Kibana Canvas presentation is a bit like a PowerPoint presentation. We can generate bar charts, plots, and graphs or fully customised visualisations to showcase data that address specific needs. But Canvas goes way beyond PowerPoint. Kibana Canvas extracts whatever live data from our Elasticsearch cluster we need, processes it to prepare it for our visualizations, and then generates the graphical representations that we define.
Let’s go through a few examples of the elements 
Elements that Kibana Canvas has to offer:
...
Elasticsearch SQL queries. The SQL syntax gives us a lot of flexibility in terms of what data we want to pull from Elasticsearch and how we want to present it to Canvas.
Timelion expressions to work with time-based data.
Raw documents pulled directly from indexed documents.
Piping Functions
Everything that’s happening in Canvas is driven by the custom expression language, similarly to Kibana Timelion. We chain defined functions by piping results (which are also known as contexts). Piping simply means that we take the result from one function and send it to another function, to be further processed. All of this gives us a lot of freedom in choosing how to extract the data we need and transform it in a way that is usable and meaningful for our infographics.
Here, we have an example of a custom expression for Canvas:
In this example of a Metric element definition we can see that:
It begins with the element “filters” to ensure that any global filter defined in the workpad, for example, a date picker, will also apply to this element.
Next, “essql” is specified as the data source, which then defines an Elasticsearch SQL query.
The “math” function calculates the value for the metric that will be displayed. Here, it simply passes the value of “count_documents” which, as it name implies, will calculate the total returned documents from our defined query.
The next line, starting with the “metric” word defines the element type we want to use along with its formatting.
To get a more in-depth look at Timelion functions, check out this article on the topic which also includes a summary of Elasticsearch SQL functions for quick reference.
Well, that covers the basics of how Canvas works. So now let’s learn create our own Kibana Canvas workpad and see what it can do for our users.
Tips for an Efficient Workflow in Canvas
In Canvas, we’ll often use Elasticsearch SQL to retrieve the data for our visualizations. To prepare our queries and test out different variations, we can use Kibana DevTools. To do this, we just need to wrap the SQL query in a simple JSON object and then POST it to the _sql API endpoint. We’ll also need to add “?format=txt” as a query parameter to our POST request, to see the returned result nicely formatted in a text-based table.
While working with an element, we can click the Expression editor in the bottom-right corner. This gives us much more flexibility in changing how the element works. After we get comfortable with the expression language used in Canvas, you’ll notice it’s a more efficient way to work, rather than using the interface and clicking on buttons and menus to edit various functionality.
The documentation for Canvas functions and TinyMath functions will come in handy when you dive deeper into the expression editor.
Getting Started
Let’s create our first workpad in Canvas and learn how to build an infographic like the one in this example:
Sample Data
To get started with the exercise, we need to get some sample data to work with. We’ll accomplish this with the NGINX web server log provided by Elastic.
Adding a New Element
In the top-right corner, above our workpad, notice the Add element button. Let’s click on it and reveal a list of available elements with clear visual representations and descriptions.
...
After adding this to the expression editor, we click Run.
We should also choose the same green color fill for the element and also pick a bigger font size.
We finally created the entire infographic example we initially saw.
Congratulations, you’re ready to explore the incredible capabilities that Kibana Canvas has to offer – beautiful dynamic and interactive representations of your data in exactly the form your users need.
Cleaning Up
To make sure we can continue with the next lesson in a clean environment, let’s remove the changes we created in this lesson.
First, we can remove the Nginx log files like so:
Copy
| Code Block |
|---|
rm nginx_* |
And then, we remove the index where we saved the Nginx sample log data:
Copy
| Code Block |
|---|
curl --request DELETE localhost:9200/nginx |
Finally, we remove the workpad we created in Kibana Canvas. To do this, we click in the bottom-left corner, on My Canvas Workpad.
Afterward, we check the box to the left of My Canvas Workpad. Finally, we click on the Delete button. And that gets back to where we first started.