diff --git a/explore-analyze/discover/discover-get-started.md b/explore-analyze/discover/discover-get-started.md index a06ef93b6f..958fd7ae4a 100644 --- a/explore-analyze/discover/discover-get-started.md +++ b/explore-analyze/discover/discover-get-started.md @@ -206,7 +206,7 @@ Dive into an individual document to view its fields and the documents that occur * You can pin some fields by clicking the left column to keep them displayed even if you filter the table. ::::{tip} - You can restrict the fields listed in the detailed view to just the fields that you explicitly added to the **Discover** table, using the **Selected only** toggle. In ES|QL mode, you also have an option to hide fields with null values. + You can restrict the fields listed in the detailed view to just the fields that you explicitly added to the **Discover** table, using the **Selected only** toggle. In ES|QL mode, you also have an option to hide fields with null values. This toggle isn't available from the **View single document** page. :::: 3. To navigate to a view of the document that you can bookmark and share, select **View single document**. @@ -222,6 +222,10 @@ One of the unique capabilities of **Discover** is the ability to combine free te ![Search field in Discover](/explore-analyze/images/kibana-discover-search-field.png "") +:::{note} +Free text searches that don't specify a field may not return expected results depending on how the [`index.query.default_field` index setting](elasticsearch://reference/elasticsearch/index-settings/index-modules.md#index-query-default-field) is configured for the indices matching the current data view. +::: + To search particular fields and build more complex queries, use the [Kibana Query language](../query-filter/languages/kql.md). As you type, KQL prompts you with the fields you can search and the operators you can use to build a structured query. For example, search the ecommerce sample data for documents where the country matches US: @@ -255,13 +259,14 @@ For example, exclude results from the ecommerce sample data view where day of we You can use **Discover** with the Elasticsearch Query Language, ES|QL. When using ES|QL, you don’t have to select a data view. It’s your query that determines the data to explore and display in Discover. You can switch to the ES|QL mode of Discover from the application menu bar. - -:::{tip} If you've entered a KQL or Lucene query in the default mode of Discover, it automatically converts to ES|QL. -::: Note that in ES|QL mode, the **Documents** tab is named **Results**. +:::{important} +{applies_to}`stack: ga 9.1` When an ES|QL query times out, partial results that are available are shown. The timeout is defined by the `search:timeout` advanced setting, which is set to 10 minutes (600000 ms) by default. In serverless projects, this advanced setting is not customizable and the timeout is set to 10 minutes. +::: + Learn more about how to use ES|QL queries in [Using ES|QL](try-esql.md). diff --git a/explore-analyze/discover/try-esql.md b/explore-analyze/discover/try-esql.md index 9f6c9d6048..e52e76b621 100644 --- a/explore-analyze/discover/try-esql.md +++ b/explore-analyze/discover/try-esql.md @@ -40,7 +40,7 @@ To load the sample data: Let’s say we want to find out what operating system users have and how much RAM is on their machine. 3. Set the time range to **Last 7 days**. -4. Copy the query below: +4. Copy the following query. To make queries more readable, you can put each processing command on a new line. ```esql FROM kibana_sample_data_logs <1> @@ -49,17 +49,13 @@ To load the sample data: 1. We’re specifically looking for data from the sample web logs we just installed. 2. We’re only keeping the `machine.os` and `machine.ram` fields in the results table. - - ::::{tip} - Put each processing command on a new line for better readability. - :::: - -5. Click **▶Run**. - ![An image of the query result](/explore-analyze/images/kibana-esql-machine-os-ram.png "") + ::::{note} {{esql}} keywords are not case sensitive. :::: +5. Click **▶Run**. + ![An image of the query result](/explore-analyze/images/kibana-esql-machine-os-ram.png "") Let’s add `geo.dest` to our query to find out the geographical destination of the visits and limit the results. diff --git a/explore-analyze/images/kibana-discover-customize-table.png b/explore-analyze/images/kibana-discover-customize-table.png index 97e63cedc9..578f2cc402 100644 Binary files a/explore-analyze/images/kibana-discover-customize-table.png and b/explore-analyze/images/kibana-discover-customize-table.png differ