You might notice that initially, no results are found. By default, the time filter is set to the last 15 minutes. So if there was no activity in that time period we won't see any data. Follow these steps to change the time filter:
Set the time filter
Kibana Visualization
CHAOSSEARCH's Kibana nodes are currently running in us-east, you may see a discrepancy in Discover if you are outside of the us-east region. The system is set to UTC-4.
- Click the Time Picker
- Select the desired time period
The histogram shows a window of data over the specified time period. Click and drag inside of the histogram to zoom into the desired duration of time.
Query your data
The power of CHAOSSEARCH is the ability to effectively transform S3 into Elasticsearch. Enter your desired search criteria into the search bar and press Enter or click .
Lucene query syntax
Elasticsearch uses the Lucene query syntax for searches. Refer to query string syntax for more information about constructing your queries.
Explore file details
Click the expand button to the left of any row in the search results to view all file data.
By default, the data is displayed in a tabular format. To view the data as a JSON object, click the JSON tab.
Save a query
Saving queries allows you to quickly reload them in the Discover screen as well as use them as the foundation for creating visualizations. To save a query:
- Click Save
- Enter a name for the query - for this example we use AppCost
- Click Save
More information
Check out the Kibana documentation for more information about exploring your data through the Discover screen.
Updated 3 months ago