elastic · florent-leborgne · Nov 14, 2025 · Nov 14, 2025 · Nov 14, 2025 · Nov 14, 2025
@@ -6,17 +6,59 @@ applies_to:
   serverless: ga
 products:
   - id: kibana
+description: Explore and analyze your Elasticsearch data with Discover in Kibana. Search, filter, visualize, and investigate documents to answer questions about your data.
 ---
 
-# Discover [discover]
+# Explore and analyze data with Discover [discover]
 
-You have questions about your data. What pages on your website contain a specific word or phrase? What events were logged most recently? What processes take longer than 500 milliseconds to respond?
+**Discover** in {{kib}} is your primary tool for exploring and analyzing data stored in {{es}}. Use Discover to search and filter your data, investigate document structure and field values, create visualizations, and save your analysis for later use or sharing with your team.
 
-$$$save-your-search$$$
-With **Discover**, you can quickly search and filter your data, get information about the structure of the fields, and display your findings in a visualization. You can also customize and save your Discover sessions and place them on a dashboard.
+Discover helps you answer questions about your data: What pages on your website contain specific terms? What events occurred most recently? Which processes exceed performance thresholds? With flexible querying using KQL, Lucene, or {{esql}}, you can quickly find the information you need.
 
 :::{image} /explore-analyze/images/kibana-hello-field.png
 :alt: A view of the Discover app
 :screenshot:
 :::
 
+## What you can do with Discover
+
+**Search and explore**
+: Search through your data using KQL, Lucene, or {{esql}}. Filter results to focus on what matters. Discover adapts its interface based on the type of data you're exploring, providing specialized experiences for logs, metrics, and other data types.
+
+**Analyze fields and documents**
+: View field statistics, examine individual documents, compare multiple documents side by side, and find patterns in your log data.
+
+**Visualize on the fly**
+: Create quick visualizations from aggregatable fields, or use {{esql}} to build charts directly from your queries.
+
+**Save and share**
+: Save your Discover sessions to reuse later, add them to dashboards, or share them with your team. You can also generate reports and create alerts based on your searches.
+
+## Get started
+
+New to Discover? Start with these resources:
+
+* **[Get started with Discover](discover/discover-get-started.md)** - A hands-on tutorial that walks you through exploring data, from loading data to filtering and visualizing your findings.
+* **[Using {{esql}}](discover/try-esql.md)** - Learn how to use the {{es}} Query Language for powerful data exploration.
+
+## Common tasks
+
+Once you're familiar with the basics, explore these guides for specific tasks:
+
+* **[Search and filter data](discover/search-and-filter.md)** - Build queries and apply filters to narrow down your results.
+* **[Customize the Discover view](discover/document-explorer.md)** - Adjust the layout, columns, and display options to suit your needs.
+* **[Save a search for reuse](discover/save-open-search.md)** - Save your Discover sessions and add them to dashboards.
+
+## Advanced features
+
+For more sophisticated use cases, see **[Advanced Discover features](discover/discover-advanced-guides.md)**:
+
+* Compare documents side by side
+* Add runtime fields to your {{data-source}}
+* Work with multiple tabs
+* Understand context-aware experiences
+* Run queries in the background
+* Generate alerts
+* Analyze field statistics and patterns
+* Search for relevance
+
@@ -0,0 +1,92 @@
+---
+navigation_title: Add fields
+mapped_pages:
+  - https://www.elastic.co/guide/en/kibana/current/discover.html#add-field-in-discover
+applies_to:
+  stack: ga
+  serverless: ga
+products:
+  - id: kibana
+description: Create runtime fields in Discover to extend your data views without reindexing. Compute values on the fly, combine fields, or extract new data from existing fields.
+---
+
+# Add runtime fields to {{data-sources}} from Discover [add-field-in-discover]
+
+Create [runtime fields](../../manage-data/data-store/mapping/runtime-fields.md) directly from **Discover** to extend your {{data-source}} without reindexing your data. Runtime fields are computed on the fly from your source data, allowing you to combine existing fields, extract new values, or perform calculations without modifying your indices.
+
+**Technical summary**: In **Discover**, click **Add a field** from the fields sidebar, select the field type, write a {{product.painless}} script using `emit(value)` to compute the field value from source data, and save to the {{data-source}}. Runtime fields are stored in the {{data-source}} definition and computed at query time.
+
+Use runtime fields when you need to add missing fields, combine data from multiple fields, or create calculated values for analysis and visualization.
+
+## Prerequisites
+
+* You need sufficient privileges to modify the {{data-source}}. Refer to [Granting access to {{kib}}](elasticsearch://reference/elasticsearch/roles.md).
+* You should understand [runtime fields](../../manage-data/data-store/mapping/runtime-fields.md) and the [{{product.painless}} scripting language](../scripting/modules-scripting-painless.md).
+
+## Add a runtime field
+
+1. In **Discover**, open the {{data-source}} you want to modify.
+2. In the fields sidebar, select **Add a field**.
+3. Select the **Type** of the new field from the dropdown menu (for example, `Keyword`, `Long`, `Boolean`, `Date`, or `IP`).
+4. **Name** the field. Choose a name that corresponds to the naming convention of other fields in the {{data-source}}. 
+5. Optionally, set a **Custom label** and **Description** for the field to make it more recognizable in your {{data-source}}. The custom label appears in **Discover** and other applications, while the field name is used in queries.
+6. Define the field value using one of these options:
+
+   * **Set value**: Define a script that determines the value to show for the field. This is required for computed fields.
+   * **Set format**: Set your preferred format for displaying the value. Changing the format can affect the value and prevent highlighting in **Discover**.
+
+   By default, if you don't enable **Set value**, the field value is retrieved from the source data if it already contains a field with the same name.
+
+7. In the **Advanced settings**, you can adjust the field popularity to make it appear higher or lower in the fields list. By default, **Discover** orders popular fields from most selected to least selected.
+8. Select **Save** to add the field to your {{data-source}}.
+
+The new field now appears in the fields list and can be added to the document table, used in queries, and visualized like any other field.
+
+## Usage examples
+
+### Example 1: Simple "Hello World" field
+
+This example creates a simple static text field:
+
+* **Name**: `hello`
+* **Type**: `Keyword`
+* **Set value**: enabled
+* **Script**:
+
+```ts
+emit("Hello World!");
+```
+
+### Example 2: Combine and convert fields
+
+This example combines first and last name fields from the ecommerce sample data, creating a "Last, First Initial" format:
+
+* **Name**: `customer`
+* **Type**: `Keyword`
+* **Set value**: enabled
+* **Script**:
+
+```ts
+String str = doc['customer_first_name.keyword'].value;
+char ch1 = str.charAt(0);
+emit(doc['customer_last_name.keyword'].value + ", " + ch1);
+```
+
+This creates a computed field that displays as "Smith, J" for a customer named John Smith.
+
+## Edit or remove a runtime field
+
+To modify or remove a runtime field you created:
+
+1. Find the field in the fields list in **Discover**.
+2. Hover over the field name and select the gear icon.
+3. Choose to edit the field definition or remove it from the {{data-source}}.
+
+Changes to runtime fields affect all applications using the same {{data-source}}.
+
+## Learn more
+
+* For more information on adding fields and {{product.painless}} scripting language examples, refer to [Explore your data with runtime fields](../find-and-organize/data-views.md#runtime-fields).
+* For advanced runtime field concepts, see [Runtime fields](../../manage-data/data-store/mapping/runtime-fields.md).
+* To learn about {{product.painless}} scripting, refer to [{{product.painless}} scripting language](../scripting/modules-scripting-painless.md).
+
@@ -20,6 +20,8 @@ If you have been using search sessions and upgrade to 9.2, your search sessions
 
 Sometimes you might need to search through large amounts of data, no matter how long the search takes. Consider a threat hunting scenario, where you need to search through years of data. 
 
+**Technical summary**: Enable by setting `data.search.sessions.enabled: true` in `kibana.yml`. From **Discover** or **Dashboards**, click **Send to background** to run long queries asynchronously. Monitor status and restore results using the background searches toolbar button.
+
 You can send your long-running searches to the background from **Discover** or **Dashboards** and let them run while you continue your work. 
 
 You can access your list of background searches at any time to check their status and manage them from the {icon}`background_task` **Background searches** button in the toolbar.

@@ -0,0 +1,79 @@
+---
+navigation_title: Compare documents
+mapped_pages:
+  - https://www.elastic.co/guide/en/kibana/current/discover.html#compare-documents-in-discover
+applies_to:
+  stack: ga
+  serverless: ga
+products:
+  - id: kibana
+description: Compare field values across multiple documents in Discover to identify differences, troubleshoot issues, and understand how values change across records.
+---
+
+# Compare documents in Discover [compare-documents-in-discover]
+
+Compare multiple documents side by side in **Discover** to identify differences in field values. This feature helps you troubleshoot issues by spotting variations between similar documents, track how values change across records, or identify patterns in your data.
+
+## Compare documents side by side
+
+1. In **Discover**, run your search to display the documents you want to compare.
+2. Select the results you want to compare from the **Documents** or **Results** tab. You can select multiple documents by clicking the checkbox next to each one.
+3. From the **Selected** menu in the table toolbar, choose **Compare selected**. 
+
+   The comparison view opens and shows the selected results next to each other.
+
+4. Compare the values of each field. By default, the first result you selected serves as the reference for displaying differences in the other results:
+
+   * When the value remains the same for a given field across all documents, it's displayed in **green**.
+   * When the value differs from the reference document, it's displayed in **red**.
+
+   ::::{tip}
+   You can change the result used as reference by selecting **Pin for comparison** from the contextual menu of any other result.
+   ::::
+
+   ![Comparison view in Discover](/explore-analyze/images/kibana-discover-compare-rows.png "")
+
+5. Optionally, customize the **Comparison settings** to adjust how differences are displayed:
+
+   * Choose to not highlight differences at all
+   * Show differences more granularly at the line, word, or character level
+   * Hide fields where the value matches across all results to focus only on differences
+
+6. Exit the comparison view at any time using the **Exit comparison mode** button at the top of the screen.
+
+## Copy selected documents
+
+After comparing documents, you may want to export the selected results for further analysis or record-keeping.
+
+1. Select the results you want to copy from the table.
+2. Open the **Selected** menu in the table toolbar.
+3. Choose one of the copy options:
+
+   * **Copy selection as text** - Copies the visible fields in a human-readable text format
+   * **Copy documents as JSON** - Copies the complete document data in JSON format
+
+The content is copied to your clipboard in the selected format. Only fields that are currently added to the table as columns are included in the text format. The JSON format includes all fields.
+
+:::{tip}
+You can also copy the content of a single cell to your clipboard using the quick actions that appear when hovering over the cell.
+:::
+
+## Filter to show only selected documents
+
+If you want to temporarily narrow your view to only the documents you've selected:
+
+1. Select the documents you want to focus on.
+2. Click the **Selected** menu in the table toolbar.
+3. Select **Show selected documents only**.
+
+**Discover** applies a filter to show only those documents. You can remove this filter at any time to return to your full result set.
+
+## Use cases
+
+Document comparison is particularly useful for:
+
+* **Troubleshooting**: Compare error logs to identify patterns or differences in failures
+* **Configuration analysis**: Check how settings vary across different hosts or environments
+* **Version comparison**: See what changed between different versions of a document
+* **Pattern recognition**: Identify common fields and values across similar events
+
@@ -0,0 +1,57 @@
+---
+navigation_title: Context-aware experiences
+mapped_pages:
+  - https://www.elastic.co/guide/en/kibana/current/discover.html#context-aware-discover
+applies_to:
+  stack: ga
+  serverless: ga
+products:
+  - id: kibana
+description: Discover provides specialized interfaces for logs, metrics, traces, and security data. Learn how context-aware experiences adapt to your data type and solution context.
+---
+
+# Context-aware experiences in Discover [context-aware-discover]
+
+**Discover** adapts its interface and features based on your data type and solution context. When you explore logs, metrics, traces, or security data within {{observability}} or Security solutions, **Discover** provides specialized views and capabilities tailored to that specific type of data.
+
+Context-aware experiences combine the right tools, visualizations, and workflows for your data type, making exploration more efficient and intuitive.
+
+## Available context-aware experiences
+
+**Discover** currently offers specialized experiences for the following data types:
+
+* **{{observability}}:**
+  * **[Logs exploration](/solutions/observability/logs/discover-logs.md)** - Tailored for exploring log data with log-specific features and UI elements.
+  * **[Metrics exploration](/solutions/observability/infra-and-hosts/discover-metrics.md)** {applies_to}`stack: preview 9.2` {applies_to}`serverless: preview` - Optimized for metrics data with metric-specific visualizations and analysis tools.
+% LINK/PAGE TBD  * **Traces exploration** - Specialized interface for distributed tracing data.
+% * **Security:**
+% LINK/PAGE TBD  * **Security data exploration** - Enhanced features for security event analysis.
+
+When you access **Discover** outside of a specific solution context, or when working with data types that don't have specialized experiences, you get the default **Discover** interface with all its core functionality for general-purpose data exploration.
+
+## Working with multiple data types
+
+Your query may include multiple data types that each have tailored experiences. For example, if you query both `logs-*` and `traces-*` indices within an {{observability}} context.
+
+In this case, **Discover** provides the default experience until it detects that you're interacting with a single type of data. For example, when you [expand a document to view its details](discover-get-started.md#look-inside-a-document), **Discover** recognizes the data type and switches to the appropriate context-aware experience for that document.
+
+## Check which experience is active
+
+You can verify which experience is currently active for your current Discover session. This helps you confirm whether the type of data you're exploring is properly detected or if Discover is using its default experience.
+
+1. Select **Inspect** from Discover's toolbar.
+2. Open the **View** dropdown, then select **Profiles**.
+
+The various profiles listed show details such as the active solution and data source contexts, which determine Discover's context-aware experiences.
+
+## Benefits of context-aware experiences
+
+Context-aware experiences provide several advantages:
+
+* **Optimized UI**: Field layouts, visualizations, and controls are tailored to the data type.
+* **Relevant features**: Only the features that make sense for your data type are surfaced.
+* **Solution integration**: Quick access to related applications and workflows within your solution area.
+* **Specialized queries**: Query suggestions and filters appropriate for the data type.
+
+By adapting to your context, **Discover** reduces complexity and helps you work more efficiently with your specific type of data.
+
@@ -0,0 +1,34 @@
+---
+navigation_title: Advanced features
+mapped_pages:
+  - https://www.elastic.co/guide/en/kibana/current/discover.html
+applies_to:
+  stack: ga
+  serverless: ga
+products:
+  - id: kibana
+description: Advanced features for data exploration in Discover including document comparison, runtime fields, tabs, background queries, alerts, and pattern analysis.
+---
+
+# Advanced data exploration features in Discover
+
+After mastering the basics of **Discover**, these advanced features help you work more efficiently with complex data exploration tasks. Compare documents to identify differences, create runtime fields without reindexing, run multiple explorations simultaneously, and set up automated monitoring with alerts.
+
+## Advanced data manipulation
+
+* **[Compare documents](compare-documents.md)** - Compare field values across multiple documents side by side to identify differences and patterns.
+* **[Add fields to your {{data-source}}](add-fields-to-data-views.md)** - Create runtime fields on the fly to extend your data model without reindexing.
+
+## Specialized exploration
+
+* **[Work with tabs](work-with-tabs.md)** - Run multiple explorations simultaneously in separate tabs to compare queries, time periods, or data sources.
+* **[Context-aware experiences](context-aware-discover.md)** - Understand how Discover adapts its interface for logs, metrics, traces, and security data.
+* **[Run queries in the background](background-search.md)** - Send long-running queries to the background while you continue working.
+
+## Integration and analysis
+
+* **[Generate alerts from Discover](generate-alerts-from-discover.md)** - Create rules that periodically check your data against conditions and send notifications.
+* **[View field statistics](show-field-statistics.md)** - Explore field distributions, top values, and statistical summaries.
+* **[Run pattern analysis](run-pattern-analysis-discover.md)** - Find patterns in unstructured log messages with log pattern analysis.
+* **[Search for relevance](discover-search-for-relevance.md)** - Sort documents by relevance score to find the most relevant results.
+