DocumentationChaosSearch Blog
StatusHome Page

Getting Started with Search Analytics

Run Discover searches, create visualizations and dashboards, and monitor for conditions in your indexed data.

Suggest Edits

Search Analytics is the console page that opens an embedded OpenSearch Dashboards analytics interface with powerful log analytics features. You must have at least one object group and a view for that group to use Search Analytics.

There are five steps to run a basic Discover search:

  1. Make sure that you are on the Discover page.

  2. Select a view in the drop-down list to specify the indexed data that you want to search.

  3. Specify one or more search terms in the Search field. (If you leave Search blank, as in the screen above, the search returns all of the records for the time frame. A wide search is not very practical for indexes with billions of records, but a short time range can show you a few sample records to begin your search analytics with more refined filters.)

  4. Specify a time frame. The default is the last 15 minutes of data. For live indexes, the last 15 minutes is usually a good time range, or perhaps the last hour. (Use a time range aligned with the timestamps in the records inside the indexed data.)

  5. Click Refresh (or Refresh data) to run the search. A sample screen with several filter controls to narrow the results follows.

You can combine the field-level search criteria with AND, OR, and NOT syntax to create even more granular searches.

πŸ‘

NOTES:

OpenSearch Dashboards supports many search value options such as wildcards, field-level searches, filter searches and combinations. More information is available in the Search Analytics help topics.

The Discover page uses Dashboards Query Language (DQL) by default. If you click the DQL link, you can turn off DQL and use Lucene search syntax instead.

Visualizations and Dashboards

Visualizations offer another representation that turn your search queries into graphical or tabular displays that can be quickly reviewed to show important information in your indexed data. You might have some dashboards and visualizations built by ChaosSearch Customer Success or your data analysts.

Click the Visualize or the Dashboard options in the left menu to see if there are pre-built visualizations that you can use for your data. The following image is a sample visualization of orders data showing a trend of orders by priority:

Dashboards combine multiple visualizations (either saved visualizations or ad-hoc ones created during dashboard development) on one page so that users can compare important factors for the data in a side-by-side summary. A sample dashboard for orders data follows with the bar chart visualization and another pie chart visualization:

Creating visualizations and dashboards can take some time and practice for new users to learn, especially for developing the analytics that support them. The OpenSearch Dashboards interface offers guidance to help with the process for creating them.

Updated 3 days ago