maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/docs/discover/context.asciidoc
Matthias Wilhelm 51b416b23f
[Discover] Restore context documentation (#90784) 
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
2021-03-04 17:24:13 +01:00

60 lines
2.5 KiB
Plaintext
Raw Blame History

[[discover-document-context]]
== View surrounding documents
Once you've narrowed your search to a specific event in *Discover*,
you can inspect the documents that occurred
immediately before and after the event.
To view the surrounding documents, your index pattern must contain time-based events.
. In the document table, click the expand icon (>).
. Click *View surrounding documents.*
+
In the context view, documents are sorted by the time field specified in the index pattern
and displayed using the same set of columns as the *Discover* view from which
the context was opened. The anchor document is highlighted in blue.
+
[role="screenshot"]
image::images/discover-context.png[Image showing context view feature, with anchor documents highlighted in blue]
+
The filters you applied in *Discover* are carried over to the context view. Pinned
filters remain active, while normal filters are copied in a disabled state.
+
[role="screenshot"]
image::images/discover-context-filters-inactive.png[Filter in context view]
. To find the documents of interest, add filters.
. To increase the number of documents that surround the anchor document, click *Load*.
By default, five documents are added with each click.
+
[role="screenshot"]
image::images/discover-context-load-newer-documents.png[Load button and the number of documents to load]
[float]
[[configure-context-ContextView]]
=== Configure the context view
Configure the appearance and behavior in *Advanced Settings*.
. Open the main menu, then click *Stack Management > Advanced Settings*.
. Search for `context`, then edit the settings.
+
[horizontal]
`context:defaultSize`:: The number of documents to display by default.
`context:step`:: The default number of documents to load with each button click. The default is 5.
`context:tieBreakerFields`:: The field to use for tiebreaking in case of equal time field values.
The default is the `_doc` field.
+
You can enter a comma-separated list of field
names, which is checked in sequence for suitability when a context is
displayed. The first suitable field is used as the tiebreaking
field. A field is suitable if the field exists and is sortable in the index
pattern the context is based on.
+
Although not required, it is recommended to only
use fields that have {ref}/doc-values.html[doc values] enabled to achieve
good performance and avoid unnecessary {ref}/modules-fielddata.html[field
data] usage. Common examples for suitable fields include log line numbers,
monotonically increasing counters and high-precision timestamps.
Reference in a new issue View git blame Copy permalink