All Products
Search

This Product

    Elasticsearch:Use Kibana Discover to visualize time series data

    Document Center

    Elasticsearch:Use Kibana Discover to visualize time series data

    Last Updated:Mar 26, 2026

    Kibana Discover lets you search, filter, and explore large volumes of data within a specific time range. With Discover, you can:

    • Search and filter time-series data using Kibana Query Language (KQL)

    • Browse and expand individual documents to examine field values

    • View documents that occurred before or after a specific log entry

    • Adjust the time range and histogram interval to focus on any period

    Background information

    Discover helps Kibana find your data and search and filter it for hidden insights and relationships. For more information, see open source Kibana documentation.

    Prerequisites

    Before you begin, ensure that you have:

    Create an index pattern

    Before you can explore data in Discover, create an index pattern that maps to your Elasticsearch index.

    1. On the Kibana homepage, click the 导航栏图标 icon in the upper-left corner to show the names of tabs in the left-side navigation pane.

    2. In the left-side navigation pane, click Stack Management under Management.

    3. In the Kibana section, click Index Patterns.

    4. Click Create index pattern.

    5. Enter an index pattern name in the Index pattern name field, then click Next step. This guide uses nginx*.

      Create an index pattern

    6. Set the Time field parameter, then click Create index pattern. This guide uses @timestamp.

      Important

      If you delete indexes whose names start with .kibana, all index patterns are lost.

      Create an index pattern

    Explore data in Discover

    1. In the left-side navigation pane, click Discover under Kibana.

    2. Select the nginx* index pattern from the drop-down list.

      Select an index pattern

    3. On the right side of the Discover page or in the histogram, select a time range to view data within that period. For time filter configuration options, see Configure a time filter.

      View the histogram provided by Discover

    More features on the Discover page

    Overview of the Discover page

    Overview of the Discover page

    Configure a time filter

    The time filter controls the time range used to query data. By default, it is set to the previous 15 minutes. Use any of the following methods to change the time range:

    • Time picker icon: Click the 时间选择器 icon and specify a time range.

      Option Description
      Quick select Select a recent time range and use the back and forward arrows to move between ranges.
      Commonly used Select a preset range such as Last 15 minutes, Today, or This week.
      Recently used date ranges Reuse a time range you previously applied.
      Refresh every Set an automatic refresh frequency.

      Configure a time filter

    • Start or end time: Click the start time or end time. In the time picker that appears, select Absolute, Relative, or Now, then specify the time.

      Specify the start time and end time

    • Histogram selection: Select a time range directly from the histogram.

      • Click a bar to zoom in on that time range.

      • Click and drag to select a custom time range.

      • Select an interval from the drop-down list.

      Note To start a click-and-drag selection, move the pointer over the histogram background first. The pointer changes to a plus sign when it is over a valid start point.

      Select a time range from the histogram

    Search for data

    Use KQL to search for data. As you type a search query in the search bar, Discover suggests related fields, values, and operators. For more information about KQL syntax, see Kibana query syntax in the open source Kibana documentation.

    Search for data

    Modify displayed fields

    After a search, Discover shows all matching documents and displays the time field and _source field by default. To add a specific field, click the + icon next to the field name.

    Modify displayed fields

    For example, to display /var/log/nginx/error.log, click + next to that path in the field list.

    Fields displayed on the Discover page (2)

    View a document

    Expand a document to view its fields and apply filters. To see documents that occurred immediately before or after the selected document, click View surrounding documents in the upper-right corner. To open a single document on its own page, click View single document.

    View a document

    Troubleshooting

    No histogram appears after creating an index pattern

    Check whether the index contains time-series data. Open the index mappings and verify that at least one field has the type timestamp. If no such field exists, the histogram cannot render because Discover has no time field to plot.

    Searches return no results even though I enter a complete field value

    This is caused by the tokenizer behavior in Alibaba Cloud Elasticsearch clusters. Add a wildcard * to the field value in your search query to match tokenized terms.