles for monitoring various technologies. Each bundle includes multiple dashboards with navigation links and comprehensive documentation.
OpenTelemetry Integrations¶
| Bundle | Description |
|---|---|
| Aerospike | Aerospike NoSQL database monitoring (3 dashboards) |
| Apache HTTP Server | Apache web server metrics and logs (1 dashboard) |
| AWS CloudTrail | AWS API activity monitoring with ES|QL (1 dashboard) |
| AWS VPC Flow Logs | VPC network traffic analysis (3 dashboards) |
| Docker | Container monitoring with Docker Stats receiver (2 dashboards) |
| Elasticsearch | Elasticsearch cluster monitoring (7 dashboards) |
| Kubernetes Cluster | K8s cluster health and workload monitoring (5 dashboards) |
| Memcached | Memcached cache monitoring (1 dashboard) |
| MySQL | MySQL database metrics (2 dashboards) |
| PostgreSQL | PostgreSQL database monitoring (2 dashboards) |
| Redis | Redis instance and database monitoring (3 dashboards) |
| System (OTel) | Host metrics with Host Metrics receiver (5 dashboards) |
Elastic Agent Integrations¶
| Bundle | Description |
|---|---|
| CrowdStrike | CrowdStrike EDR security dashboards (6 dashboards) |
| CrowdStrike Modern | Workflow-centric SOC dashboards (4 dashboards) |
| System (Classic) | Elastic System integration dashboards (14 dashboards) |
| System (Modern) | Modern System dashboards with style guide patterns (14 dashboards) |
Viewing Example Source Code¶
All example files are located in the packages/kb-dashboard-docs/content/examples/ directory of the repository. You can:
- View README: Click the bundle link to see complete setup instructions and dashboard descriptions
- Clone locally: Download the repository to experiment with examples
- Compile examples: Run
uvx kb-dashboard-cli compile --input-dir packages/kb-dashboard-docs/content/examples --output-dir outputto generate NDJSON files
Using Examples as Templates¶
To use an example as a starting point for your own dashboard:
- Copy the example YAML file to your
inputs/directory - Modify the dashboard name, description, and ID
- Adjust panels, filters, and controls to match your data views
- Compile and upload to Kibana
Related Documentation¶
- Dashboard Configuration - Dashboard-level settings
- Panel Types - Available panel types and configurations