0
0
ElasticsearchHow-ToBeginner · 3 min read

How to Use Discover in Kibana: Quick Guide

In Kibana, use the Discover tab to explore your Elasticsearch data by selecting an index pattern and applying filters or search queries. It shows your data in a table format with time-based controls to help you analyze logs or events quickly.
📐

Syntax

The Discover feature in Kibana is accessed via the Kibana UI, not by code. The main parts include:

  • Index Pattern: Select the data source you want to explore.
  • Search Bar: Enter queries using Lucene or KQL to filter data.
  • Time Picker: Choose the time range for your data view.
  • Document Table: Displays the matching documents with fields you can customize.
elasticsearch
N/A
💻

Example

This example shows how to use Discover to find error logs in the last 24 hours:

  1. Open Kibana and click Discover.
  2. Select your index pattern, e.g., logs-*.
  3. Set the time picker to Last 24 hours.
  4. In the search bar, type log.level: "error" to filter error logs.
  5. View the filtered documents in the table below.
kql
log.level: "error"
Output
A table listing documents where the field 'log.level' equals 'error' from the last 24 hours.
⚠️

Common Pitfalls

Common mistakes when using Discover include:

  • Not selecting the correct index pattern, so no data appears.
  • Using incorrect query syntax, causing no results or errors.
  • Forgetting to set the time picker correctly, leading to empty results.
  • Not expanding fields in the document table to see full data.
kql
Wrong query example:
log.level = "error"

Right query example:
log.level: "error"
📊

Quick Reference

FeatureDescription
Index PatternChoose which Elasticsearch data to explore
Search BarFilter data using Lucene or KQL queries
Time PickerSet the time range for data display
Document TableView and customize fields of matching documents
Field ListAdd or remove fields shown in the table

Key Takeaways

Use the Discover tab in Kibana to explore Elasticsearch data interactively.
Always select the correct index pattern and set the time range before searching.
Write queries in Lucene or KQL syntax to filter your data effectively.
Customize the document table to see the fields you need.
Check common mistakes like wrong queries or time range to avoid empty results.

Related by keyword

How to Start Elasticsearch: Quick Guide for BeginnersGetting StartedHow to Install Elasticsearch: Step-by-Step GuideGetting StartedHow to Boost Field in Elasticsearch: Simple GuideFull Text SearchHow to Search with Synonyms in Elasticsearch: Simple GuideFull Text SearchHow to Configure Index Lifecycle in Elasticsearch: Step-by-Step GuideIndex Settings

Up next

How to Use Index Sorting for Performance in ElasticsearchHow to Use Routing in Elasticsearch for Efficient Data AccessHow to Create Ingest Pipeline in Elasticsearch QuicklyHow to Enrich Data During Indexing in Elasticsearch

More in Kibana

How to Connect Kibana to Elasticsearch: Simple Setup GuideHow to Create Dashboard in Kibana: Step-by-Step GuideHow to Create Index Pattern in Kibana: Step-by-Step GuideHow to Create Visualization in Kibana: Step-by-Step Guide