[DOCS] Adds log pattern analysis in Discover docs (#158059)

Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
2025-04-23 17:28:26 -04:00 · 2023-05-22 12:34:15 +02:00 · 2023-05-22 12:34:15 +02:00 · a3c940f0cd
commit a3c940f0cd
parent a65cd356aa
5 changed files with 44 additions and 1 deletions
--- a/docs/discover/images/log-pattern-analysis-available-fields.png
+++ b/docs/discover/images/log-pattern-analysis-available-fields.png
--- a/docs/discover/images/log-pattern-analysis-results.png
+++ b/docs/discover/images/log-pattern-analysis-results.png
--- a/docs/discover/log-pattern-analysis.asciidoc
+++ b/docs/discover/log-pattern-analysis.asciidoc
@ -0,0 +1,38 @@
+[[run-pattern-analysis-discover]]
+== Run a pattern analysis on your log data
+
+preview::[]
+
+include::../user/ml/index.asciidoc[tag=log-pattern-analysis-intro]
+Log pattern analysis works on every text field.
+
+This example uses the <<gs-get-data-into-kibana, sample web logs data>>, or you 
+can use your own data.
+
+. Open the main menu, and click *Discover*.
+
+. Expand the {data-source} dropdown, and select *Kibana Sample Data Logs*.
+
+. If you don't see any results, expand the time range, for example, to 
+*Last 15 days*.
+
+. Click the `message` field in the **Available fields** list sidebar and click 
+**Run pattern analysis**.
+
+--
+[role="screenshot"]
+image::images/log-pattern-analysis-available-fields.png["Available fields view in Discover showing the message field selected."]
+
+The pattern analysis starts. The results are displayed in a flyout when the 
+analysis is complete.
+
+[role="screenshot"]
+image::images/log-pattern-analysis-results.png["Log pattern analysis results in Discover."]
+--
+
+. (optional) Apply filters to one or more patterns. *Discover* only displays 
+documents that match the selected patterns. Additionally, you can remove 
+selected patterns from *Discover*, resulting in the display of only those 
+documents that don't match the selected pattern. These options enable you to 
+remove unimportant messages and focus on the more important, actionable data 
+during troubleshooting.
--- a/docs/user/discover.asciidoc
+++ b/docs/user/discover.asciidoc
@ -344,4 +344,6 @@ include::{kib-repo-dir}/discover/save-search.asciidoc[]

 include::{kib-repo-dir}/discover/field-statistics.asciidoc[]

-include::{kib-repo-dir}/discover/search-sessions.asciidoc[]
+include::{kib-repo-dir}/discover/log-pattern-analysis.asciidoc[]
+
+include::{kib-repo-dir}/discover/search-sessions.asciidoc[]
--- a/docs/user/ml/index.asciidoc
+++ b/docs/user/ml/index.asciidoc
@ -151,11 +151,14 @@ image::user/ml/images/ml-explain-log-rate.png[Log rate spike explained]

 preview::[]

+// The following intro is used on the `run-pattern-analysis-discover` page.
+//tag::log-pattern-analysis-intro[]
 Log pattern analysis helps you to find patterns in unstructured log messages and 
 makes it easier to examine your data. It performs categorization analysis on a 
 selected field of a {data-source}, creates categories based on the data and 
 displays them together with a chart that shows the distribution of each category 
 and an example document that matches the category.
+//end::log-pattern-analysis-intro[]

 You can find log pattern analysis under **{ml-app}** > **AIOps Labs** where you 
 can select the {data-source} or saved search that you want to analyze, or in