Skip to content

Commit

Permalink
Review Discover section and formatting (#331)
Browse files Browse the repository at this point in the history
  • Loading branch information
@florent-leborgne
florent-leborgne authored Feb 5, 2025
1 parent 6e9cc30 commit d8770dd
Show file tree
Hide file tree
Showing 10 changed files with 97 additions and 144 deletions.
89 changes: 36 additions & 53 deletions explore-analyze/discover/discover-get-started.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,21 +24,19 @@ Select the data you want to explore, and then specify the time range in which to

1. Find **Discover** in the navigation menu or by using the [global search field](../../get-started/the-stack.md#kibana-navigation-search).
2. Select the data view that contains the data you want to explore.

::::{tip}
{{kib}} requires a [{{data-source}}](../find-and-organize/data-views.md) to access your Elasticsearch data. A {{data-source}} can point to one or more indices, [data streams](../../manage-data/data-store/index-types/data-streams.md), or [index aliases](https://www.elastic.co/guide/en/elasticsearch/reference/current/alias.html). When adding data to {{es}} using one of the many integrations available, sometimes data views are created automatically, but you can also create your own.
::::


If you’re using sample data, data views are automatically created and are ready to use.

:::{image} ../../images/kibana-discover-data-view.png
:alt: How to set the {{data-source}} in Discover
:class: screenshot
:::
::::{tip}
By default, {{kib}} requires a [{{data-source}}](../find-and-organize/data-views.md) to access your Elasticsearch data. A {{data-source}} can point to one or more indices, [data streams](../../manage-data/data-store/index-types/data-streams.md), or [index aliases](https://www.elastic.co/guide/en/elasticsearch/reference/current/alias.html). When adding data to {{es}} using one of the many integrations available, sometimes data views are created automatically, but you can also create your own.

You can also [try {{esql}}](try-esql.md), that let's you query any data you have in {{es}} without specifying a {{data-source}} first.
::::
If you’re using sample data, data views are automatically created and are ready to use.
:::{image} ../../images/kibana-discover-data-view.png
:alt: How to set the {{data-source}} in Discover
:class: screenshot
:width: 300px
:::

3. If needed, adjust the [time range](../query-filter/filtering.md), for example by setting it to the **Last 7 days**.

The range selection is based on the default time field in your data view. If you are using the sample data, this value was set when the data view was created. If you are using your own data view, and it does not have a time field, the range selection is not available.


Expand All @@ -56,29 +54,19 @@ You can later filter the data that shows in the chart and in the table by specif
**Discover** provides utilities designed to help you make sense of your data:

1. In the sidebar, check the available fields. It’s very common to have hundreds of fields. Use the search at the top of that sidebar to look for specific terms in the field names.

In this example, we’ve entered `ma` in the search field to find the `manufacturer` field.

![Fields list that displays the top five search results](../../images/kibana-discover-sidebar-available-fields.png "")

::::{tip}
You can combine multiple keywords or characters. For example, `geo dest` finds `geo.dest` and `geo.src.dest`.
::::
In this example, we’ve entered `ma` in the search field to find the `manufacturer` field.
![Fields list that displays the top five search results](../../images/kibana-discover-sidebar-available-fields.png "title =40%")
::::{tip}
You can combine multiple keywords or characters. For example, `geo dest` finds `geo.dest` and `geo.src.dest`.
::::

2. Select a field to view its most frequent values.

**Discover** shows the top 10 values and the number of records used to calculate those values.
**Discover** shows the top 10 values and the number of records used to calculate those values.

3. Select the **Plus** icon to add fields to the results table. You can also drag them from the list into the table.

:::{image} ../../images/kibana-discover-add-icon.png
:alt: How to add a field as a column in the table
:class: screenshot
:::

When you add fields to the table, the **Summary** column is replaced.

![Document table with fields for manufacturer](../../images/kibana-document-table.png "")
![How to add a field as a column in the table](../../images/kibana-discover-add-field.png "title =50%")
When you add fields to the table, the **Summary** column is replaced.
![Document table with fields for manufacturer](../../images/kibana-document-table.png "")

4. Arrange the view to your liking to display the fields and data you care most about using the various display options of **Discover**. For example, you can change the order and size of columns, expand the table to be in full screen or collapse the chart and the list of fields. Check [Customize the Discover view](document-explorer.md).
5. **Save** your changes to be able to open the same view later on and explore your data further.
Expand All @@ -92,9 +80,8 @@ What happens if you forgot to define an important value as a separate field? Or,
2. Select the **Type** of the new field.
3. **Name** the field. Name it in a way that corresponds to the way other fields of the data view are named. You can set a custom label and description for the field to make it more recognizable in your data view.
4. Define the value that you want the field to show. By default, the field value is retrieved from the source data if it already contains a field with the same name. You can customize this with the following options:

* **Set value**: Define a script that will determine the value to show for the field. For more information on adding fields and Painless scripting language examples, refer to [Explore your data with runtime fields](../find-and-organize/data-views.md#runtime-fields).
* **Set format**: Set your preferred format for displaying the value. Changing the format can affect the value and prevent highlighting in Discover.
- **Set value**: Define a script that will determine the value to show for the field. For more information on adding fields and Painless scripting language examples, refer to [Explore your data with runtime fields](../find-and-organize/data-views.md#runtime-fields).
- **Set format**: Set your preferred format for displaying the value. Changing the format can affect the value and prevent highlighting in Discover.

5. In the advanced settings, you can adjust the field popularity to make it appear higher or lower in the fields list. By default, Discover orders popular fields from most selected to least selected.
6. **Save** your new field.
Expand Down Expand Up @@ -135,16 +122,13 @@ In the following example, we’re adding 2 fields: A simple "Hello world" field,
If a field can be [aggregated](../aggregations.md), you can quickly visualize it in detail by opening it in **Lens** from **Discover**. **Lens** is the default visualization editor in {{kib}}.

1. In the list of fields, find an aggregatable field. For example, with the sample data, you can look for `day_of_week`.

![Top values for the day_of_week field](../../images/kibana-discover-day-of-week.png "")
![Top values for the day_of_week field](../../images/kibana-discover-day-of-week.png "title =60%")

2. In the popup, click **Visualize**.

{{kib}} creates a **Lens** visualization best suited for this field.
{{kib}} creates a **Lens** visualization best suited for this field.

3. In **Lens**, from the **Available fields** list, drag and drop more fields to refine the visualization. In this example, were adding the `manufacturer.keyword` field onto the workspace, which automatically adds a breakdown of the top values to the visualization.

![Visualization that opens from Discover based on your data](../../images/kibana-discover-from-visualize.png "")
![Visualization that opens from Discover based on your data](../../images/kibana-discover-from-visualize.png "")

4. Save the visualization if youd like to add it to a dashboard or keep it in the Visualize library for later use.

Expand All @@ -160,13 +144,12 @@ You can use **Discover** to compare and diff the field values of multiple result
1. Select the results you want to compare from the Documents or Results tab in Discover.
2. From the **Selected** menu in the table toolbar, choose **Compare selected**. The comparison view opens and shows the selected results next to each other.
3. Compare the values of each field. By default the first result selected shows as the reference for displaying differences in the other results. When the value remains the same for a given field, its displayed in green. When the value differs, its displayed in red.

::::{tip}
You can change the result used as reference by selecting **Pin for comparison** in the contextual menu of any other result.
::::
::::{tip}
You can change the result used as reference by selecting **Pin for comparison** in the contextual menu of any other result.
::::


![Comparison view in Discover](../../images/kibana-discover-compare-rows.png "")
![Comparison view in Discover](../../images/kibana-discover-compare-rows.png "")

4. Optionally, customize the **Comparison settings** to your liking. You can for example choose to not highlight the differences, to show them more granularly at the line, word, or character level, or even to hide fields where the value matches for all results.
5. Exit the comparison view at any time using the **Exit comparison mode** button.
Expand All @@ -193,15 +176,15 @@ Dive into an individual document to view its fields and the documents that occur

2. Scan through the fields and their values. You can filter the table in several ways:

* If you find a field of interest, hover your mouse over the **Field** or **Value** columns for filters and additional options.
* Use the search above the table to filter for specific fields or values, or filter by field type using the options to the right of the search field.
* You can pin some fields by clicking the left column to keep them displayed even if you filter the table.
* If you find a field of interest, hover your mouse over the **Field** or **Value** columns for filters and additional options.
* Use the search above the table to filter for specific fields or values, or filter by field type using the options to the right of the search field.
* You can pin some fields by clicking the left column to keep them displayed even if you filter the table.

::::{tip}
You can restrict the fields listed in the detailed view to just the fields that you explicitly added to the **Discover** table, using the **Selected only** toggle. In ES|QL mode, you also have an option to hide fields with null values.
::::
::::{tip}
You can restrict the fields listed in the detailed view to just the fields that you explicitly added to the **Discover** table, using the **Selected only** toggle. In ES|QL mode, you also have an option to hide fields with null values.
::::

3. To navigate to a view of the document that you can bookmark and share, select ** View single document**.
3. To navigate to a view of the document that you can bookmark and share, select **View single document**.
4. To view documents that occurred before or after the event you are looking at, select **View surrounding documents**.


Expand Down
18 changes: 6 additions & 12 deletions explore-analyze/discover/discover-search-for-relevance.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,17 +28,11 @@ This example shows how to use **Discover** to list your documents from most rele
6. To turn off sorting by the `timestamp` field, click the **field sorted** option, and then click **Clear sorting.**
7. Open the **Pick fields to sort by** menu, and then click **_score**.
8. Select **High-Low**.

:::{image} ../../images/kibana-field-sorting-popover.png
:alt: Field sorting popover
:class: screenshot
:::

Your table now sorts documents from most to least relevant.

:::{image} ../../images/kibana-discover-search-for-relevance.png
:alt: Documents are sorted from most relevant to least relevant.
:class: screenshot
:::
![Field sorting popover](../../images/kibana-field-sorting-popover.png "title =50%")
Your table now sorts documents from most to least relevant.
:::{image} ../../images/kibana-discover-search-for-relevance.png
:alt: Documents are sorted from most relevant to least relevant.
:class: screenshot
:::


40 changes: 17 additions & 23 deletions explore-analyze/discover/document-explorer.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@ Customize the appearance of the document table and its contents to your liking.
* To move a single column, drag its header and drop it to the position you want. You can also open the column’s contextual options, and select **Move left** or **Move right** in the available options.
* To move multiple columns, click **Columns**. In the pop-up, drag the column names to their new order.
* To resize a column, drag the right edge of the column header until the column is the width that you want.

Column widths are stored with a Discover session. When you add a Discover session as a dashboard panel, it appears the same as in **Discover**.

::::{tip}
Column widths are stored with a Discover session. When you add a Discover session as a dashboard panel, it appears the same as in **Discover**.
::::


### Customize the table density [document-explorer-density]
Expand All @@ -54,7 +54,7 @@ When the number of results returned by your search query (displayed at the top o

On the last page of the table, a message indicates that you’ve reached the end of the loaded search results. From that message, you can choose to load more results to continue exploring.

![Limit sample size in Discover](../../images/kibana-discover-limit-sample-size.png "")
![Limit sample size in Discover](../../images/kibana-discover-limit-sample-size.png "title =50%")


### Sort the fields [document-explorer-sort-data]
Expand All @@ -66,20 +66,15 @@ To add or remove a sort on a single field, click the column header, and then sel
To sort by multiple fields:

1. Click the **Sort fields** option.

:::{image} ../../images/kibana-document-explorer-sort-data.png
:alt: Pop-up in document table for sorting columns
:class: screenshot
:::
![Pop-up in document table for sorting columns](../../images/kibana-document-explorer-sort-data.png "title =50%")

2. To add fields to the sort, select their names from the dropdown menu.

By default, columns are sorted in the order they are added.

:::{image} ../../images/kibana-document-explorer-multi-field.png
:alt: Multi field sort in the document table
:class: screenshot
:::
By default, columns are sorted in the order they are added.
:::{image} ../../images/kibana-document-explorer-multi-field.png
:alt: Multi field sort in the document table
:class: screenshot
:width: 50%
:::

3. To change the sort order, select a field in the pop-up, and then drag it to the new location.

Expand All @@ -90,8 +85,7 @@ Change how {{kib}} displays a field.

1. Click the column header for the field, and then select **Edit data view field.**
2. In the **Edit field** form, change the field name and format.

For detailed information on formatting options, refer to [Format data fields](../find-and-organize/data-views.md#managing-fields).
For detailed information on formatting options, refer to [Format data fields](../find-and-organize/data-views.md#managing-fields).



Expand All @@ -101,11 +95,11 @@ Narrow your results to a subset of documents so you’re comparing just the data

1. Select the documents you want to compare.
2. Click the **Selected** option, and then select **Show selected documents only**.

:::{image} ../../images/kibana-document-explorer-compare-data.png
:alt: Compare data in the document table
:class: screenshot
:::
:::{image} ../../images/kibana-document-explorer-compare-data.png
:alt: Compare data in the document table
:class: screenshot
:width: 50%
:::


You can also compare individual field values using the [**Compare selected** option](discover-get-started.md#compare-documents-in-discover).
Expand Down
2 changes: 1 addition & 1 deletion explore-analyze/discover/run-pattern-analysis-discover.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,5 @@ This example uses the [sample web logs data](../overview/kibana-quickstart.md#gs
:class: screenshot
:::

1. (optional) Apply filters to one or more patterns. **Discover** only displays documents that match the selected patterns. Additionally, you can remove selected patterns from **Discover**, resulting in the display of only those documents that don’t match the selected pattern. These options enable you to remove unimportant messages and focus on the more important, actionable data during troubleshooting. You can also create a categorization {{anomaly-job}} directly from the **Patterns** tab to find anomalous behavior in the selected pattern.
5. (optional) Apply filters to one or more patterns. **Discover** only displays documents that match the selected patterns. Additionally, you can remove selected patterns from **Discover**, resulting in the display of only those documents that don’t match the selected pattern. These options enable you to remove unimportant messages and focus on the more important, actionable data during troubleshooting. You can also create a categorization {{anomaly-job}} directly from the **Patterns** tab to find anomalous behavior in the selected pattern.

5 changes: 3 additions & 2 deletions explore-analyze/discover/save-open-search.md
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
---
navigation_title: Save a search for reuse
mapped_pages:
- https://www.elastic.co/guide/en/kibana/current/save-open-search.html
---

# Save a search for reuse [save-open-search]
# Discover sessions: Save a search for reuse [save-open-search]

A saved Discover session is a convenient way to reuse a search that you’ve created in **Discover**. Discover sessions are good for saving a configured view of Discover to use later or adding search results to a dashboard, and can also serve as a foundation for building visualizations.

Expand All @@ -28,7 +29,7 @@ By default, a Discover session stores the query text, filters, and current view
4. Click **Save**.
5. To reload your search results in **Discover**, click **Open** in the toolbar, and select the saved Discover session.

If the saved Discover session is associated with a different {{data-source}} than is currently selected, opening the saved Discover session changes the selected {{data-source}}. The query language used for the saved Discover session is also automatically selected.
If the saved Discover session is associated with a different {{data-source}} than is currently selected, opening the saved Discover session changes the selected {{data-source}}. The query language used for the saved Discover session is also automatically selected.



Expand Down
Loading

0 comments on commit d8770dd

Please sign in to comment.