Kibana Discover

In Kibana, we have a Discover link on the left-hand side menu to discover our data. After configuring the Elasticsearch index, we can click on the Discover link, which will open the following screen:

In the preceding screen, we can see our data in tabular format with Time and _source. Time shows the exact date and time of data insertion in Elasticsearch and _source shows data in JSON format. In each row of data, we have an icon in front of the date and time to expand the view. When we expand the row, it shows us the following two tabs:

• Table: This is used to show the data in tabular format
• JSON: This is used to show the data in JSON format

Apart from the tab, there are two buttons, which are as follows:

• View surrounding documents: By default, it shows five surrounding documents along with the selected document
• View single document: This button opens the selected document only

The following screenshot shows the details of a single document from the index pattern on the Discover page:

Apart from these tabs and buttons, we have a search box on top of the page to search any field for this data. On the left side of the page, we have a dropdown to pick the index we want to see. Following on from this is the search box, where we have a link called Add a filter to filter the data. If we click on the link, it will open an Add filter box with Filter and Label textboxes to execute the filter on the data. The following screenshot shows the filter screen from where we can apply any filter or can edit an existing filter:

After applying the filter, the data is filtered as per the given filter option. We can also see the red box with the given filter details. We can get different links, such as select or unselect, pin or unpin, and delete filter and edit filter, by hovering over the red box with the filter details. In this box, we have a link called Edit Query DSL through which we can convert the filter into an Elasticsearch query and can modify it as per our requirements. The following screenshot shows the Elasticsearch query view of the applied filter:

By clicking on the Edit Query DSL option, we can convert the Filter textbox window into a Elasticsearch query text-area with the Elasticsearch query for the applied filter. Through this screen, we can modify the Elasticsearch query as per our requirements or we can paste any external query that we had already created outside Kibana.

Apart from these options, we have a histogram at the top of the screen where we can see the timing of the data input:

Through this histogram, we can find out the time when the data is inserted into the Elasticsearch index. This graph is very helpful as it gives us an insight into the data input and how much data is inserted at any given time. We can set the refresh duration of this histogram from a dropdown, which is just on top of the graph. The dropdown has different options, such as auto, milliseconds, seconds, minutes, hours, days, weeks, months, and years. Based on the selected value, this graph is refreshed and we can set this value as per our requirements. On the x axis, the graph shows the field with the duration of display; for example, @timestamp per 30 minutes. The duration of the data is displayed in front of the dropdown, which is, for example, January 1, 2018, 00:00:00.000 - December 31, 2018, 23:59:59.999. This duration can be changed by clicking on the top right-hand corner link of the duration display and then changing the value from the open box.