Update Discover content for 2.0 features #8177
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| --- | ||
| layout: default | ||
| title: Defining and analyzing searches | ||
| parent: Analyzing data | ||
| nav_order: 10 | ||
| --- | ||
|
|
||
| # Defining and analyzing searches | ||
|
|
||
| Discovering and exploring data in OpenSearch Dashboards is a powerful way to gain insights from your data. The Discover application within OpenSearch Dashboards provides a flexible interface for defining and analyzing searches across your data. | ||
|
|
||
| ## Defining a search | ||
|
|
||
| To define a search, follow these steps: | ||
|
|
||
| 1. On the OpenSearch Dashboards navigation menu, select **Discover**. | ||
| 2. Choose the data you want to work with. In this case, choose `opensearch_dashboards_sample_data_flights` from the upper-left dropdown menu. | ||
| 3. Select the {::nomarkdown}<img src="{{site.url}}{{site.baseurl}}/images/icons/calendar-oui.png" class="inline-icon" alt="calendar icon"/>{:/} icon to change the time range of your search and then select **Refresh**. | ||
|
|
||
| ## Analyzing document tables | ||
|
|
||
| In OpenSearch, a document table stores unstructured data. In a document table, each row represents a single document, and each column contains document attributes. | ||
vagimeli marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| ### View document attributes | ||
vagimeli marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| To review document attributes, follow these steps: | ||
|
|
||
| 1. From the data table's left column, choose the {::nomarkdown}<img src="{{site.url}}{{site.baseurl}}/images/icons/inspect-icon.png" class="inline-icon" alt="inspect icon"/>{:/} icon to open the **Document Details** window. Select the {::nomarkdown}<img src="{{site.url}}{{site.baseurl}}/images/icons/minimize-icon.png" class="inline-icon" alt="minimize icon"/>{:/} icon to close the **Document Details** window. | ||
| 2. Examine the metadata. You can switch between the **Table** and **JSON** tabs to view the data in your preferred format. | ||
| 3. Select **View surrounding documents** to view data for other log entries either preceding or following your current document or select **View single document** to view a particular log entry. | ||
|
|
||
| ### Add or delete fields in document tables | ||
vagimeli marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| To add or delete fields in a document table, follow these steps: | ||
|
|
||
| 1. View the data fields listed under **Available fields** and select the {::nomarkdown}<img src="{{site.url}}{{site.baseurl}}/images/icons/plus-icon.png" class="inline-icon" alt="plus icon"/>{:/} icon to add the desired fields to the document table. The field will be automatically added to both **Selected fields** and the document table. For this example, choose the fields `Carrier`, `AvgTicketPrice`, and `Dest`. | ||
| 2. Select **Sort fields** > **Pick fields to sort by**. Drag and drop the chosen fields in the desired sort order. | ||
|
|
||
| ## Searching data | ||
|
|
||
| You can use the search toolbar to enter a [DQL]({{site.url}}{{site.baseurl}}/dashboards/discover/dql/) or [query string]({{site.url}}{{site.baseurl}}/query-dsl/full-text/query-string/) query. The search toolbar is best for basic queries; for full query and filter capability, use [query domain-specific language (DSL)]({{site.url}}{{site.baseurl}}/query-dsl/index/) in the [Dev Tools console]({{site.url}}{{site.baseurl}}/dashboards/dev-tools/index-dev/). | ||
vagimeli marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| For more information, see [Discover and Dashboard search toolbar]({{site.url}}{{site.baseurl}}/dashboards/index/#discover-and-dashboard-search-bar). | ||
|
|
||
| ## Filtering data | ||
|
|
||
| Filters allow you to narrow the results of a query by specifying certain criteria. You can filter by field, value, or range. The **Add filter** pop-up suggests the available fields and operators. | ||
vagimeli marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| To filter your data, follow these steps: | ||
|
|
||
| 1. Under the DQL search bar, choose **Add filter**. | ||
| 2. Select the desired options from the **Field**, **Operator**, and **Value** dropdown lists. For example, select `Cancelled`, `is`, and `true`. | ||
| 3. Choose **Save**. | ||
| 4. To remove a filter, choose the {::nomarkdown}<img src="{{site.url}}{{site.baseurl}}/images/icons/cross-icon.png" class="inline-icon" alt="cross icon"/>{:/} icon to the right of the filter name. | ||
|
|
||
| ## Saving a search | ||
|
|
||
| To save your search, including the query text, filters, and current data view, follow these steps: | ||
|
|
||
| 1. Select **Save** on the upper-right toolbar. | ||
| 2. Add a title, and then choose **Save**. | ||
| 3. Select **Open** on the upper-right toolbar to access your saved searches. | ||
|
|
||
| ## Visualizing data findings | ||
|
|
||
| To visualize your data findings, follow these steps: | ||
|
|
||
| 1. Select the {::nomarkdown}<img src="{{site.url}}{{site.baseurl}}/images/icons/inspect-icon.png" class="inline-icon" alt="inspect icon"/>{:/} icon to the right of the field you want to visualize. | ||
| 2. Select the **Visualize** button. When the **Visualize** application is launched, a visualization appears. | ||
|
|
||
| ## Setting alerts | ||
|
|
||
| Set alerts to notify you when your data exceeds your specified thresholds. Go to [Alerting dashboards and visualizations]({{site.url}}{{site.baseurl}}/observing-your-data/alerting/dashboards-alerting/) to learn about creating and managing alerts. | ||
vagimeli marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,77 @@ | ||||||
| --- | ||||||
vagimeli marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
| layout: default | ||||||
| title: Exploring query enhancements | ||||||
| parent: Analyzing data | ||||||
| nav_order: 20 | ||||||
| --- | ||||||
|
|
||||||
| # Exploring query enhancements | ||||||
| Introduced 2.18 | ||||||
| {: .label .label-purple } | ||||||
|
|
||||||
| Starting with OpenSearch 2.17, query enhancements have been made. These enhancements are experimental and may be subject to change or instability. Enhancements include the following: | ||||||
|
|
||||||
| - Query languages PPL and SQL, with **Query Assist** for PPL | ||||||
| - Multiline query editor for PPL and SQL and autocomplete for PPL and DQL | ||||||
|
There was a problem hiding this comment. did we wanted to mention the expand and collapse feature of the query editor? they can go from multiline to a single line There was a problem hiding this comment. @kavilla Please see revised text. You're welcome to make any necessary changes to the text. Thank you!
vagimeli marked this conversation as resolved.
Show resolved
Hide resolved
|
||||||
| - Data selector with **Data Explorer** that supports index patterns, indexes, and Amazon S3 connections and data configuration that supports selecting the appropriate query language based on the data type | ||||||
|
||||||
| - Link sharing through URLs without needing write permission to create an index pattern | ||||||
|
There was a problem hiding this comment. creating an index pattern with write permission is required which was a blocker for exploring data. non-privileged users would have to depend on someone with permission to create the index pattern for the data to be explored leading to suboptimal index patterns to be created as it would be easier to just do something like There was a problem hiding this comment. @kavilla @sejli Should the link sharing bullet be modified to read: |
||||||
|
|
||||||
| All existing functionality remains in OpenSearch 2.17, and the new features are designed to improve your data exploration experience. The **Enable query enhancements** is currently not on a minimal distribution. In a minimal distribution of OpenSearch and OpenSearch Dashboards, query enhancements do not provide access to PPL or SQL functionality. To use these features, the [OpenSearch SQL plugin]({{site.url}}{{site.baseurl}}/search-plugins/sql/settings/) is required. | ||||||
|
||||||
|
|
||||||
| Query enhancements work with a basic OpenSearch installation, but to enable SQL, PPL, and external data source queries, additional plugins such as the SQL plugin are necessary. Ensure that you have the [required plugins]({{site.url}}{{site.baseurl}}/install-and-configure/plugins/) installed to take full advantage of these query enhancement features. | ||||||
|
||||||
| Query enhancements work with a basic OpenSearch installation, but to enable SQL, PPL, and external data source queries, additional plugins such as the SQL plugin are necessary. Ensure that you have the [required plugins]({{site.url}}{{site.baseurl}}/install-and-configure/plugins/) installed to take full advantage of these query enhancement features. | |
| Query enhancements work with a basic OpenSearch installation, but to enable SQL, PPL, and external data source queries, additional plugins such as the SQL plugin are necessary. Index patterns require write permissions, but OpenSearch Dashboards enables data exploration through shared links, even for non-privileged users, though the SQL plugin must be installed on each external data source. Ensure that you have the [required plugins]({{site.url}}{{site.baseurl}}/install-and-configure/plugins/) installed to take full advantage of these query enhancement features. |
vagimeli marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
should we mention this available for non-DQL/Lucene queries?
There was a problem hiding this comment.
| 5. Select the **Recent queries** option within the query editor toolbar to display your recent queries. | |
| 5. Select the **Recent queries** option within the query editor toolbar to display your recent queries. This is available for non-DQL and Lucene queries. |
There was a problem hiding this comment.
nit: @vagimeli might have better context on the correct terms but worried about saying data sources given some users got confused. They are similar but different. Ideally data is broad strokes enough to be correct but like i said not sure what we wanted to communicate going forward to end users.
There was a problem hiding this comment.
@kavilla I'm open to suggestions. Please make a suggested rewrite and I'll accept changes. Thank you.
There was a problem hiding this comment.
didn't see it but should we call out that Query Assist for PPL but not necessarily available for all data sources
There was a problem hiding this comment.
@kavilla Should we tell user which specific data sources/types it's available for?
There was a problem hiding this comment.
Query Assist is only available in query enhancements when the data source itself supports it. It's dependent on if the user adds a cluster with query assist enabled/set up. I think we can call out that query assist is required on the OpenSearch data source, something like query assist is available when included data source has it available?
Uh oh!
There was an error while loading. Please reload this page.