[DOCS] Adds docs for search sessions (#94661) (#95076)

* [DOCS] Adds docs for search sessions

* [DOCS] Improves intro and title for search sessions doc

* [DOCS] Fixes bulleted list

* [DOCS] Makes doc title more descriptive

* [DOCS] Incorporates review comments

* [DOCS] Includes a better explanation of restore action

* [DOCS] Changed titled and fixed setting names

* [DOCS] Verified content about maps and restored session

* [DOCS] Fixes setting names

* [DOCS] Changes order of last two steps

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>

docs/discover/search-sessions.asciidoc

@@ -0,0 +1,72 @@
+[[search-sessions]]
+=== Run a search session in the background
+
+Sometimes you might need to search through large amounts of data no matter
+how long the search takes. While this might not happen often,
+there are times that long-running queries are required.
+Consider a threat hunting scenario, where you need to search through years of data.
+
+If your query is running long, you can save your search session, which
+allows {kib} to continue processing your request in the
+background.  Save your search session from *Discover* or *Dashboard*,
+and when your session is complete, view and manage it in *Stack Management*.
+
+[role="screenshot"]
+image::images/search-session.png[Search Session indicator displaying the current state of the search, which you can click to stop or save a running Search Session ]
+
+Search sessions are <<search-session-settings-kb,enabled by default>>. Saving
+a search session is only available when
+<<set-time-filter,auto refresh>> is off.
+
+
+[float]
+==== Requirements
+
+
+* To save a session, you must have permissions for *Discover* and *Dashboard*,
+and the <<kibana-feature-privileges, search sessions subfeature>>.
+
+* To view and restore a saved session, you must have access to *Stack Management*.
+
+[float]
+==== Example: Save a search session
+
+You’re trying to understand a trend you see on a dashboard. You
+need to look at several years of data, currently in
+{ref}/data-tiers.html#cold-tier[cold storage],
+but you don’t have time to wait. You want {kib} to
+continue working in the background, so tomorrow you can
+open your browser and pick up where you left off.
+
+. Load your dashboard.
++
+Your search session begins automatically. The icon after the dashboard title
+displays the current state of the search session. A clock indicates the search session is in progress.
+A checkmark indicates that the search session is complete.
+
+. To instruct {kib} to continue a search in the background, click the clock icon,
+and then click *Save session*. Once you save a search session, you can start a new search,
+navigate to a different application, or close the browser.
++
+[role="screenshot"]
+image::images/search-session-awhile.png[Search Session indicator displaying the current state of the search, which you can click to stop or save a running Search Session ]
+
+. To view your saved searches, open the main menu, and then click
+*Stack Management > Search Sessions*.  You can also open this view from the search sessions popup for a saved or completed session.
++
+[role="screenshot"]
+image::images/search-sessions-menu.png[Search Sessions management view with actions for inspecting, extending, and deleting a session. ]
+
+. Use the edit menu in *Search Sessions* to:
+* *Inspect* the queries and filters that makeup the session.
+* *Extend* the expiration of a completed session.
+* *Delete* a session.
+
+. To restore a search session, click its name in the *Search Sessions* view.
++
+You're returned to the place from where you started the search session. The data is the same, but
+behaves differently:
++
+* Relative dates are converted to absolute dates.
+* Panning and zooming is disabled for maps.
+* Changing a filter, query, or drilldown starts a new search session, which can be slow.

docs/discover/search.asciidoc

@@ -1,13 +1,15 @@
 [[search]]
-== Search data
-Many Kibana apps embed a query bar for real-time search, including
-*Discover* and *Dashboard*.
+== Search your data
+
+You can search your data in any app that has a query bar, or by clicking on
+elements in a visualization.  A search matches indices in the current
+<<index-patterns, index pattern>> and in the current <<set-time-filter,time frame>>.
+
 
 [float]
-=== Search your data
+=== Search with KQL
 
-To search the indices that match the current <<index-patterns, index pattern>>,
-enter your search criteria in the query bar. By default, you'll use
+By default, you search using
 {kib}'s <<kuery-query, standard query language>> (KQL), which
 features autocomplete and a simple, easy-to-use syntax. If you prefer to use
 {kib}'s legacy query
@@ -21,32 +23,17 @@ JSON-based {ref}/query-dsl.html[Elasticsearch Query DSL].
 [float]
 [[autorefresh]]
 === Refresh search results
-As more documents are added to the indices you're searching, the search results
-shown in *Discover*, and used to display visualizations, get stale. Using the
-time filter, you can
+As more documents are added to the indices you're searching, the search results get stale.
+Using the time filter, you can
 configure a refresh interval to periodically resubmit your searches to
 retrieve the latest results.
 
 [role="screenshot"]
-image::images/autorefresh-interval.png[Image showing what refresh interval option looks like. The configurable time interval is located in the dropdown]
+image::images/autorefresh-interval.png[Refresh interval option in time filter. The configurable time interval is located in the dropdown.]
 
 You can also manually refresh the search results by
 clicking the *Refresh* button.
 
-[float]
-=== Searching large amounts of data
-
-Sometimes you want to search through large amounts of data no matter how long
-the search takes.  While this might not happen often, there are times
-that long-running queries are required.  Consider a threat hunting scenario
-where you need to search through years of data.
-
-If you run a query, and the run time gets close to the
-timeout, you're presented the option to ignore the timeout.  This enables you to
-run queries with large amounts of data to completion.
-
-By default, a query times out after 30 seconds.
-The timeout is in place to avoid unintentional load on the cluster.
 
 
 include::kuery.asciidoc[]
@@ -211,3 +198,5 @@ To completely delete a query:
 image::discover/images/saved-query-management-component-delete-query-button.png["Example of the saved query management popover when a query is hovered over and we are about to delete a query",width="80%"]
 
 You can import, export, and delete saved queries from <<managing-saved-objects, Saved Objects in Management>>.
+
+include::search-sessions.asciidoc[]

docs/settings/search-sessions-settings.asciidoc

@@ -0,0 +1,25 @@
+
+[[search-session-settings-kb]]
+=== Search sessions settings in {kib}
+++++
+<titleabbrev>Search sessions settings</titleabbrev>
+++++
+
+Configure the search session settings in your `kibana.yml` configuration file.
+
+
+[cols="2*<"]
+|===
+a| `xpack.data_enhanced.`
+`search.sessions:enabled`
+  | Set to `true` (default) to enable search sessions.
+
+a| `xpack.data.enhanced.`
+`search.sessions:trackingInterval`
+  | The frequency for updating the state of a search session. The default is 10s.
+
+a| `xpack.data.enhanced.`
+`search.sessions:defaultExpiration`
+  | How long search session results are stored before they are deleted.
+  Extending a search session resets the expiration by the same value. The default is 7d.
+|===

docs/setup/settings.asciidoc

@@ -227,7 +227,7 @@ The default application to load. *Default: `"home"`*
 for more details. {kib} uses an index in {es} to store saved searches, visualizations, and
 dashboards. {kib} creates a new index if the index doesn’t already exist.
 If you configure a custom index, the name must be lowercase, and conform to the
-{es} {ref}/indices-create-index.html[index name limitations]. 
+{es} {ref}/indices-create-index.html[index name limitations].
 *Default: `".kibana"`*
 
 | `kibana.autocompleteTimeout:` {ess-icon}
@@ -696,6 +696,7 @@ include::{kib-repo-dir}/settings/ml-settings.asciidoc[]
 include::{kib-repo-dir}/settings/monitoring-settings.asciidoc[]
 include::{kib-repo-dir}/settings/reporting-settings.asciidoc[]
 include::secure-settings.asciidoc[]
+include::{kib-repo-dir}/settings/search-sessions-settings.asciidoc[]
 include::{kib-repo-dir}/settings/security-settings.asciidoc[]
 include::{kib-repo-dir}/settings/spaces-settings.asciidoc[]
 include::{kib-repo-dir}/settings/task-manager-settings.asciidoc[]

docs/user/management.asciidoc

@@ -141,6 +141,12 @@ These include dashboards, visualizations, maps, index patterns, Canvas workpads,
 | <<managing-tags, Tags>>
 |Create, manage, and assign tags to your saved objects.
 
+| <<search-sessions, Search Sessions>>
+| Manage your saved search sessions, groups of queries that run in the background.
+Search sessions are useful when your queries take longer than usual to process,
+for example, when you have a large volume of data or when the performance of your storage location is slow.
+
+
 | <<xpack-spaces, Spaces>>
 | Create spaces to organize your dashboards and other saved objects into categories.
 A space is isolated from all other spaces,