github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-25 10:23:14 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/concepts/data-views.asciidoc
Julia Rechkunova 40c90550f1
[Discover] Rename Saved Search to Discover Session (#202217) 
- Closes https://github.com/elastic/kibana/issues/174144

## Summary

This PR renames Saved Search into Discover Session in UI.

- [x] Discover
- [x] Saved Objects page and modal
- [x] Docs
- [x] Other occurrences 

<img width="810" alt="Screenshot 2024-12-16 at 15 20 10"
src="https://github.com/user-attachments/assets/e39083da-f496-4ed5-bbdc-8e184897fc41"
/>
<img width="1220" alt="Screenshot 2024-12-11 at 14 40 15"
src="https://github.com/user-attachments/assets/a6dc3e29-e1a5-4304-8148-0108231cc9de"
/>
<img width="1476" alt="Screenshot 2024-12-16 at 14 57 39"
src="https://github.com/user-attachments/assets/4b34c70e-e21a-4d82-85f2-f5a3cb7a3826"
/>


### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: wajihaparvez <wajiha.parvez@elastic.co>
Co-authored-by: Davis McPhee <davismcphee@hotmail.com>
Co-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>
2024-12-18 13:45:32 +01:00

185 lines
6.9 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[[data-views]]
=== Create a {data-source}
{kib} requires a {data-source} to access the {es} data that you want to explore.
A {data-source} can point to one or more indices, {ref}/data-streams.html[data streams], or {ref}/alias.html[index aliases].
For example, a {data-source} can point to your log data from yesterday,
or all indices that contain your data.
[float]
[[data-views-read-only-access]]
=== Required permissions
* Access to *Data Views* requires the <<kibana-role-management, {kib} privilege>>
`Data View Management`.
* To create a {data-source}, you must have the <<kibana-role-management,{es} privilege>>
`view_index_metadata`.
* If a read-only indicator appears in {kib}, you have insufficient privileges
to create or save {data-sources}. In addition, the buttons to create {data-sources} or
save existing {data-sources} are not visible. For more information,
refer to <<xpack-security-authorization,Granting access to {kib}>>.
[float]
[[settings-create-pattern]]
=== Create a data view
If you collected data using one of the {kib} <<connect-to-elasticsearch,ingest options>>,
uploaded a file, or added sample data,
you get a {data-source} for free, and can start exploring your data.
If you loaded your own data, follow these steps to create a {data-source}.
. Open *Lens* or *Discover*, and then open the data view menu.
+
[role="screenshot"]
image::images/discover-data-view.png[How to set the {data-source} in Discover, width="40%"]
. Click *Create a {data-source}*.
. Give your {data-source} a name.
. Start typing in the *Index pattern* field, and {kib} looks for the names of
indices, data streams, and aliases that match your input. You can
view all available sources or only the sources that the data view targets.
+
[role="screenshot"]
image:management/index-patterns/images/create-data-view.png["Create data view"]
+
** To match multiple sources, use a wildcard (*). `filebeat-*` matches
`filebeat-apache-a`, `filebeat-apache-b`, and so on.
+
** To match multiple single sources, enter their names,
separated by a comma. Do not include a space after the comma.
`filebeat-a,filebeat-b` matches two indices.
+
** To exclude a source, use a minus sign (-), for example, `-test3`.
. Open the *Timestamp field* dropdown,
and then select the default field for filtering your data by time.
+
** If you dont set a default time field, you can't use
global time filters on your dashboards. This is useful if
you have multiple time fields and want to create dashboards that combine visualizations
based on different timestamps.
+
** If your index doesnt have time-based data, choose *I dont want to use the time filter*.
. Click *Show advanced settings* to:
** Display hidden and system indices.
** Specify your own {data-source} name. For example, enter your {es} index alias name.
. [[reload-fields]] Click *Save {data-source} to {kib}*.
+
You can manage your data view from *Stack Management*.
[float]
==== Create a temporary {data-source}
Want to explore your data or create a visualization without saving it as a data view?
Select *Use without saving* in the *Create {data-source}* form in *Discover*
or *Lens*. With a temporary {data-source}, you can add fields and create an {es}
query alert, just like you would a regular {data-source}. Your work won't be visible to others in your space.
A temporary {data-source} remains in your space until you change apps, or until you save it.
[role="screenshot"]
image::https://images.contentstack.io/v3/assets/bltefdd0b53724fa2ce/blte3a4f3994c44c0cc/637eb0c95834861044c21a25/ad-hoc-data-view.gif[how to create an ad-hoc data view]
NOTE: Temporary {data-sources} are not available in *Stack Management.*
[float]
[[rollup-data-view]]
==== Use {data-sources} with rolled up data
deprecated::[8.11.0,'Rollups are deprecated and will be removed in a future version. Use {ref}/downsampling.html[downsampling] instead.']
A {data-source} can match one rollup index. For a combination rollup
{data-source} with both raw and rolled up data, use the standard notation:
```ts
rollup_logstash,kibana_sample_data_logs
```
For an example, refer to <<rollup-data-tutorial,Create and visualize rolled up data>>.
[float]
[[management-cross-cluster-search]]
==== Use {data-sources} with {ccs}
If your {es} clusters are configured for {ref}/modules-cross-cluster-search.html[{ccs}],
you can create a {data-source} to search across the clusters of your choosing.
Specify data streams, indices, and aliases in a remote cluster using the
following syntax:
```ts
<remote_cluster_name>:<target>
```
To query {ls} indices across two {es} clusters
that you set up for {ccs}, named `cluster_one` and `cluster_two`:
```ts
cluster_one:logstash-*,cluster_two:logstash-*
```
Use wildcards in your cluster names
to match any number of clusters. To search {ls} indices across
clusters named `cluster_foo`, `cluster_bar`, and so on:
```ts
cluster_*:logstash-*
```
To query across all {es} clusters that have been configured for {ccs},
use a standalone wildcard for your cluster name:
```ts
*:logstash-*
```
To match indices starting with `logstash-`, but exclude those starting with `logstash-old`, from
all clusters having a name starting with `cluster_`:
```ts
cluster_*:logstash-*,cluster_*:-logstash-old*
```
Excluding a cluster avoids sending any network calls to that cluster.
To exclude a cluster with the name `cluster_one`:
```ts
cluster_*:logstash-*,-cluster_one:*
```
Once you configure a {data-source} to use the {ccs} syntax, all searches and
aggregations using that {data-source} in {kib} take advantage of {ccs}.
For more information, refer to
{ref}/modules-cross-cluster-search.html#exclude-problematic-clusters[Excluding
clusters or indicies from cross-cluster search].
[float]
[[delete-data-view]]
=== Delete a {data-source}
When you delete a {data-source}, you cannot recover the associated field formatters, runtime fields, source filters,
and field popularity data. Deleting a {data-source} does not remove any indices or data documents from {es}.
WARNING: Deleting a {data-source} breaks all visualizations, saved Discover sessions, and other saved objects that reference the data view.
. Go to the **Data Views** management page using the navigation menu or the <<kibana-navigation-search,global search field>>.
. Find the {data-source} that you want to delete, and then
click image:management/index-patterns/images/delete.png[Delete icon] in the *Actions* column.
[float]
[[data-view-field-cache]]
=== {data-source} field cache
The browser caches {data-source} field lists for increased performance. This is particularly impactful
for {data-sources} with a high field count that span a large number of indices and clusters. The field
list is updated every couple of minutes in typical {kib} usage. Alternatively, use the refresh button on the {data-source}
management detail page to get an updated field list. A force reload of {kib} has the same effect.
The field list may be impacted by changes in indices and user permissions.
Reference in a new issue View git blame Copy permalink