how to view what i enetered into elasticsearch

Yous take questions well-nigh your data. What pages on your website comprise a specific word or phrase? What events were logged nigh recently? What processes accept longer than 500 milliseconds to answer?

With Observe , yous tin can quickly search and filter your data, get data near the structure of the fields, and display your findings in a visualization. You can also customize and salve your searches and place them on a dashboard.

Explore and query your dataedit

This tutorial shows you how to utilize Discover to search large amounts of data and understand what's going on at any given fourth dimension.

You'll acquire to:

• Select data for your exploration, ready a time range for that data, search it with the Kibana Query Language, and filter the results.
• Explore the details of your data, view individual documents, and create tables that summarize the contents of the information.
• Present your findings in a visualization.

At the end of this tutorial, you'll be ready to kickoff exploring with your ain information in Discover .

Prerequisites:

• If y'all don't already accept Kibana, set it up with our gratis trial.
• You lot must have data in Elasticsearch. This tutorial uses the ecommerce sample information gear up, only yous can employ your own data.
• You should have an understanding of Elasticsearch documents and indices and Kibana concepts.

Detect your dataedit

Tell Kibana where to notice the data you want to explore, so specify the time range in which to view that data.

1. Open the principal carte, and select Detect .

2. Select the data you desire to work with.

   Kibana uses a data view to tell information technology where to find your Elasticsearch data. To view the ecommerce sample data, make certain the information view is fix to kibana_sample_data_ecommerce .

   

   To create a data view for your ain information, click the ellipsis icon (…​), and then click Create new information view . For details, refer to Create a data view.

3. Adjust the time range to view information for the Last 7 days .

   The range selection is based on the default time field in your information. If you are using the sample data, this value was set up when you added the data. If y'all are using your own information, and it does not have a time field, the range selection is not available.

4. To view the count of documents for a given time in the specified range, click and drag the mouse over the nautical chart.

Explore the fields in your dataedit

Notice includes a table that shows all the documents that friction match your search. Past default, the table includes columns for the time field and the certificate _source. You'll change this table to brandish your fields of interest.

1. Scan through the list of Available fields until you discover the manufacturer field. You can also search for the field by name.

   

2. Click the manufacturer field to view its v near popular values.

   

3. Click to toggle the field into the certificate table.

4. Find the customer_first_name and customer_last_name fields and add them to your document table. Your table should look like to this:

   

5. To rearrange the table columns, hover the mouse over a column header, and then use the motion control.
6. To view more of the document table, click Chart options > Hide nautical chart .

Add a field to your data viewedit

What happens if you forgot to define an important value as a separate field? Or, what if you lot want to combine ii fields and treat them as one? This is where runtime fields come into play. You can add a runtime field to your information view from inside of Discover , and then apply that field for analysis and visualizations, the same mode y'all practise with other fields.

1. Click the ellipsis icon (…​), and and then click Add field .

   

2. In the Create field form, enter hello for the name.
3. Turn on Ready value .

4. Define the script using the Painless scripting language. Runtime fields require an emit().

5. Click Save .

6. In the fields listing, search for the hello field, and so add it to the table to view it's value.

   

7. Create a 2d field named customer that combines customer final proper noun and kickoff initial.

   String str = doc['customer_first_name.keyword'].value; char ch1 = str.charAt(0); emit(doc['customer_last_name.keyword'].value + ", " + ch1);

8. Simplify the the document table past removing customer_first_name and customer_last_name and adding client in their place.

   

   For more data on adding fields and Painless scripting language examples, refer to Explore your data with runtime fields.

Search your dataedit

Ane of the unique capabilities of Discover is the ability to combine free text search with filtering based on structured data. To search all fields, enter a uncomplicated string in the query bar.

To search particular fields and build more circuitous queries, use the Kibana Query linguistic communication. As y'all blazon, KQL prompts you with the fields y'all can search and the operators you can utilize to build a structured query.

Search the ecommerce data for documents where the country matches United states:

1. Enter g, and then select geoip.country_iso_code .
2. Select : for equals some value and US , and so click Update .

3. For a more circuitous search, try:

   geoip.country_iso_code : United states of america and products.taxless_price >= 75

Filter your dataedit

Whereas the query defines the fix of documents y'all are interested in, filters enable you to zero in on subsets of those documents. Y'all can filter results to include or exclude specific fields, filter for a value in a range, and more than.

Exclude documents where day of week is not Wednesday:

1. Click Add filter .

2. Set up Field to day_of_week , Operator to is not , and Value to Wednesday .

   

3. Save the filter.
4. Keep your exploration by calculation more than filters.
5. To remove a filter, click the close icon (ten) next to its name in the filter bar.

Look inside a documentedit

Dive into an private document to view its fields and the documents that occurred before and after it.

1. In the certificate table, aggrandize any document.

   

2. Scan through the fields and their values. If you find a field of interest, hover over its name for filters and other controls.
3. To view documents that occurred before or later on the result you are looking at, click View surrounding documents.

4. For direct admission to a particular certificate, click View single document .

   You tin bookmark this document and share the link.

Save your search for later useedit

Save your search so you tin can repeat it later, generate a CSV written report, or utilise information technology in visualizations, dashboards, and Canvas workpads. Saving a search saves the query text, filters, and electric current view of Observe , including the columns selected in the document table, the sort order, and the data view.

1. In the toolbar, click Save .
2. Give your search a title, and then click Salve .

Visualize your findingsedit

If a field can be aggregated, you can quickly visualize it from Detect .

1. From the Available fields list, click day_of_week, so click Visualize .

   

   Kibana creates a visualization best suited for this field.

2. From the Available fields list, drag and driblet manufacturer.keyword onto the workspace.

   

3. Save your visualization for use on a dashboard.

   For geo bespeak fields ( ), if y'all click Visualize , your information appears in a map.

   

Share your findingsedit

To share your findings with a larger audience, click Share in the Discover toolbar. For detailed information near the sharing options, refer to Reporting.

What's side by side?edit

• Learn more than well-nigh the construction of a KQL query.
• Search for relevance.
• Configure Discover to better see your needs. Go to Avant-garde Settings to configure the number of documents to show, the table columns that display by default, and more.

trostmusly1974.blogspot.com

Source: https://www.elastic.co/guide/en/kibana/current/discover.html