maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
kibana/docs/discover/search.asciidoc
Matt Bargar 4f2fbe7fb6
[6.x] Add query enhancements opt-in switch to query bar (#17232) (#17353) 
* Add query enhancements opt-in switch to query bar (#17232)

Makes our language updates more visible to users and removes mentions of Kuery as a separate language. Users still get the old lucene experience by default, but have the option to opt-in to "experimental query features" directly in the query bar. Goal is to get more feedback by making these new features more prominent and less of a jump from lucene.

* fix test
2018-03-22 18:00:25 -04:00

117 lines
4.8 KiB
Plaintext
Raw Blame History

[[search]]
== Searching Your Data
You can search the indices that match the current index pattern by entering
your search criteria in the Query bar. You can use Kibana's standard query language
(based on Lucene https://lucene.apache.org/core/2_9_4/queryparsersyntax.html[query syntax])
or the full JSON-based {ref}/query-dsl.html[Elasticsearch Query DSL]. Autocomplete
and a simplified query syntax are available for the Kibana query language as experimental
features which you can opt-in to under the options menu in the Query Bar.
When you submit a search request, the histogram, Documents table, and Fields
list are updated to reflect the search results. The total number of hits
(matching documents) is shown in the toolbar. The Documents table shows the
first five hundred hits. By default, the hits are listed in reverse
chronological order, with the newest documents shown first. You can reverse
the sort order by clicking the Time column header. You can also sort the table
by the values in any indexed field. For more information, see <<sorting,
Sorting the Documents Table>>.
To search your data, enter your search criteria in the Query bar and
press *Enter* or click *Search* image:images/search-button.jpg[] to submit
the request to Elasticsearch.
[NOTE]
===========
You can opt-in to our experimental query features by default by changing `search:queryLanguage`
to `kuery` under Advanced Settings.
===========
[[lucene-query]]
=== Lucene Query Syntax
Kibana's query language has historically been based on the Lucene query syntax. The following
are some tips that can help get you started.
* To perform a free text search, simply enter a text string. For example, if
you're searching web server logs, you could enter `safari` to search all
fields for the term `safari`.
* To search for a value in a specific field, prefix the value with the name
of the field. For example, you could enter `status:200` to find all of
the entries that contain the value `200` in the `status` field.
* To search for a range of values, you can use the bracketed range syntax,
`[START_VALUE TO END_VALUE]`. For example, to find entries that have 4xx
status codes, you could enter `status:[400 TO 499]`.
* To specify more complex search criteria, you can use the Boolean operators
`AND`, `OR`, and `NOT`. For example, to find entries that have 4xx status
codes and have an extension of `php` or `html`, you could enter `status:[400 TO
499] AND (extension:php OR extension:html)`.
For more detailed information about the Lucene query syntax, see the
{ref}/query-dsl-query-string-query.html#query-string-syntax[Query String Query]
docs.
NOTE: These examples use the Lucene query syntax. When lucene is selected as your
query language you can also submit queries using the {ref}/query-dsl.html[Elasticsearch Query DSL].
include::kuery.asciidoc[]
[[save-open-search]]
=== Saving and Opening Searches
Saving searches enables you to reload them into Discover and use them as the basis
for <<visualize, visualizations>>. Saving a search saves both the search query string
and the currently selected index pattern.
==== Saving a Search
To save the current search:
. Click *Save* in the Kibana toolbar.
. Enter a name for the search and click *Save*.
You can import, export and delete saved searches from *Management/Kibana/Saved Objects*.
==== Opening a Saved Search
To load a saved search into Discover:
. Click *Open* in the Kibana toolbar.
. Select the search you want to open.
If the saved search is associated with a different index pattern than is currently
selected, opening the saved search changes the selected index pattern. The query language
used for the saved search will also be automatically selected.
[[select-pattern]]
=== Changing Which Indices You're Searching
When you submit a search request, the indices that match the currently-selected
index pattern are searched. The current index pattern is shown below the toolbar.
To change which indices you are searching, click the index pattern and select a
different index pattern.
For more information about index patterns, see <<settings-create-pattern,
Creating an Index Pattern>>.
[[autorefresh]]
=== Refreshing the Search Results
As more documents are added to the indices you're searching, the search results
shown in Discover and used to display visualizations get stale. You can
configure a refresh interval to periodically resubmit your searches to
retrieve the latest results.
To enable auto refresh:
. Click the *Time Picker* image:images/time-picker.jpg[Time Picker] in the
Kibana toolbar.
. Click *Auto refresh*.
. Choose a refresh interval from the list.
+
image::images/autorefresh-intervals.png[]
When auto refresh is enabled, the refresh interval is displayed next to the
Time Picker, along with a Pause button. To temporarily disable auto refresh,
click *Pause*.
NOTE: If auto refresh is not enabled, you can manually refresh visualizations
by clicking *Refresh*.
Reference in a new issue View git blame Copy permalink