2016-10-25 03:41:32 +02:00
|
|
|
[[document-data]]
|
2020-06-10 16:20:55 +02:00
|
|
|
== View document data
|
2016-10-25 03:41:32 +02:00
|
|
|
|
2019-12-17 20:48:55 +01:00
|
|
|
When you submit a search query in *Discover*, the most recent documents that match the query
|
|
|
|
are listed in the documents table.
|
|
|
|
By default, the table includes columns for
|
|
|
|
the time field and the document `_source`, which shows all fields and values in the document.
|
2016-10-31 15:13:41 +01:00
|
|
|
|
2016-10-25 03:41:32 +02:00
|
|
|
[float]
|
|
|
|
[[sorting]]
|
2019-12-17 20:48:55 +01:00
|
|
|
=== Modify the document table
|
|
|
|
|
|
|
|
Use the following commands to
|
|
|
|
tailor the documents table to suit your needs.
|
|
|
|
|
|
|
|
[horizontal]
|
|
|
|
Add a field column::
|
2020-01-17 22:13:22 +01:00
|
|
|
Hover over the list of *Available fields* and then click *add* next to each field you want to include as a column in the table.
|
2019-12-17 20:48:55 +01:00
|
|
|
The first field you add replaces the `_source` column.
|
|
|
|
Change sort order:: By default, columns are sorted by the values in the field.
|
|
|
|
If a time field is configured for the current index pattern,
|
|
|
|
the documents are sorted in reverse chronological order.
|
|
|
|
+
|
|
|
|
To change the sort order, hover over the column
|
|
|
|
and click image:images/sort-icon.png[].
|
|
|
|
The first click sorts by ascending order, the second click sorts by descending order, and the third
|
|
|
|
click removes the field from the sorted fields.
|
|
|
|
|
2020-04-06 22:37:45 +02:00
|
|
|
Move a field column:: Hover over the column header and click the (<<) or (>>) icons.
|
2019-12-17 20:48:55 +01:00
|
|
|
Remove a field column :: Hover over the list of *Specified fields*
|
|
|
|
and then click *remove*.
|
|
|
|
Or, use the (x) control in the column header.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
|
|
|
[float]
|
2019-12-17 20:48:55 +01:00
|
|
|
=== Drill down into field-level details
|
|
|
|
To view the document data in either table or JSON format, click the expand icon (>).
|
|
|
|
The expanded view provides these options for viewing your document:
|
2016-10-25 03:41:32 +02:00
|
|
|
|
2019-12-17 20:48:55 +01:00
|
|
|
* View the events that surround your document.
|
|
|
|
For example, you might want to see the 10 documents that occurred
|
|
|
|
immediately before and after your event.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
2019-12-17 20:48:55 +01:00
|
|
|
* View the document data as a separate page. You can bookmark and
|
|
|
|
share the link for direct access to a particular document.
|
2016-10-25 03:41:32 +02:00
|
|
|
|
2019-12-17 20:48:55 +01:00
|
|
|
[role="screenshot"]
|
2020-09-28 17:53:38 +02:00
|
|
|
image::images/Expanded-Document.png[Image showing expanded view, with JSON and table viewing options]
|
2016-10-25 03:41:32 +02:00
|
|
|
|
|
|
|
|
|
|
|
[float]
|
2019-12-17 20:48:55 +01:00
|
|
|
=== Configure the number of documents to show
|
|
|
|
|
|
|
|
By default, the documents table includes the 500 most recent documents that
|
|
|
|
match the query. To change this number, set the `discover:sampleSize` property in <<advanced-options,
|
|
|
|
Advanced Settings>>.
|