What is Discover for data exploration in Elasticsearch?

Elasticsearchquery~5 mins

Discover for data exploration in Elasticsearch

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Discover helps you look at your data quickly. It shows you raw data so you can understand what is inside your Elasticsearch index.

You want to see recent logs from your application to find errors.

You need to check if your data is coming into Elasticsearch correctly.

You want to explore what fields and values exist in your data.

You want to filter data to find specific records.

You want to get a quick overview of your data before making dashboards.

Syntax

Elasticsearch

GET /your-index-name/_search
{
  "query": {
    "match_all": {}
  },
  "size": 10
}

This is a basic Elasticsearch query to get 10 documents from an index.

Discover in Kibana uses similar queries behind the scenes to show data.

Examples

This query finds 5 documents where the message field contains the word 'error'.

Elasticsearch

GET /logs-2024/_search
{
  "query": {
    "match": {
      "message": "error"
    }
  },
  "size": 5
}

This query gets 10 documents with dates in January 2024.

Elasticsearch

GET /sales-data/_search
{
  "query": {
    "range": {
      "date": {
        "gte": "2024-01-01",
        "lte": "2024-01-31"
      }
    }
  },
  "size": 10
}

Sample Program

This example fetches 3 documents from 'my-index' to explore the data.

Elasticsearch

GET /my-index/_search
{
  "query": {
    "match_all": {}
  },
  "size": 3
}

OutputSuccess

Important Notes

Discover shows raw documents so you can see exactly what data is stored.

You can filter and search in Discover to narrow down data quickly.

Discover is a great first step before building visualizations or dashboards.

Summary

Discover lets you explore raw data in Elasticsearch indexes.

You use simple queries to find and filter data.

It helps you understand your data before deeper analysis.