Import Pre-Built Visualizations

On the Views page, the Import Visualization feature offers a menu of predefined visualizations for some popular applications like CloudFlare, CloudTrail, ELB, Fastly, and VPC Flow Logs. To use the pre-built offerings, you must have a view that for an object group that has indexed data for one of these application types. For example, you might have a view to indexed ELB log data. You could then import the pre-built ELB visualizations to see some sample visualizations for that data.

To import a pre-built visualization and associate it with a view:

1. In the Views pane, select the view that contains the data for visualization in the left navigation list.
2. Click Import Visualization.
3. In the Import Visualizations window, select the type of pre-built visualization that you want to use. The supported types are CloudFlare, CloudTrail, ELB, Fastly, and VPC Flow Logs.
4. Click Apply to import the pre-built visualizations.

The Search Analytics > Visualizations page opens, and you can review the new pre-built visualizations that you added. Select a visualization to run it.

📘

Best Practices for the Pre-Built Visualizations

Always select a view that contains data for the pre-built visualization type you want to import. That is, select a view with CloudTrail data if you want to import the pre-built CloudTrail visualizations.

The imported objects are a set of named visualizations that are configured to use the view that you selected for the import. If the view does not have all the fields/columns referenced in the pre-built visualization, an Edit Visualization window opens so that you can edit and fix the visualization definition, or you can delete the visualization if you choose not to use it.

If you run the same import for a different view, the default behavior is to replace the previously imported views with updates that use the new view you selected. That is, if you import CloudTrail for view1, and later on import CloudTrail again for view2, the view2 visualizations overwrite the older view1 visualizations. If you want to use the pre-built visualizations for more than one view, you could export the View 1 visualizations and edit the JSON definition to create a new set with different visualization names and references to view2, and then import the edited ndjson file.