2.11.1. Discover
The Discover section features a search engine with the following interface:
On the top left corner of the Discover section, we will find the add filter button that will allow us to filter the different hits for the specific index selected by the fields we can find on it.
On the Search input, we can add filters in KQL format, just like the following image. We can also see the hits for that search in the top left.
If we click on Add filter we can add a filter with the following format, selecting the field and the condition we want to add.
We can also add a filter as a Query DSL, as it is shown in the following image.
On the top right corner of the Discover section, we can select the hits we want to see from a specific time frame. The default time frame is Last 15 minutes.
On the left bar, we can find the index selected which will be the source of the hits searched, and a list of fields found in that index.
To change the index, we only need to select another option in the index selector.
In the center we will find, in the first place, the hits in a timeline graphic, that will match the previously set time frame.
And finally, we can find the list of hits matched with all the filters we have applied, from the index selected.
If we open one of these hits we can see all the fields it contains and theirs values.
There are some shortcuts that we can apply to a specific hit.
Filter for value: A filter is created including this field and this value.
Filter out value: A filter is created excluding this field and this value.
Toggle column in table: A new column is created for this field.
Filter for field present: A filter is created for hits containing this field.
See an example of Toggle column in table in the following image:
