Link Search Menu Expand Document Documentation Menu

Analyzing data

To analyze your data in OpenSearch and visualize key metrics, you can use the Discover application in OpenSearch Dashboards. An example of data analysis in Discover is shown in the following image.

A Discover default page

Getting started

In this tutorial, you’ll learn about using Discover to:

  • Add data.
  • Interpret and visualize data.
  • Share data findings.
  • Set alerts.

Before getting started, make sure you:

To define a search, follow these steps:

  1. On the OpenSearch Dashboards navigation menu, select Discover.
  2. Choose the data you want to work with. In this case, choose opensearch_dashboards_sample_data_flights from the upper-left dropdown menu.
  3. Select the calendar icon icon to change the time range of your search and then select Refresh.

The resulting view is shown in the following image.

Discover interface showing search of flight sample data for Last 7 days

Analyzing document tables

In OpenSearch, a document table stores unstructured data. In a document table, each row represents a single document, and each column contains document attributes.

To examine document attributes, follow these steps:

  1. From the data table’s left column, choose the inspect icon icon to open the Document Details window. Select the minimize icon icon to close the Document Details window.
  2. Examine the metadata. You can switch between the Table and JSON tabs to view the data in your preferred format.
  3. Select View surrounding documents to view data for other log entries either preceding or following your current document or select View single document to view a particular log entry.

The resulting view is shown in the following image.

Document attributes

To add or delete fields in a document table, follow these steps:

  1. View the data fields listed under Available fields and select the plus icon icon to add the desired fields to the document table. The field will be automatically added to both Selected fields and the document table. For this example, choose the fields Carrier, AvgTicketPrice, and Dest.
  2. Select Sort fields > Pick fields to sort by. Drag and drop the chosen fields in the desired sort order.

The resulting view is shown in the following image.

Adding and deleting data fields

Searching data

You can use the search toolbar to enter a DQL or query string query. The search toolbar is best for basic queries; for full query and filter capability, use query domain-specific language (DSL) in the Dev Tools console.

For more information, see Discover and Dashboard search toolbar.

Filtering data

Filters allow you to narrow the results of a query by specifying certain criteria. You can filter by field, value, or range. The Add filter pop-up suggests the available fields and operators.

To filter your data, follow these steps:

  1. Under the DQL search bar, choose Add filter.
  2. Select the desired options from the Field, Operator, and Value dropdown lists. For example, select Cancelled, is, and true.
  3. Choose Save.
  4. To remove a filter, choose the cross icon icon to the right of the filter name.

The resulting view is shown in the following image.

Visualize data findings interface

To save your search, including the query text, filters, and current data view, follow these steps:

  1. Select Save on the upper-right toolbar.
  2. Add a title, and then choose Save.
  3. Select Open on the upper-right toolbar to access your saved searches.

Visualizing data findings

To visualize your data findings, follow these steps:

  1. Select the inspect icon icon to the right of the field you want to visualize.

    The resulting view is shown in the following image.

    Visualize data findings interface

  2. Select the Visualize button. When the Visualize application is launched, a visualization appears.

    The resulting view is shown in the following image.

    Data visualization of flight sample data field destination

Setting alerts

Set alerts to notify you when your data exceeds your specified thresholds. Go to Alerting dashboards and visualizations to learn about creating and managing alerts.


Related articles

350 characters left

Have a question? .

Want to contribute? or .