2020-06-01 14:55:26 -04:00
|
|
|
[[search-your-data]]
|
|
|
|
= Search your data
|
|
|
|
|
|
|
|
[partintro]
|
|
|
|
--
|
|
|
|
|
|
|
|
[[search-query]]
|
|
|
|
A _search query_, or _query_, is a request for information about data in one or
|
|
|
|
more {es} indices.
|
|
|
|
|
|
|
|
You can think of a query as a question, written in a way {es} understands.
|
|
|
|
Depending on your data, you can use a query to get answers to questions like:
|
|
|
|
|
|
|
|
* What pages on my website contain a specific word or phrase?
|
|
|
|
* What processes on my server take longer than 500 milliseconds to respond?
|
|
|
|
* What users on my network ran `regsvr32.exe` within the last week?
|
2020-06-15 16:42:57 -04:00
|
|
|
* How many of my products have a price greater than $20?
|
2020-06-01 14:55:26 -04:00
|
|
|
|
|
|
|
A _search_ consists of one or more queries that are combined and sent to {es}.
|
2020-06-01 18:01:46 -04:00
|
|
|
Documents that match a search's queries are returned in the _hits_, or
|
2020-06-01 14:55:26 -04:00
|
|
|
_search results_, of the response.
|
|
|
|
|
|
|
|
A search may also contain additional information used to better process its
|
|
|
|
queries. For example, a search may be limited to a specific index or only return
|
|
|
|
a specific number of results.
|
|
|
|
|
|
|
|
[discrete]
|
|
|
|
[[search-toc]]
|
|
|
|
=== In this section
|
|
|
|
|
|
|
|
* <<run-a-search>>
|
2020-06-15 16:42:57 -04:00
|
|
|
* <<near-real-time>>
|
2020-06-01 14:55:26 -04:00
|
|
|
* <<modules-cross-cluster-search>>
|
|
|
|
* <<async-search-intro>>
|
|
|
|
|
|
|
|
--
|
|
|
|
|
|
|
|
include::run-a-search.asciidoc[]
|
2020-06-15 16:42:57 -04:00
|
|
|
include::{es-repo-dir}/search/near-real-time.asciidoc[]
|
2020-06-01 14:55:26 -04:00
|
|
|
include::{es-repo-dir}/async-search.asciidoc[]
|
2020-06-15 16:42:57 -04:00
|
|
|
include::{es-repo-dir}/modules/cross-cluster-search.asciidoc[]
|