To search the indices that match the current , enter your search criteria in the query bar. By default, you’ll use Kibana’s standard query language (KQL), which features autocomplete and a simple, easy-to-use syntax. If you prefer to use Kibana’s legacy query language, based on the Lucene , you can switch to it from the KQL popup in the query bar. When you enable the legacy query language, you can use the full JSON-based Elasticsearch Query DSL.

    Sometimes you want to search through large amounts of data no matter how long the search takes. While this might not happen often, there are times that long-running queries are required. Consider a threat hunting scenario where you need to search through years of data.

    By default, a query times out after 30 seconds. The timeout is in place to avoid unintentional load on the cluster.