0
0
Elasticsearchquery~10 mins

Discover for data exploration in Elasticsearch - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Concept Flow - Discover for data exploration
Open Discover
Select Index Pattern
Load Data Sample
Apply Filters and Queries
View and Analyze Results
Refine Search or Export Data
End
The flow shows how you open Discover, pick your data, filter and search, then analyze results step-by-step.
Execution Sample
Elasticsearch
GET /my-index/_search
{
  "query": {
    "match": { "status": "active" }
  }
}
This query searches the 'my-index' for documents where the 'status' field is 'active'.
Execution Table
StepActionQuery/FilterResult PreviewNotes
1Open DiscoverN/ADiscover UI loadsUser opens Discover in Kibana
2Select Index PatternIndex: my-indexSample data loadsData from 'my-index' is ready
3Apply Query{"match": {"status": "active"}}Filtered documents shownOnly documents with status 'active' appear
4Add FilterFilter: response_time > 100Further filtered resultsResults now only with response_time > 100
5View FieldsN/AFields and values displayedUser inspects fields in documents
6Export DataN/AData exported as CSVUser exports current view for offline use
7EndN/ASession endsUser finishes data exploration
💡 User finishes exploration or closes Discover
Variable Tracker
VariableStartAfter Step 3After Step 4Final
Selected IndexNonemy-indexmy-indexmy-index
QueryNone{"match": {"status": "active"}}{"match": {"status": "active"}}{"match": {"status": "active"}}
FiltersNoneNoneresponse_time > 100response_time > 100
Displayed DocumentsNoneDocs with status 'active'Docs with status 'active' and response_time > 100Same as after Step 4
Key Moments - 3 Insights
Why do I see fewer documents after applying the filter?
Because the filter narrows results to only those documents matching the filter condition, as shown in execution_table Step 4.
What happens if I change the index pattern?
The data sample reloads from the new index, resetting queries and filters, similar to execution_table Step 2.
Can I see all fields of a document at once?
Yes, Discover shows available fields for each document after loading data, as in Step 5.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what query is applied at Step 3?
ANo query applied
B{"range": {"response_time": {"gt": 100}}}
C{"match": {"status": "active"}}
D{"term": {"status": "inactive"}}
💡 Hint
Check the 'Query/Filter' column at Step 3 in the execution_table.
At which step does the filter 'response_time > 100' get applied?
AStep 4
BStep 2
CStep 3
DStep 5
💡 Hint
Look at the 'Action' and 'Query/Filter' columns in execution_table rows.
If the user changes the index pattern after Step 4, what happens to the filters?
AFilters remain the same
BFilters reset to none
CFilters double in number
DFilters become inactive but visible
💡 Hint
Refer to key_moments about changing index pattern and execution_table Step 2.
Concept Snapshot
Discover lets you explore data by:
- Selecting an index pattern
- Loading sample documents
- Applying queries and filters
- Viewing fields and values
- Exporting data
It helps find insights by filtering and searching interactively.
Full Transcript
Discover in Elasticsearch is a tool to explore your data visually. First, you open Discover and select an index pattern to load sample data. Then you can apply queries, like searching for documents where a field matches a value. You can add filters to narrow results further. Discover shows fields and values for each document so you can analyze them. Finally, you can export the data if needed. This step-by-step process helps you find and understand your data easily.