github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-28 11:05:39 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/concepts/index.asciidoc
Kibana Machine 0262b79422
[8.x] [DOCS] Give finding apps and objects section an ID (#199352) (#208721) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[DOCS] Give finding apps and objects section an ID
(#199352)](https://github.com/elastic/kibana/pull/199352)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Liam
Thompson","email":"32779855+leemthompo@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-01-29T11:13:43Z","message":"[DOCS]
Give finding apps and objects section an ID (#199352)\n\nThat way we can
internally link to this beautiful section
using\r\n`<<angle-brackets-and-stuff>>`\r\n\r\n---------\r\n\r\nCo-authored-by:
florent-leborgne
<florent.leborgne@elastic.co>","sha":"6a42ec9b2348fa4fbff25cd14796fe85401e89d3","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Docs","release_note:skip","v9.0.0","docs","v8.16.0","backport:version","v8.17.0","v8.18.0"],"title":"[DOCS]
Give finding apps and objects section an
ID","number":199352,"url":"https://github.com/elastic/kibana/pull/199352","mergeCommit":{"message":"[DOCS]
Give finding apps and objects section an ID (#199352)\n\nThat way we can
internally link to this beautiful section
using\r\n`<<angle-brackets-and-stuff>>`\r\n\r\n---------\r\n\r\nCo-authored-by:
florent-leborgne
<florent.leborgne@elastic.co>","sha":"6a42ec9b2348fa4fbff25cd14796fe85401e89d3"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.17","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199352","number":199352,"mergeCommit":{"message":"[DOCS]
Give finding apps and objects section an ID (#199352)\n\nThat way we can
internally link to this beautiful section
using\r\n`<<angle-brackets-and-stuff>>`\r\n\r\n---------\r\n\r\nCo-authored-by:
florent-leborgne
<florent.leborgne@elastic.co>","sha":"6a42ec9b2348fa4fbff25cd14796fe85401e89d3"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Liam Thompson <32779855+leemthompo@users.noreply.github.com>
2025-01-29 11:45:00 +00:00

168 lines
6.3 KiB
Text
Raw Blame History

[[kibana-concepts-analysts]]
== {kib} concepts
**_Learn the shared concepts for analyzing and visualizing your data_**
As an analyst, you will use a combination of {kib} apps to analyze and
visualize your data. {kib} contains both general-purpose apps and apps for the
https://www.elastic.co/guide/en/enterprise-search/current/index.html[*Enterprise Search*],
{observability-guide}/observability-introduction.html[*Elastic Observability*],
and {security-guide}/es-overview.html[*Elastic Security*] solutions.
These apps share a common set of concepts.
[float]
=== Three things to know about {es}
You don't need to know everything about {es} to use {kib}, but the most important concepts follow:
* *{es} makes JSON documents searchable and aggregatable.* The documents are
stored in an {ref}/documents-indices.html[index] or {ref}/data-streams.html[data stream], which represent one type of data.
* **_Searchable_ means that you can filter the documents for conditions.**
For example, you can filter for data "within the last 7 days" or data that "contains the word {kib}".
{kib} provides many ways for you to construct filters, which are also called queries or search terms.
* **_Aggregatable_ means that you can extract summaries from matching documents.**
The simplest aggregation is *count*, and it is frequently used in combination
with the *date histogram*, to see count over time. The *terms* aggregation shows the most frequent values.
[float]
=== Finding your apps and objects
// putting ID here for backwards compatibility
[[kibana-concepts-finding-your-apps-objects]]
{kib} offers a <<kibana-navigation-search,global search bar>> on every page that you can use to find any app or saved object.
Open the search bar using the keyboard shortcut Ctrl+/ on Windows and Linux, Command+/ on MacOS.
[role="screenshot"]
image:concepts/images/global-search.png["Global search showing matches to apps and saved objects for the word visualize"]
[float]
=== Accessing data with data views
{kib} requires a data view to tell it which {es} data you want to access,
and whether the data is time-based. A data view can point to one or more {es}
data streams, indices, or index aliases by name.
Data views are typically created by an administrator when sending data to {es}.
You can <<data-views,create or update data views>> in *Stack Management*, or by using a script
that accesses the {kib} API.
{kib} uses the data view to show you a list of fields, such as
`event.duration`. You can customize the display name and format for each field.
For example, you can tell {kib} to display `event.duration` in seconds.
{kib} has <<managing-fields,field formatters>> for strings,
dates, geopoints, and numbers.
[float]
[[kibana-concepts-searching-your-data]]
=== Searching your data
{kib} provides you several ways to build search queries,
which will reduce the number of document matches that you get from {es}.
{kib} apps provide a time filter, and most apps also include semi-structured search and extra filters.
[role="screenshot"]
image:concepts/images/top-bar.png["Time filter, semi-structured search, and filters in a {kib} app"]
If you frequently use any of the search options, click
image:concepts/images/saved-query-icon.png["save icon", width=20px] next to the
semi-structured search to save or load a previously saved query.
The saved query always contains the semi-structured search query,
and optionally the time filter and extra filters.
[float]
==== Time filter
The <<set-time-filter, global time filter>> limits the time range of data displayed.
In most cases, the time filter applies to the time field in the data view,
but some apps allow you to use a different time field.
Using the time filter, you can configure a refresh rate to periodically
resubmit your searches.
[role="screenshot"]
image:concepts/images/refresh-every.png["section of time filter where you can configure a refresh rate", width=75%]
To manually resubmit a search, click the *Refresh* button.
This is useful when you use {kib} to view the underlying data.
[float]
[[semi-structured-search]]
==== Semi-structured search
Combine free text search with field-based search using the Kibana Query Language (KQL).
Type a search term to match across all fields, or start typing a field name to
get suggestions for field names and operators that you can use to build a structured query.
The semi-structured search will filter documents for matches, and only return matching documents.
Following are some example KQL queries. For more detailed examples, refer to <<kuery-query,Kibana Query Language>>.
[cols=2*]
|===
| Exact phrase query
| `http.response.body.content.text:"quick brown fox"`
| Terms query
| http.response.status_code:400 401 404
| Boolean query
| `response:200 or extension:php`
| Range query
| `account_number >= 100 and items_sold <= 200`
| Wildcard query
| `machine.os:win*`
|===
[float]
[[autocomplete-suggestions]]
[float]
==== Additional filters with AND
Structured filters are a more interactive way to create {es} queries,
and are commonly used when building dashboards that are shared by multiple analysts.
Each filter can be disabled, inverted, or pinned across all apps.
Each of the structured
filters is combined with AND logic on the rest of the query.
[role="screenshot"]
image:concepts/images/add-filter-popup.png["Add filter popup"]
[float]
=== Saving objects
{kib} lets you save objects for your own future use or for sharing with others.
Each <<managing-saved-objects,saved object>> type has different abilities. For example, you can save
your search queries made with *Discover*, which lets you:
* Share a link to your search
* Download the full search results in CSV form
* Start an aggregated visualization using the same search query
* Embed the *Discover* search results into a dashboard
* Embed the *Discover* search results into a Canvas workpad
For organization, every saved object can have a name, <<kibana-navigation-search,tags>>, and type.
Use the global search to quickly open a saved object.
[float]
=== What's next?
* Try the {kib} <<get-started,Quick start>>, which shows you how to put these concepts into action.
* Go to <<discover, Discover>> for instructions on searching your data.
include::data-views.asciidoc[]
include::set-time-filter.asciidoc[]
include::esql.asciidoc[]
include::kuery.asciidoc[]
include::lucene.asciidoc[]
include::save-query.asciidoc[]
Reference in a new issue View git blame Copy permalink