[DOCS] Adds runtime fields (#99395)

* [DOCS] Runtime fields * [DOCS] Runtime fields * Adds examples and Lens changes * Review comments * Adds redirects * Review comments * Revert "Review comments" This reverts commit 537732a5cf. * Review comments * Fixes broken link * Removes duplicate link Co-authored-by: Kaarina Tungseth <kaarinatungseth@Kaarinas-MacBook-Pro.local>
2025-04-23 17:28:26 -04:00 · 2021-05-12 15:48:13 -05:00 · 2021-05-12 15:48:13 -05:00 · 4a56a01a08
commit 4a56a01a08
parent febaafecc0
16 changed files with 354 additions and 246 deletions
--- a/docs/concepts/index-patterns.asciidoc
+++ b/docs/concepts/index-patterns.asciidoc
@ -10,10 +10,9 @@ or all indices that contain your data.  It can also point to a

 You’ll learn how to:

-* Create an index pattern
-* Explore and configure the data fields
+* Create index patterns
 * Set the default index pattern
-* Delete an index pattern
+* Delete index patterns

 [float]
 [[index-patterns-read-only-access]]
@ -133,77 +132,23 @@ To exclude a cluster, use `cluster_*:logstash-*,cluster_one:-*`.
 Once an index pattern is configured using the {ccs} syntax, all searches and
 aggregations using that index pattern in {kib} take advantage of {ccs}.

+[float]
+[[delete-index-pattern]]
+=== Delete index patterns
+
+When you delete an index pattern, you are unable to recover the associated field formatters, scripted fields, source filters,
+and field popularity data. Deleting an index pattern does not remove any indices or data documents from {es}.
+
+WARNING: Deleting an index pattern breaks all visualizations, saved searches, and other saved objects that reference the index pattern.
+
+. Open the main menu, then click *Stack Management > Index Patterns*.
+
+. Click the index pattern you want to delete.
+
+. Delete (image:management/index-patterns/images/delete.png[Delete icon]) the index pattern.

 [float]
 [[reload-fields]]
-=== Explore and configure the data fields
-
-To explore and configure the data fields in your index pattern, open the main menu, then click
-*Stack Management > Index Patterns*.  Each field has a {ref}/mapping.html[mapping],
-which indicates the type of data the field contains in {es},
-such as strings or boolean values. The field mapping also determines
-how you can use the field, such as whether it can be searched or aggregated.
-
-When a new field is added to the index, the index pattern field list is updated
-the next time the index pattern is loaded, for example, when you load the page or
-move between {kib} apps.
-
-[role="screenshot"]
-image:management/index-patterns/images/new-index-pattern.png["Create index pattern"]
-
-[float]
-=== Format the display of common field types
-
-Whenever possible, {kib} uses the same field type for display as
-{es}. However, some field types that {es} supports are not available
-in {kib}. Using field formatters, you can manually change the field type in {kib} to display your data the way you prefer
-to see it, regardless of how it is stored in {es}.
-
-For example, if you store
-date values in {es}, you can use a {kib} field formatter to change the display to mm/dd/yyyy format.
-{kib} has field formatters for
-<<field-formatters-string, strings>>,
-<<field-formatters-date, dates>>,
-<<field-formatters-geopoint, geopoints>>,
-and <<field-formatters-numeric, numbers>>.
-
-To customize the displayed field name provided by {es}, you can
-use *Custom Label* .
-
-A popularity counter keeps track of the fields you use most often.
-The top five most popular fields and their values are displayed in <<discover,*Discover*>>.
-
-To edit the field display, click the edit icon
-(image:management/index-patterns/images/edit_icon.png[]) in the index pattern detail view.
-
-[role="screenshot"]
-image:management/index-patterns/images/edit-field-format.png["Edit field format"]
-
-[float]
-[[default-index-pattern]]
-=== Set the default index pattern
-
-The first index pattern you create is automatically designated as the default pattern,
-but you can set any index pattern as the default.  The default index pattern is automatically selected when you first open <<discover,*Discover*>> or create a visualization from scratch.
-
-. In *Index patterns*, click the index pattern name.
-. Click the star icon (image:management/index-patterns/images/star.png[Star icon]).
-
-[float]
-[[delete-index-pattern]]
-=== Delete an index pattern
-
-This action removes the pattern from the list of saved objects in {kib}.
-You will not be able to recover field formatters, scripted fields, source filters,
-and field popularity data associated with the index pattern. Deleting an
-index pattern does not remove any indices or data documents from {es}.
-
-WARNING:  Deleting an index pattern breaks all visualizations, saved searches, and other saved objects that reference the pattern.
-
-. In *Index patterns*, click the index pattern name.
-. Click the delete icon (image:management/index-patterns/images/delete.png[Delete icon]).
-
-[float]
 === What’s next

-* Learn about <<scripted-fields,scripted fields>> and how to create data on the fly.
+Learn how to <<managing-index-patterns,manage the data fields>> in your index patterns.
--- a/docs/concepts/index.asciidoc
+++ b/docs/concepts/index.asciidoc
@ -49,10 +49,9 @@ that accesses the {kib} API.

 {kib} uses the index pattern to show you a list of fields, such as
 `event.duration`. You can customize the display name and format for each field.
-For example, you can tell Kibana to display `event.duration` in seconds.
+For example, you can tell {kib} to display `event.duration` in seconds.
 {kib} has <<managing-fields,field formatters>> for strings,
-dates, geopoints,
-and numbers.
+dates, geopoints, and numbers.

 [float]
 [[kibana-concepts-searching-your-data]]
--- a/docs/management/field-formatters/color-formatter.asciidoc
+++ b/docs/management/field-formatters/color-formatter.asciidoc
@ -1,10 +1,5 @@
-The `Color` field formatter enables you to specify colors with specific ranges of values for a numeric field.
+The *Color* field formatter enables you to specify colors with ranges of values for a number field.

-When you select the `Color` field formatter, Kibana displays the *Range*, *Font Color*, *Background Color*, and 
-*Example* fields.
-
-Click the *Add Color* button to add a range of values to associate with a particular color. You can click in the *Font 
-Color* and *Background Color* fields to display a color picker. You can also enter a specific hex code value in the 
-field. The effect of your current color choices are displayed in the *Example* field.
+When you select the *Color* formatter, click *Add Color*, then specify the *Range*, *Text color*, and *Background color*.

 image::images/colorformatter.png[]
--- a/docs/management/field-formatters/duration-formatter.asciidoc
+++ b/docs/management/field-formatters/duration-formatter.asciidoc
@ -1,4 +1,4 @@
-The `Duration` field formatter can display the numeric value of a field in the following increments:
+The *Duration* field formatter displays the numeric value of a field in the following increments:

 * Picoseconds
 * Nanoseconds
@ -12,4 +12,4 @@ The `Duration` field formatter can display the numeric value of a field in the f
 * Months
 * Years

-You can specify these increments with up to 20 decimal places for both input and output formats.
+You can specify these increments with up to 20 decimal places for input and output formats.
--- a/docs/management/field-formatters/string-formatter.asciidoc
+++ b/docs/management/field-formatters/string-formatter.asciidoc
@ -1,11 +1,20 @@
-The `String` field formatter can apply the following transformations to the field's contents:
+The *String* field formatter enables you to apply transforms to the field.
+
+Supported transformations include:

 * Convert to lowercase
+
 * Convert to uppercase
+
 * Convert to title case
-* Apply the short dots transformation, which replaces the content before a `.` character with the first character of
-that content, as in the following example:
+
+* Apply the short dots transformation, which replaces the content before the `.` character with the first character of
+the content. For example:

 [horizontal]
 *Original*:: *Becomes*
 `com.organizations.project.ClassName`:: `c.o.p.ClassName`
+
+* Base64 decode
+
+* URL param decode
--- a/docs/management/field-formatters/url-formatter.asciidoc
+++ b/docs/management/field-formatters/url-formatter.asciidoc
@ -1,33 +1,32 @@
-The `Url` field formatter can take on the following types:
+You can specify the following types to the `Url` field formatter:

-* The *Link* type turn the contents of the field into an URL.
-* The *Image* type can be used to specify an image directory where a specified image is located.
-* The *Audio* type can be used to specify an audio directory where a specified audio file is located.
+* *Link* &mdash; Converts the contents of the field into an URL. You can specify the width and height of the image, while keeping the aspect ratio. 
+When the image is smaller than the specified paramters, the image is unable to upscale.
+* *Image* &mdash; Specifies the image directory.
+* *Audio* &mdash; Specify the audio directory.

-For an *Image* type you can specify width and height attributes. These will be used to set the max width / max height of the image, while keeping the aspect ratio. Image will not be upscaled if it's smaller than the provided size parameters.
-
-You can customize either type of URL field formats with templates. A _URL template_ enables you to add specific values
-to a partial URL. Use the string `{{value}}` to add the contents of the field to a fixed URL.
+To customize URL field formats, use templates. An *URL template* enables you to add values
+to a partial URL. To add the contents of the field to a fixed URL, use the `{{value}}` string.

 For example, when:

 * A field contains a user ID
-* That field uses the `Url` field formatter
+* A field uses the `Url` field formatter
 * The URI template is `http://company.net/profiles?user_id={{value}}`

 The resulting URL replaces `{{value}}` with the user ID from the field.

 The `{{value}}` template string URL-encodes the contents of the field. When a field encoded into a URL contains
-non-ASCII characters, these characters are replaced with a `%` character and the appropriate hexadecimal code. For
+non-ASCII characters, the characters are replaced with a `%` character and the appropriate hexadecimal code. For
 example, field contents `users/admin` result in the URL template adding `users%2Fadmin`.

-When the formatter type is set to *Image*, the `{{value}}` template string specifies the name of an image at the
+When the formatter type is *Image*, the `{{value}}` template string specifies the name of an image at the
 specified URI.

-When the formatter type is set to *Audio*, the `{{value}}` template string specifies the name of an audio file at the specified URI.
+When the formatter type is *Audio*, the `{{value}}` template string specifies the name of an audio file at the specified URI.

-In order to pass unescaped values directly to the URL, use the `{{rawValue}}` string.
+To pass unescaped values directly to the URL, use the `{{rawValue}}` string.

-A _Label Template_ enables you to specify a text string that displays instead of the raw URL. You can use the
+A *Label template* enables you to specify a text string that appears instead of the raw URL. You can use the
 `{{value}}` template string normally in label templates. You can also use the `{{url}}` template string to display
 the formatted URL.
--- a/docs/management/images/colorformatter.png
+++ b/docs/management/images/colorformatter.png
--- a/docs/management/manage-index-patterns.asciidoc
+++ b/docs/management/manage-index-patterns.asciidoc
@ -0,0 +1,264 @@
+[[managing-index-patterns]]
+== Manage index pattern data fields
+
+To customize the data fields in your index pattern, you can add runtime fields to the existing documents, add scrited fields to compute data on the fly, and change how {kib} displays the data fields. 
+
+[float]
+[[runtime-fields]]
+=== Explore your data with runtime fields 
+
+Runtime fields are fields that you add to documents after you've ingested, and are evaluated at query time. With runtime fields, you allow for a smaller index and faster ingest time so that you can use less resources and reduce your operating costs. You can use runtime fields anywhere index patterns are used.
+
+When you use runtime fields, you can:
+
+* Define fields for a specific use without modifying the underlying schema. 
+
+* Override the returned values from index fields.
+
+* Start working on your data without first understanding the structure. 
+
+* Add fields to existing documents without reindexing your data. 
+
+* Explore runtime field data in *Discover*.
+
+* Create visualizations with runtime field data using *Lens*, *Maps*, and *TSVB*.
+
+WARNING: Runtime fields can impact {kib} performance. When you run a query, {es} uses the fields you index first to shorten the response time. 
+Index the fields that you commonly search for and filter on, such as `timestamp`, then use runtime fields to limit the number of fields {es} uses to calculate values. 
+
+For more information, refer to {ref}/runtime.html[Runtime fields].
+
+[float]
+[[create-runtime-fields]]
+==== Create runtime fields
+
+Create runtime fields in your index patterns, or create runtime fields in *Discover* and *Lens*. 
+
+. Open the main menu, then click *Stack Management > Index Patterns*.
+
+. Select the index pattern you want to add the runtime field to, then click *Add field*.
+
+. Enter a *Name* for the runtime field, then select the field *Type*.
+
+. Select *Set value*, then define the field value by emitting a single value using the {ref}/modules-scripting-painless.html[Painless scripting language].
+
+The script must match the field *Type*, or the script fails.
+
+. Click *Create field*.
+//+
+//For information on how to create runtime fields in *Discover*, refer to <<add-field-in-discover,Add a field>>.
+
+For information on how to create runtime fields in *Lens*, refer to <<add-fields-in-lens,Add fields>>.
+
+[float]
+[[runtime-field-examples]]
+==== Runtime field examples
+
+Try the runtime field examples on your own using the *Sample web logs* data index pattern. 
+
+[float]
+[[simple-hello-world-example]]
+==== Return a keyword value
+
+To return `Hello World!` value:
+
+[source,text]
+----
+emit("Hello World!");
+----
+
+[float]
+[[perform-a-calculation-on-a-single-field]]
+===== Perform a calculation on a single field
+
+Calculate kilobytes from bytes:
+
+[source,text]
+----
+emit(doc['bytes'].value / 1024)
+----
+
+[float]
+[[return-substring]]
+===== Return a substring
+
+Return the string that appears after the last slash in the URL:
+
+[source,text]
+----
+def path = doc["url.keyword"].value;
+if (path != null) {
+    int lastSlashIndex = path.lastIndexOf('/');
+    if (lastSlashIndex > 0) {
+        emit(path.substring(lastSlashIndex+1));
+    return;
+    }
+}
+emit("");
+----
+
+[float]
+[[replace-nulls-with-blanks]]
+===== Replace nulls with blanks
+
+Replace null values with none values:
+
+[source,text]
+----
+def source = doc['referer'].value;
+if (source != null) {
+	emit(source);
+	return;
+}
+else { 
+	emit("None");
+}
+----
+
+Specify operating system condition:
+
+[source,text]
+----
+def source = doc['machine.os.keyword'].value;
+if (source != "") {
+	emit(source);
+}
+else { 
+	emit("None");
+}
+----
+
+[float]
+[[manage-runtime-fields]]
+==== Manage runtime fields
+
+Edit the settings for runtime fields, or remove runtime fields from index patterns. 
+
+. Open the main menu, then click *Stack Management > Index Patterns*.
+
+. Select the index pattern that contains the runtime field you want to manage, then open the runtime field edit options or delete the runtime field.
+
+[float]
+[[scripted-fields]]
+=== Add scripted fields to index patterns
+
+deprecated::[7.13,Use {ref}/runtime.html[runtime fields] instead of scripted fields. Runtime fields support Painless scripts and provide greater flexibility.]
+
+Scripted fields compute data on the fly from the data in your {es} indices. The data is shown on
+the Discover tab as part of the document data, and you can use scripted fields in your visualizations. You query scripted fields with the <<kuery-query, {kib} query language>>, and can filter them using the filter bar. The scripted field values are computed at query time, so they aren't indexed and cannot be searched using the {kib} default
+query language.
+
+WARNING: Computing data on the fly with scripted fields can be very resource intensive and can have a direct impact on
+{kib} performance. Keep in mind that there's no built-in validation of a scripted field. If your scripts are
+buggy, you'll get exceptions whenever you try to view the dynamically generated data.
+
+When you define a scripted field in {kib}, you have a choice of the {ref}/modules-scripting-expression.html[Lucene expressions] or the
+{ref}/modules-scripting-painless.html[Painless] scripting language.
+
+You can reference any single value numeric field in your expressions, for example:
+
+----
+doc['field_name'].value
+----
+
+For more information on scripted fields and additional examples, refer to
+https://www.elastic.co/blog/using-painless-kibana-scripted-fields[Using Painless in {kib} scripted fields]
+
+[float]
+[[create-scripted-field]]
+==== Create scripted fields
+
+Create and add scripted fields to your index patterns.
+
+. Open the main menu, then click *Stack Management > Index Patterns*.
+
+. Select the index pattern you want to add a scripted field to.
+
+. Select the *Scripted fields* tab, then click *Add scripted field*.
+
+. Enter a *Name* for the scripted field, then enter the *Script* you want to use to compute a value on the fly from your index data.
+
+. Click *Create field*.
+
+For more information about scripted fields in {es}, refer to {ref}/modules-scripting.html[Scripting].
+
+[float]
+[[update-scripted-field]]
+==== Manage scripted fields
+
+. Open the main menu, then click *Stack Management > Index Patterns*.
+
+. Select the index pattern that contains the scripted field you want to manage.
+
+. Select the *Scripted fields* tab, then open the scripted field edit options or delete the scripted field.
+
+WARNING: Built-in validation is unsupported for scripted fields. When your scripts contain errors, you receive
+exceptions when you view the dynamically generated data.
+
+[float]
+[[managing-fields]]
+=== Format data fields
+
+{kib} uses the same field types as {es}, however, some {es} field types are unsupported in {kib}.
+To customize how {kib} displays data fields, use the formatting options.
+
+. Open the main menu, then click *Stack Management > Index Patterns*.
+
+. Click the index pattern that contains the field you want to change.
+
+. Find the field, then open the edit options (image:management/index-patterns/images/edit_icon.png[Data field edit icon]).
+
+. Select *Set custom label*, then enter a *Custom label* for the field.
+
+. Select *Set format*, then enter the *Format* for the field.
+
+[float]
+[[string-field-formatters]]
+==== String field formatters
+
+String fields support *String* and *Url* formatters.
+
+include::field-formatters/string-formatter.asciidoc[]
+
+include::field-formatters/url-formatter.asciidoc[]
+
+[float]
+[[field-formatters-date]]
+==== Date field formatters
+
+Date fields support *Date*, *String*, and *Url* formatters.
+
+The *Date* formatter enables you to choose the display format of date stamps using the https://momentjs.com/[moment.js]
+standard format definitions.
+
+include::field-formatters/string-formatter.asciidoc[]
+
+include::field-formatters/url-formatter.asciidoc[]
+
+[float]
+[[field-formatters-geopoint]]
+==== Geographic point field formatters
+
+Geographic point fields support the *String* formatter.
+
+include::field-formatters/string-formatter.asciidoc[]
+
+[float]
+[[field-formatters-numeric]]
+==== Number field formatters
+
+Numeric fields support *Bytes*, *Color*, *Duration*, *Histogram*, *Number*, *Percentage*, *String*, and *Url* formatters.
+
+The *Bytes*, *Number*, and *Percentage* formatters enable you to choose the display formats of numbers in the field using
+the <<numeral, Elastic numeral pattern>> syntax that {kib} maintains.
+
+The *Histogram* formatter is used only for the {ref}/histogram.html[histogram field type]. When you use the *Histogram* formatter,
+you can apply the *Bytes*, *Number*, or *Percentage* format to aggregated data.
+
+include::field-formatters/url-formatter.asciidoc[]
+
+include::field-formatters/string-formatter.asciidoc[]
+
+include::field-formatters/duration-formatter.asciidoc[]
+
+include::field-formatters/color-formatter.asciidoc[]
--- a/docs/management/managing-fields.asciidoc
+++ b/docs/management/managing-fields.asciidoc
@ -1,134 +0,0 @@
-[[managing-fields]]
-== Field management
-
-Whenever possible,
-{kib} uses the same field type for display as {es}.  However, a few field types
-{es} supports are not available in {kib}. Use field formatters to customize how your
-fields are displayed in Kibana, regardless of how they are stored in {es}.
-
-Kibana provides these field formatters:
-
-* <<field-formatters-string, Strings>>
-* <<field-formatters-date, Dates>>
-* <<field-formatters-geopoint, Geopoints>>
-* <<field-formatters-numeric, Numbers>>
-
-To format a field:
-
-. Open the main menu, and click *Stack Management > Index Patterns*.
-. Click the index pattern that contains the field you want to format.
-. Find the field you want to format and click the edit icon (image:management/index-patterns/images/edit_icon.png[]).
-. Enter a custom label for the field, if needed.
-. Select a format and fill in the details.
-+
-[role="screenshot"]
-image:management/index-patterns/images/edit-field-format.png["Edit field format"]
-
-
-
-[[field-formatters-string]]
-=== String field formatters
-
-String fields support the `String` and `Url` formatters.
-
-include::field-formatters/string-formatter.asciidoc[]
-
-include::field-formatters/url-formatter.asciidoc[]
-
-[[field-formatters-date]]
-=== Date field formatters
-
-Date fields support the `Date`, `Url`, and `String` formatters.
-
-The `Date` formatter enables you to choose the display format of date stamps using the https://momentjs.com/[moment.js]
-standard format definitions.
-
-include::field-formatters/string-formatter.asciidoc[]
-
-include::field-formatters/url-formatter.asciidoc[]
-
-[[field-formatters-geopoint]]
-=== Geographic point field formatters
-
-Geographic point fields support the `String` formatter.
-
-include::field-formatters/string-formatter.asciidoc[]
-
-[[field-formatters-numeric]]
-=== Numeric field formatters
-
-Numeric fields support the `Url`, `Bytes`, `Duration`, `Number`, `Percentage`, `Histogram`, `String`, and `Color` formatters.
-
-The `Bytes`, `Number`, and `Percentage` formatters enable you to choose the display formats of numbers in this field using
-the <<numeral, Elastic numeral pattern>> syntax that {kib} maintains.
-
-The `Histogram` formatter is only used for the {ref}/histogram.html[histogram field type]. When using the `Histogram` formatter,
-you can apply the `Number`, `Bytes`, or `Percentage` format to the aggregated data.
-
-`Number`, and `Percentage` formatters enable you to choose the display formats of numbers in this field using
-the <<numeral, Elastic numeral pattern>> syntax that {kib} maintains.
-
-include::field-formatters/url-formatter.asciidoc[]
-
-include::field-formatters/string-formatter.asciidoc[]
-
-include::field-formatters/duration-formatter.asciidoc[]
-
-include::field-formatters/color-formatter.asciidoc[]
-
-[[scripted-fields]]
-=== Scripted fields
-deprecated::[7.13,Use {ref}/runtime.html[runtime fields] instead of scripted fields. Runtime fields support Painless scripts and provide greater flexibility.]
-
-Scripted fields compute data on the fly from the data in your {es} indices. The data is shown on
-the Discover tab as part of the document data, and you can use scripted fields in your visualizations. You query scripted fields with the <<kuery-query, {kib} query language>>, and can filter them using the filter bar. The scripted field values are computed at query time, so they aren't indexed and cannot be searched using the {kib} default
-query language.
-
-WARNING: Computing data on the fly with scripted fields can be very resource intensive and can have a direct impact on
-{kib} performance. Keep in mind that there's no built-in validation of a scripted field. If your scripts are
-buggy, you'll get exceptions whenever you try to view the dynamically generated data.
-
-When you define a scripted field in {kib}, you have a choice of the {ref}/modules-scripting-expression.html[Lucene expressions] or the
-{ref}/modules-scripting-painless.html[Painless] scripting language.
-
-You can reference any single value numeric field in your expressions, for example:
-
----
-doc['field_name'].value
----
-
-For more information on scripted fields and additional examples, refer to
-https://www.elastic.co/blog/using-painless-kibana-scripted-fields[Using Painless in {kib} scripted fields]
-
-[float]
-[[create-scripted-field]]
-=== Create a scripted field
-
-. Open the main menu, then click *Stack Management > Index Patterns*.
-. Select the index pattern you want to add a scripted field to.
-. Go to the *Scripted fields* tab for the index pattern, then click *Add scripted field*.
-. Enter a name for the scripted field.
-. Enter the expression that you want to use to compute a value on the fly from your index data.
-. Click *Create field*.
-
-For more information about scripted fields in {es}, see
-{ref}/modules-scripting.html[Scripting].
-
-[float]
-[[update-scripted-field]]
-=== Update a scripted field
-
-. Click the *Scripted fields* tab for the index pattern.
-. Click the *Edit* button for the scripted field you want to change.
-. Make your changes, then click *Save field*.
-
-WARNING: Built-in validation is unsupported for scripted fields. If your scripts are buggy, you'll get
-exceptions whenever you try to view the dynamically generated data.
-
-[float]
-[[delete-scripted-field]]
-=== Delete a scripted field
-
-. Click the *Scripted fields* tab for the index pattern.
-. Click *Delete* for the scripted field you want to remove.
-. Click *Delete* on the confirmation window.
--- a/docs/maps/trouble-shooting.asciidoc
+++ b/docs/maps/trouble-shooting.asciidoc
@ -26,7 +26,7 @@ image::maps/images/inspector.png[]
 * Verify your geospatial data is correctly mapped as {ref}/geo-point.html[geo_point] or {ref}/geo-shape.html[geo_shape].
  ** Run `GET myIndexPatternTitle/_field_caps?fields=myGeoFieldName` in <<console-kibana, Console>>, replacing `myIndexPatternTitle` and `myGeoFieldName` with your index pattern title and geospatial field name.
  ** Ensure response specifies `type` as `geo_point` or `geo_shape`.
-* Verify your geospatial data is correctly mapped in your <<managing-fields, Kibana index pattern>>.
+* Verify your geospatial data is correctly mapped in your <<managing-fields,index pattern>>.
  ** Open your index pattern in <<management, Stack Management>>.
  ** Ensure your geospatial field type is `geo_point` or `geo_shape`.
  ** Ensure your geospatial field is searchable and aggregatable.
--- a/docs/maps/vector-tooltips.asciidoc
+++ b/docs/maps/vector-tooltips.asciidoc
@ -18,7 +18,7 @@ image::maps/images/multifeature_tooltip.png[]
 ==== Format tooltips

 You can format the attributes in a tooltip by adding <<managing-fields, field formatters>> to your
-Kibana index pattern. You can use field formatters to round numbers, provide units,
+index pattern. You can use field formatters to round numbers, provide units,
 and even display images in your tooltip.

 [float]
--- a/docs/redirects.asciidoc
+++ b/docs/redirects.asciidoc
@ -279,26 +279,32 @@ This content has moved. Refer to <<dashboard, **Dashboard**>>.
 [role="exclude",id="ingest-node-pipelines"]
 == Ingest Node Pipelines

-This content has moved. See {ref}/ingest.html[Ingest pipelines].
+This content has moved. Refer to {ref}/ingest.html[Ingest pipelines].


 [role="exclude",id="create-panels-with-timelion"]
 == Timelion

-This content has moved. refer to <<timelion>>.
+This content has moved. Refer to <<timelion>>.


 [role="exclude",id="space-rbac-tutorial"]
 == Tutorial: Use role-based access control to customize Kibana spaces

-This content has moved. refer to <<tutorial-secure-access-to-kibana>>.
+This content has moved. Refer to <<tutorial-secure-access-to-kibana>>.

 [role="exclude",id="search"]
 == Search your data

-This content has moved. refer to <<kuery-query>>.
+This content has moved. Refer to <<kuery-query>>.

 [role="exclude",id="discover-document-context"]
 == View surrounding documents

-This content has moved. refer to <<discover-view-surrounding-documents>>.
+This content has moved. Refer to <<discover-view-surrounding-documents>>.
+
+[role="exclude",id="field-formatters-string"]
+== String field formatters
+
+This content has moved. Refer to <<string-field-formatters>>.
+
--- a/docs/user/dashboard/images/manage-runtime-field.gif
+++ b/docs/user/dashboard/images/manage-runtime-field.gif
--- a/docs/user/dashboard/images/runtime-field-menu.png
+++ b/docs/user/dashboard/images/runtime-field-menu.png
--- a/docs/user/dashboard/lens.asciidoc
+++ b/docs/user/dashboard/lens.asciidoc
@ -75,6 +75,31 @@ Drag and drop the fields on to the visualization builder, then
 [role="screenshot"]
 image::images/lens_value_labels_xychart_toggle.png[Lens Bar chart value labels menu]

+[float]
+[[add-fields-in-lens]]
+===== Add fields
+
+Add and define fields to the index pattern that you want to visualize using the {ref}/modules-scripting-painless.html[Painless scripting language].
+The fields that you are add are saved to the index pattern and appear in all visualizations, saved searches, and saved objects that use the index pattern. 
+
+. Click *...*, then select *Add field to index pattern*.
+
+[role="screenshot"]
+image:images/runtime-field-menu.png[Dropdown menu located next to index pattern field with items for adding and managing fields, width=50%]
+
+. Enter a *Name* for the field, then select the field *Type*.
+
+. Select *Set value*, then define the field value by emitting a single value using the {ref}/modules-scripting-painless.html[Painless scripting language].
+
+. Click *Save*.
+
+To manage the field, click the field, then click *Edit index pattern field* or *Remove index pattern field*.
+
+[role="screenshot"]
+image:images/manage-runtime-field.gif[Field menu to edit or remove field from index pattern, width=50%]
+
+For more information about adding fields to index patterns and Painless scripting language examples, refer to <<runtime-fields,Runtime fields>>.
+
 [float]
 [[drag-and-drop-keyboard-navigation]]
 ===== Create visualization panels with keyboard navigation
--- a/docs/user/management.asciidoc
+++ b/docs/user/management.asciidoc
@ -131,8 +131,8 @@ Kerberos, PKI, OIDC, and SAML.
 [cols="50, 50"]
 |===

-a| <<index-patterns, Index Patterns>>
-|Create and manage the index patterns that retrieve your data from {es}.
+a| <<managing-index-patterns, Manage index pattern data fields>>
+|Manage the data fields in the index patterns that retrieve your data from {es}.

 | <<managing-saved-objects, Saved Objects>>
 | Copy, edit, delete, import, and export your saved objects.
@ -186,10 +186,10 @@ include::{kib-repo-dir}/management/managing-beats.asciidoc[]

 include::{kib-repo-dir}/management/action-types.asciidoc[]

-include::{kib-repo-dir}/management/managing-fields.asciidoc[]
-
 include::{kib-repo-dir}/management/managing-licenses.asciidoc[]

+include::{kib-repo-dir}/management/manage-index-patterns.asciidoc[]
+
 include::{kib-repo-dir}/management/numeral.asciidoc[]

 include::{kib-repo-dir}/management/rollups/create_and_manage_rollups.asciidoc[]