Enterprise Search (App Search) - Using Kibana for engine's content analysis

HI,

With a small workaround I know it is possible to get details from the Engines of appsearch shown and visualized within Kibana. This is done by putting a index pattern on the involved system indexes. What would be the possible impact of doing so and in general, to which extend can Kibana be used on top of appsearch.

Kibana is a visualization layer, hence mainly expect an increase of searches when using the engine-index. Normally this would be a 'full' result set as there is no ingest-date, but with a date field this can be made time-based to minimize the result.

Is this expectation valid and do you have any advise.

Hey @SanderP,

You're right, you can access the App Search indexes with an index pattern as mentioned here: Elastic index name with enterprise app search engine names - #2 by JasonStoltz.

Definitely be sure not to modify any of the data in those indexes. Otherwise, the performance impact is pretty minimal assuming you're not querying against that data very frequently. It depends on your cluster size, but less frequently than once a minute should be negligible on any cluster size.

What field would you intend to use as the time field? Most documents should have a created at field, and many should have updated at. You could also use a custom schema field contained in your document structure. Note that if you use system fields like the data used to track created at, there is no future guarantee that those fields will be preserved as they currently exist.

Ross

Hello @ross.bell ,

Thanks for the details. It is just for reading indeed, all trough the developer screen to directly link into the ES documents looks strong, as the appsearch API calls are not the same. But indeed not taking action on that part with modify actions.

We have a last_modified field which holds the date of the ingestion (date of sent of feeding system) which works fine. When I want to validate the full engine data I'm adjusting the timeframe to a long period (which of course could take more time to gather the data). I couldn't find a default engine/system field for creation at least.

Thanks for the information!

1 Like