github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-22 00:45:43 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/user/discover.asciidoc
Matthias Wilhelm 8453993f6c
[Discover][doc] Add view document (#92472) (#98717) 
*  Adds info about the doc viewer of Discover
* Merges with the context view doc

Co-authored-by: Gail Chappell <gail.chappell@elastic.co>

Co-authored-by: Gail Chappell <gail.chappell@elastic.co>
2021-04-29 01:59:21 -07:00

252 lines
8.8 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[[discover]]
= Discover
[partintro]
--
**_Gain insight to your data._**
*Discover* enables you to quickly search and filter your data, get information
about structure of the fields, and visualize your data with *Lens* and *Maps*.
You can customize and save your searches and place them on a dashboard.
++++
<script type="text/javascript" async src="https://play.vidyard.com/embed/v4.js">
</script>
<img
style="width: 100%; margin: auto; display: block;"
class="vidyard-player-embed"
src="https://play.vidyard.com/c2qBPz74BU16ncbvDWGvbz.jpg"
data-uuid="c2qBPz74BU16ncbvDWGvbz"
data-v="4"
data-type="inline"
/>
++++
[float]
=== Explore and query your data
You have questions about your data.
What pages on your website contain a
specific word or phrase? What events were logged most recently?
What processes take longer than 500 milliseconds to respond?
This tutorial shows you how to use *Discover* to quickly search large amounts of
data and understand whats going on at any given time.
Youll learn to:
- **Select** data for your exploration, and then set a time range for that data,
search it with the {kib} Query Language, and filter the results.
- **Explore** the details of your data, view individual documents, and create tables
that summarize the contents of the data.
- **Present** your findings in a visualization.
At the end of this tutorial, youll be ready to start exploring with your own
data in *Discover*.
[float]
=== Prerequisites
- If you dont already have {kib}, set it up with https://www.elastic.co/cloud/elasticsearch-service/signup?baymax=docs-body&elektra=docs[our free trial].
- You must have data in {es}. This tutorial uses the
<<gs-get-data-into-kibana,ecommerce sample data set>>, but you can use your own data.
- You should have an understanding of {ref}/documents-indices.html[{es} documents and indices].
[float]
[[find-the-data-you-want-to-use]]
=== Find your data
Tell {kib} where to find the data you want to explore, and then specify the time range in which to view that data.
. Open the main menu, and select **Discover**.
. Select the data you want to work with.
+
{kib} uses an <<index-patterns,index pattern>> to tell it where to find
your {es} data.
To view the ecommerce sample data, make sure the index pattern is set to **kibana_sample_data_ecommerce**.
+
[role="screenshot"]
image::images/discover-index-pattern.png[How to set the index pattern in Discover]
. Adjust the time range to view data for the *Last 7 days*.
+
NOTE: The range selection is based on the default time field in your data.
If you are using the sample data, this value was set when you added the data.
If you are using your own data, and it does not have a time field, the range selection is not available.
. To view the count of documents for a given time in the specified range,
click and drag the mouse over the histogram.
[float]
[[explore-fields-in-your-data]]
=== Explore the fields in your data
**Discover** includes a table that shows all the documents that match your search.
By default, the table includes columns for the time field and the document `_source`,
which can be overwhelming. Youll modify this table to display only your fields of interest.
. Scan through the list of **Available fields** to see
whats in your data. You can also search for a field by name.
+
[role="screenshot"]
image:images/discover-sidebar-available-fields.png[Fields list that displays the top five search results, width=50%]
. Find the `manufacturer` field, and then click it to view the five most popular values for that field.
+
**Discover** fetches a maximum of 500 documents, which it uses to calculate the popular values.
+
[role="screenshot"]
image:images/filter-field.png[Fields list that displays the top five search results]
. Click image:images/add-icon.png[Add icon] to toggle the field into the document table.
. Add `day of week` so your document table looks like this:
+
[role="screenshot"]
image:images/document-table.png[Document table with fields for manufacturer, geo.country_iso_code, and day_of_week]
. To rearrange the table columns, hover the mouse over a
column header, and then use the move and sort controls.
[float]
[[search-in-discover]]
=== Search your data
One of the unique capabilities of **Discover** is the ability to combine
free text search with filtering based on structured data.
To search all fields, enter a simple string in the **Search** field.
[role="screenshot"]
image:images/discover-search-field.png[Search field in Discover]
To search particular fields and
build more complex queries, use the <<kuery-query,Kibana Query language>>.
As you type, KQL prompts you with the fields you can search and the operators
you can use to build a structured query.
Search the ecommerce data for documents where the country matches US:
. Enter `g`, and then select *geoip.country_iso_code*.
. Select *equals some value* and *US*, and then click *Update*.
. For a more complex search, try:
+
`geoip.country_iso_code : US and products.taxless_price >= 75`
[float]
[[filter-in-discover]]
=== Filter your data
Whereas the query defines the set of documents you are interested in,
filters enable you to zero in on different subsets of those documents.
You can filter results to include or exclude specific fields, filter for a value in a range,
and more. The **Add filter** popup prompts you with the fields you can filter
and the operators you can use.
[role="screenshot"]
image:images/discover-add-filter.png[Add filter dialog in Discover]
Exclude documents where day of week is not Wednesday:
. Click **Add filter**.
. Set **Field** to *day_of_week*, **Operator** to *is not*, and **Value** to *Wednesday*.
. Save the filter.
. Continue your exploration by adding more filters.
. To remove a filter,
click the close icon (x) next to its name in the filter bar.
[float]
[[look-inside-a-document]]
=== Look inside a document
Dive into an individual document to view its fields and the documents
that occurred before and after it.
. In the document table, expand any document.
+
[role="screenshot"]
image:images/document-table-expanded.png[Table view with document expanded]
. Scan through the fields and their values. If you find a field of interest,
hover of its name for filters and other controls.
. To view documents that occurred before or after the event you are looking at, click
<<discover-view-surrounding-documents, View surrounding documents>>.
. For direct access to a particular document, click **<<discover-view-single-document,View single document>>**.
+
You can bookmark this document and share the link.
[float]
[[save-your-search]]
=== Save your search for later use
Save your search so you can repeat it later, generate a CSV report, or use it in visualizations, dashboards, and Canvas workpads.
Saving a search saves the query and the filters.
. In the toolbar, click **Save**.
. Give your search a title, and then click **Save**.
+
[role="screenshot"]
image:images/discover-save-saved-search.png[Save saved search in Discover, width=50%]
[float]
=== Visualize your findings
If a field can be {ref}/search-aggregations.html[aggregated], you can quickly
visualize it from **Discover**.
. From the **Selected fields** list, click `day_of_week`, and then click **Visualize**.
+
[role="screenshot"]
image:images/discover-visualize.png[Discover sidebar field popover with visualize button, width=75%]
+
{kib} creates a visualization best suited for this field.
. Drag `manufacturer.keyword` from the field list and drop it on
the visualization builder pane.
+
[role="screenshot"]
image:images/visualize-from-discover.png[Visualization that opens from Discover based on your data]
. Save your visualization for use on a dashboard.
If your documents contain geo point fields (image:images/geoip-icon.png[Geo point field icon, width=20px]), you can visualize them in **Maps**.
. Make sure the index pattern is set to **kibana_sample_data_ecommerce** and the configured time range
contains data.
. From the **Available fields** list, click `geoip.location`, and then click **Visualize**.
+
[role="screenshot"]
image:images/discover-maps.png[Map containing documents]
. Save your map for use on a dashboard.
[float]
=== Whats next?
* <<kuery-query, Learn more about the structure of a KQL query>>.
* <<discover-search-for-relevance, Search for relevance>>.
* <<kibana-discover-settings, Configure Discover>> to better meet your needs.
In **Advanced Settings**, you can configure the number of documents to show,
the table columns that display by default, and more.
* <<dashboard,Create a dashboard>> with even more visualizations of your findings, such as treemaps, metrics, and tables.
* <<reporting-getting-started, Present your findings in a report>>.
--
include::{kib-repo-dir}/discover/view-document.asciidoc[]
include::{kib-repo-dir}/discover/search-for-relevance.asciidoc[]
include::{kib-repo-dir}/discover/save-search.asciidoc[]
include::{kib-repo-dir}/discover/search-sessions.asciidoc[]
Reference in a new issue View git blame Copy permalink