896b9cddbc
* [DOCS] Updates for navigation redesign * Getting started * Set up text * Discover * Dashboard, Graph, ML, Maps, APM, SIEM, Dev tools * Dev Tools, Stack Monitoring, Management * Management * Final changes * [DOCS] Updates for navigation redesign * [DOCS] Updates CCR monitoring screenshots * updates SIEM screenshot and Cases overview text * Added Brandon's APM image * [DOCS] Refines CCR shard screenshot * Removed merge conflict image file Co-authored-by: lcawl <lcawley@elastic.co> Co-authored-by: Ben Skelker <ben.skelker@elastic.co>
35 lines
1 KiB
Plaintext
35 lines
1 KiB
Plaintext
[[tutorial-discovering]]
|
|
=== Discover your data
|
|
|
|
Using *Discover*, enter
|
|
an {ref}/query-dsl-query-string-query.html#query-string-syntax[Elasticsearch
|
|
query] to search your data and filter the results.
|
|
|
|
. Open the menu, then go to *Discover*.
|
|
+
|
|
The `shakes*` index pattern appears.
|
|
|
|
. To make `ba*` the index, click the *Change Index Pattern* dropdown, then select `ba*`.
|
|
+
|
|
By default, all fields are shown for each matching document.
|
|
|
|
. In the *Search* field, enter the following:
|
|
+
|
|
[source,text]
|
|
account_number<100 AND balance>47500
|
|
+
|
|
The search returns all account numbers between zero and 99 with balances in
|
|
excess of 47,500. Results appear for account numbers 8, 32, 78, 85, and 97.
|
|
+
|
|
[role="screenshot"]
|
|
image::images/tutorial-discover-2.png[]
|
|
+
|
|
. Hover over the list of *Available fields*, then
|
|
click *Add* next to each field you want include in the table.
|
|
+
|
|
For example, when you add the `account_number` field, the display changes to a list of five
|
|
account numbers.
|
|
+
|
|
[role="screenshot"]
|
|
image::images/tutorial-discover-3.png[]
|