mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
db1c118fa1
# Backport This will backport the following commits from `main` to `8.x`: - [[Discover] Rename Saved Search to Discover Session (#202217)](https://github.com/elastic/kibana/pull/202217) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Julia Rechkunova","email":"julia.rechkunova@elastic.co"},"sourceCommit":{"committedDate":"2024-12-18T12:45:32Z","message":"[Discover] Rename Saved Search to Discover Session (#202217)\n\n- Closes https://github.com/elastic/kibana/issues/174144\r\n\r\n## Summary\r\n\r\nThis PR renames Saved Search into Discover Session in UI.\r\n\r\n- [x] Discover\r\n- [x] Saved Objects page and modal\r\n- [x] Docs\r\n- [x] Other occurrences \r\n\r\n<img width=\"810\" alt=\"Screenshot 2024-12-16 at 15 20 10\"\r\nsrc=\"https://github.com/user-attachments/assets/e39083da-f496-4ed5-bbdc-8e184897fc41\"\r\n/>\r\n<img width=\"1220\" alt=\"Screenshot 2024-12-11 at 14 40 15\"\r\nsrc=\"https://github.com/user-attachments/assets/a6dc3e29-e1a5-4304-8148-0108231cc9de\"\r\n/>\r\n<img width=\"1476\" alt=\"Screenshot 2024-12-16 at 14 57 39\"\r\nsrc=\"https://github.com/user-attachments/assets/4b34c70e-e21a-4d82-85f2-f5a3cb7a3826\"\r\n/>\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: wajihaparvez <wajiha.parvez@elastic.co>\r\nCo-authored-by: Davis McPhee <davismcphee@hotmail.com>\r\nCo-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>","sha":"40c90550f12f99f23e6b7d545c7427e30d648dab","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:Fleet","v9.0.0","Team:DataDiscovery","backport:prev-minor","ci:project-deploy-observability"],"number":202217,"url":"https://github.com/elastic/kibana/pull/202217","mergeCommit":{"message":"[Discover] Rename Saved Search to Discover Session (#202217)\n\n- Closes https://github.com/elastic/kibana/issues/174144\r\n\r\n## Summary\r\n\r\nThis PR renames Saved Search into Discover Session in UI.\r\n\r\n- [x] Discover\r\n- [x] Saved Objects page and modal\r\n- [x] Docs\r\n- [x] Other occurrences \r\n\r\n<img width=\"810\" alt=\"Screenshot 2024-12-16 at 15 20 10\"\r\nsrc=\"https://github.com/user-attachments/assets/e39083da-f496-4ed5-bbdc-8e184897fc41\"\r\n/>\r\n<img width=\"1220\" alt=\"Screenshot 2024-12-11 at 14 40 15\"\r\nsrc=\"https://github.com/user-attachments/assets/a6dc3e29-e1a5-4304-8148-0108231cc9de\"\r\n/>\r\n<img width=\"1476\" alt=\"Screenshot 2024-12-16 at 14 57 39\"\r\nsrc=\"https://github.com/user-attachments/assets/4b34c70e-e21a-4d82-85f2-f5a3cb7a3826\"\r\n/>\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: wajihaparvez <wajiha.parvez@elastic.co>\r\nCo-authored-by: Davis McPhee <davismcphee@hotmail.com>\r\nCo-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>","sha":"40c90550f12f99f23e6b7d545c7427e30d648dab"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/202217","number":202217,"mergeCommit":{"message":"[Discover] Rename Saved Search to Discover Session (#202217)\n\n- Closes https://github.com/elastic/kibana/issues/174144\r\n\r\n## Summary\r\n\r\nThis PR renames Saved Search into Discover Session in UI.\r\n\r\n- [x] Discover\r\n- [x] Saved Objects page and modal\r\n- [x] Docs\r\n- [x] Other occurrences \r\n\r\n<img width=\"810\" alt=\"Screenshot 2024-12-16 at 15 20 10\"\r\nsrc=\"https://github.com/user-attachments/assets/e39083da-f496-4ed5-bbdc-8e184897fc41\"\r\n/>\r\n<img width=\"1220\" alt=\"Screenshot 2024-12-11 at 14 40 15\"\r\nsrc=\"https://github.com/user-attachments/assets/a6dc3e29-e1a5-4304-8148-0108231cc9de\"\r\n/>\r\n<img width=\"1476\" alt=\"Screenshot 2024-12-16 at 14 57 39\"\r\nsrc=\"https://github.com/user-attachments/assets/4b34c70e-e21a-4d82-85f2-f5a3cb7a3826\"\r\n/>\r\n\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows [EUI's writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\r\nsentence case text and includes [i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n- [x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas added for features that require explanation or tutorials\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [x] The PR description includes the appropriate Release Notes section,\r\nand the correct `release_note:*` label is applied per the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by: wajihaparvez <wajiha.parvez@elastic.co>\r\nCo-authored-by: Davis McPhee <davismcphee@hotmail.com>\r\nCo-authored-by: Julia Bardi <90178898+juliaElastic@users.noreply.github.com>","sha":"40c90550f12f99f23e6b7d545c7427e30d648dab"}}]}] BACKPORT-->
50 lines
No EOL
2.6 KiB
Text
50 lines
No EOL
2.6 KiB
Text
[[esql]]
|
|
=== {esql}
|
|
|
|
The Elasticsearch Query Language, {esql}, makes it faster and easier to explore your data.
|
|
|
|
{esql} is a piped language which allows you to chain together multiple commands to query your data.
|
|
Based on the query, Lens suggestions in Discover create a visualization of the query results.
|
|
|
|
{esql} comes with its own dedicated {esql} Compute Engine for greater efficiency. With one query you can search, aggregate, calculate and perform data transformations without leaving **Discover**. Write your query directly in **Discover** or use the **Dev Tools** with the {ref}/esql-rest.html[{esql} API].
|
|
|
|
You can switch to the ES|QL mode of Discover from the application menu bar.
|
|
|
|
{esql} also features in-app help and suggestions, so you can get started faster and don't have to leave the application to check syntax.
|
|
|
|
[role="screenshot"]
|
|
image:images/esql-in-app-help.png[The ES|QL syntax reference and the autocomplete menu]
|
|
|
|
You can also use ES|QL queries to create panels on your dashboards, create enrich policies, and create alerting rules.
|
|
|
|
For more detailed information about {esql} in Kibana, refer to {ref}/esql-kibana.html[Using {esql} in {kib}].
|
|
|
|
[NOTE]
|
|
====
|
|
{esql} is enabled by default in {kib}. It can be
|
|
disabled using the `enableESQL` setting from the
|
|
{kibana-ref}/advanced-options.html[Advanced Settings].
|
|
|
|
This will hide the {esql} user interface from various applications.
|
|
However, users will be able to access existing {esql} artifacts like saved Discover sessions and visualizations.
|
|
====
|
|
|
|
[float]
|
|
[[esql-observability]]
|
|
==== {observability}
|
|
|
|
{esql} makes it much easier to analyze metrics, logs and traces from a single query. Find performance issues fast by defining fields on the fly, enriching data with lookups, and using simultaneous query processing. Combining {esql} with {ml} and AiOps can improve detection accuracy and use aggregated value thresholds.
|
|
|
|
[float]
|
|
[[esql-security]]
|
|
==== Security
|
|
|
|
Use {esql} to retrieve important information for investigation by using lookups. Enrich data and create new fields on the go to gain valuable insight for faster decision-making and actions. For example, perform a lookup on an IP address to identify its geographical location, its association with known malicious entities, or whether it belongs to a known cloud service provider all from one search bar. {esql} ensures more accurate alerts by incorporating aggregated values in detection rules.
|
|
|
|
[float]
|
|
[[esql-whats-next]]
|
|
==== What's next?
|
|
|
|
The main documentation for {esql} lives in the {ref}/esql.html[{es} docs].
|
|
|
|
We also have a short tutorial in the **Discover** docs: <<try-esql,Using {esql}>>. |