diff --git a/_dashboards/discover/defining-analyzing-searches.md b/_dashboards/discover/defining-analyzing-searches.md new file mode 100644 index 0000000000..f55e8884d5 --- /dev/null +++ b/_dashboards/discover/defining-analyzing-searches.md @@ -0,0 +1,73 @@ +--- +layout: default +title: Defining and analyzing searches +parent: Analyzing data +nav_order: 10 +--- + +# Defining and analyzing searches + +The **Discover** application in OpenSearch Dashboards offers a flexible interface for defining and analyzing searches across your data, enabling powerful insights and visualizations. + +## Defining a search + +To define a search, follow these steps: + +1. On the OpenSearch Dashboards navigation menu, select **Discover**. +2. Choose the data you want to work with. In this case, choose `opensearch_dashboards_sample_data_flights` from the upper-left dropdown menu. +3. Select the {::nomarkdown}calendar icon{:/} icon to change the time range of your search and then select **Refresh**. + +## Analyzing document tables + +OpenSearch uses document tables to store unstructured data, where each row corresponds to an individual document and columns represent various document attributes. + +### Viewing document attributes + +To review document attributes, follow these steps: + +1. From the data table's left column, choose the {::nomarkdown}inspect icon{:/} icon to open the **Document Details** window. Select the {::nomarkdown}minimize icon{:/} icon to close the **Document Details** window. +2. Examine the metadata. You can switch between the **Table** and **JSON** tabs to view the data in your preferred format. +3. Select **View surrounding documents** to view data for other log entries either preceding or following your current document or select **View single document** to view a particular log entry. + +### Adding or deleting fields in document tables + +To add or delete fields in a document table, follow these steps: + +1. View the data fields listed under **Available fields** and select the {::nomarkdown}plus icon{:/} icon to add the desired fields to the document table. The field will be automatically added to both **Selected fields** and the document table. For this example, choose the fields `Carrier`, `AvgTicketPrice`, and `Dest`. +2. Select **Sort fields** > **Pick fields to sort by**. Drag and drop the chosen fields in the desired sort order. + +## Searching data + +The search toolbar in **Discover** supports both [DQL]({{site.url}}{{site.baseurl}}/dashboards/discover/dql/) and [query string]({{site.url}}{{site.baseurl}}/query-dsl/full-text/query-string/) queries. For more complex queries and full filter capabilities, use [query domain-specific language (DSL)]({{site.url}}{{site.baseurl}}/query-dsl/index/) in the [Dev Tools console]({{site.url}}{{site.baseurl}}/dashboards/dev-tools/index-dev/). + +For more information, see [Discover and Dashboard search toolbar]({{site.url}}{{site.baseurl}}/dashboards/index/#discover-and-dashboard-search-bar). + +## Filtering data + +You can use filters to refine query results by specifying certain criteria such as field, value, or range. The **Add filter** feature provides suggestions for available fields and operators. + +To filter your data, follow these steps: + +1. Under the DQL search bar, choose **Add filter**. +2. Select the desired options from the **Field**, **Operator**, and **Value** dropdown lists. For example, select `Cancelled`, `is`, and `true`. +3. Choose **Save**. +4. To remove a filter, choose the {::nomarkdown}cross icon{:/} icon to the right of the filter name. + +## Saving a search + +To save your search, including the query text, filters, and current data view, follow these steps: + +1. Select **Save** on the upper-right toolbar. +2. Add a title, and then choose **Save**. +3. Select **Open** on the upper-right toolbar to access your saved searches. + +## Visualizing data findings + +To visualize your data findings, follow these steps: + +1. Select the {::nomarkdown}inspect icon{:/} icon to the right of the field you want to visualize. +2. Select the **Visualize** button. When the **Visualize** application is launched, a visualization appears. + +## Setting alerts + +Configure alerts to receive notifications when your data exceeds the specified thresholds. For detailed information about setting up and managing alerts, see [Alerting dashboards and visualizations]({{site.url}}{{site.baseurl}}/observing-your-data/alerting/dashboards-alerting/). diff --git a/_dashboards/discover/exploring-query-enhancements.md b/_dashboards/discover/exploring-query-enhancements.md new file mode 100644 index 0000000000..707639e5e6 --- /dev/null +++ b/_dashboards/discover/exploring-query-enhancements.md @@ -0,0 +1,79 @@ +--- +layout: default +title: Exploring query enhancements +parent: Analyzing data +nav_order: 20 +--- + +# Exploring query enhancements +Introduced 2.18 +{: .label .label-purple } + +Starting with OpenSearch 2.17, query enhancements have been made. These enhancements are experimental and may be subject to change or instability. Enhancements include the following: + +- Query languages PPL and SQL, with **Query Assist** for PPL +- Multiline query editor for PPL and SQL and autocomplete for PPL and DQL +- Query editor expand/collapse for multiline/single-line mode +- **Data Explorer** feature that supports diverse data sources, such as index patterns, indexes, and Amazon S3 connections, with built-in support for selecting the appropriate query language for your chosen data type +- OpenSearch Dashboards allows for exploring your data within your indexes without using index patterns +- Link sharing through URLs without needing write permission to create an index pattern + +OpenSearch 2.18 builds upon existing features with new query enhancements designed to improve data exploration. However, these enhancements, including PPL and SQL functionality, are not available in minimal distributions and require the separate installation of the [OpenSearch SQL plugin]({{site.url}}{{site.baseurl}}/search-plugins/sql/settings/). + +While query enhancements work with a standard OpenSearch installation, enabling SQL, PPL, and external data source queries requires additional plugins, particularly the SQL plugin. For optimal use of these query enhancement features, make sure to install the [required plugins]({{site.url}}{{site.baseurl}}/install-and-configure/plugins/) across all relevant data sources. + +You can leave your feedback at [https://forum.opensearch.org/)](https://forum.opensearch.org/) to help the OpenSearch open source project improve this feature. +{: .note} + +## Enabling query enhancements + +To enable the query enhancements through OpenSearch Dashboards, follow these steps: + +1. Go to **Dashboards Management** > **Advanced settings** > **Search** and toggle on **Enable query enhancements**. Tip: You can select the **Search** pane from the **Category** dropdown menu in the upper-right search bar. +2. Select the **Save** button to save your changes. +3. Reload the page as prompted in the pop-up message. + +Alternatively, you can override the setting on startup by running the following command: + +``` +./bin/opensearch-dashboards --uiSettings.overrides['query:enhancements:enabled']=true +``` +{% include copy-curl.html %} + +## Using the experimental features + +The following tutorials guide you through some of the experimental features and capabilities. + +### Query language enhancements + +You can now use PPL in **Discover**. Follow these steps to try out the feature: + +1. Go to **Discover** and select **PPL** from the query language dropdown menu in the upper-right search bar. You should see a dashboard containing the query editor, histogram, and data table panes. +2. Select a sample dataset. For this example, select `opensearch_dashboards_sample_data_ecommerce` from the data source dropdown menu above the query editor and adjust the time filter to **Last 1 year**. +3. Enter the following example PPL query: + +```json +source = opensearch_dashboards_sample_data_logs +| where tags = "success" +| where geo.dest = "US" +``` +{% include copy-curl.html %} + +4. View the resulting output that shows the number of successful log entries originating from the United States. You should see an updated histogram and data table following the query editor. +5. Select the **Recent queries** option within the query editor toolbar to display your recent queries. + +PPL and DQL provide an autocomplete option that suggests field names, functions, and syntax. + + +## Selecting data sources and data types through the UI + +You can now select your data sources and types from within the **Discover** dashboard. Follow these steps to try out the feature. + +1. From the **Discover** page, select a data source from the dropdown menu in the upper toolbar. +2. Select the **View all available data** button to display a list of your available data sources. You may need to refresh your page to display any newly added data sources. +3. Select the desired data source and follow steps displayed in the data sources window to manage your data source. + +You can now use **Query Assist** with PPL queries. With **Query Assist**, you can ask questions like _Are there any errors in my logs?_. The assistant includes predefined prompts. Follow these steps to try out the feature: + +1. Select **PPL** from the dropdown menu in the query toolbar. +2. Select the {::nomarkdown}query assist icon{:/} icon and choose a predefined question. The resulting output is displaying in the query editor pane. diff --git a/_dashboards/discover/index-discover.md b/_dashboards/discover/index-discover.md index 4e32c4f185..fb6814e4f9 100644 --- a/_dashboards/discover/index-discover.md +++ b/_dashboards/discover/index-discover.md @@ -9,105 +9,12 @@ redirect_from: # Analyzing data -To analyze your data in OpenSearch and visualize key metrics, you can use the **Discover** application in OpenSearch Dashboards. An example of data analysis in **Discover** is shown in the following image. - -A Discover default page +You can analyze your data in OpenSearch and visualize key metrics using the **Discover** application in OpenSearch Dashboards. Using **Discover**, you can explore and visualize data from various data sources, data types, and query languages. ## Getting started -In this tutorial, you'll learn about using **Discover** to: - -- Add data. -- Interpret and visualize data. -- Share data findings. -- Set alerts. - -Before getting started, make sure you: +Before getting started with exploring and visualizing your data using **Discover**, make sure you: - Install [OpenSearch Dashboards](https://opensearch.org/downloads.html). -- Add sample data or import your own data into OpenSearch. Go to the [OpenSearch Dashboards quickstart guide]({{site.url}}{{site.baseurl}}/dashboards/quickstart/) to learn about adding sample datasets. Go to [Managing indexes]({{site.url}}{{site.baseurl}}/im-plugin/index/) to learn about importing your own data. +- Add sample data or import your own data into OpenSearch. See [OpenSearch Dashboards quickstart guide]({{site.url}}{{site.baseurl}}/dashboards/quickstart/) to learn about adding sample datasets or [Managing indexes]({{site.url}}{{site.baseurl}}/im-plugin/index/) to learn about importing your own data. - Have a foundational understanding of [OpenSearch documents and indexes]({{site.url}}{{site.baseurl}}/im-plugin/index/). - -## Defining the search - -To define a search, follow these steps: - -1. On the OpenSearch Dashboards navigation menu, select **Discover**. -2. Choose the data you want to work with. In this case, choose `opensearch_dashboards_sample_data_flights` from the upper-left dropdown menu. -3. Select the {::nomarkdown}calendar icon{:/} icon to change the time range of your search and then select **Refresh**. - -The resulting view is shown in the following image. - -Discover interface showing search of flight sample data for Last 7 days - -## Analyzing document tables - -In OpenSearch, a document table stores unstructured data. In a document table, each row represents a single document, and each column contains document attributes. - -To examine document attributes, follow these steps: - -1. From the data table's left column, choose the {::nomarkdown}inspect icon{:/} icon to open the **Document Details** window. Select the {::nomarkdown}minimize icon{:/} icon to close the **Document Details** window. -2. Examine the metadata. You can switch between the **Table** and **JSON** tabs to view the data in your preferred format. -3. Select **View surrounding documents** to view data for other log entries either preceding or following your current document or select **View single document** to view a particular log entry. - -The resulting view is shown in the following image. - -Document attributes - -To add or delete fields in a document table, follow these steps: - -1. View the data fields listed under **Available fields** and select the {::nomarkdown}plus icon{:/} icon to add the desired fields to the document table. The field will be automatically added to both **Selected fields** and the document table. For this example, choose the fields `Carrier`, `AvgTicketPrice`, and `Dest`. -2. Select **Sort fields** > **Pick fields to sort by**. Drag and drop the chosen fields in the desired sort order. - -The resulting view is shown in the following image. - -Adding and deleting data fields - -## Searching data - -You can use the search toolbar to enter a [DQL]({{site.url}}{{site.baseurl}}/dashboards/discover/dql/) or [query string]({{site.url}}{{site.baseurl}}/query-dsl/full-text/query-string/) query. The search toolbar is best for basic queries; for full query and filter capability, use [query domain-specific language (DSL)]({{site.url}}{{site.baseurl}}/query-dsl/index/) in the [Dev Tools console]({{site.url}}{{site.baseurl}}/dashboards/dev-tools/index-dev/). - -For more information, see [Discover and Dashboard search toolbar]({{site.url}}{{site.baseurl}}/dashboards/index/#discover-and-dashboard-search-bar). - -## Filtering data - -Filters allow you to narrow the results of a query by specifying certain criteria. You can filter by field, value, or range. The **Add filter** pop-up suggests the available fields and operators. - -To filter your data, follow these steps: - -1. Under the DQL search bar, choose **Add filter**. -2. Select the desired options from the **Field**, **Operator**, and **Value** dropdown lists. For example, select `Cancelled`, `is`, and `true`. -3. Choose **Save**. -4. To remove a filter, choose the {::nomarkdown}cross icon{:/} icon to the right of the filter name. - -The resulting view is shown in the following image. - -Visualize data findings interface - -## Saving a search - -To save your search, including the query text, filters, and current data view, follow these steps: - -1. Select **Save** on the upper-right toolbar. -2. Add a title, and then choose **Save**. -3. Select **Open** on the upper-right toolbar to access your saved searches. - -## Visualizing data findings - -To visualize your data findings, follow these steps: - -1. Select the {::nomarkdown}inspect icon{:/} icon to the right of the field you want to visualize. - - The resulting view is shown in the following image. - - Visualize data findings interface - -2. Select the **Visualize** button. When the **Visualize** application is launched, a visualization appears. - - The resulting view is shown in the following image. - - Data visualization of flight sample data field destination - -## Setting alerts - -Set alerts to notify you when your data exceeds your specified thresholds. Go to [Alerting dashboards and visualizations]({{site.url}}{{site.baseurl}}/observing-your-data/alerting/dashboards-alerting/) to learn about creating and managing alerts. diff --git a/_dashboards/discover/time-filter.md b/_dashboards/discover/time-filter.md index 288138d079..0554f27b39 100644 --- a/_dashboards/discover/time-filter.md +++ b/_dashboards/discover/time-filter.md @@ -2,7 +2,7 @@ layout: default title: Time filter parent: Analyzing data -nav_order: 20 +nav_order: 50 redirect_from: - /dashboards/get-started/time-filter/ - /dashboards/discover/time-filter/ diff --git a/images/dashboards/query-assist.png b/images/dashboards/query-assist.png new file mode 100644 index 0000000000..d32e65193b Binary files /dev/null and b/images/dashboards/query-assist.png differ