The Maps application embeds the query bar for real-time ad hoc search. Only layers requesting data from Elasticsearch are filtered when you submit a search request.
You can create a layer that requests data from Elasticsearch from the following:
Searching across multiple indicesedit
Your map might contain multiple Elasticsearch indices. This can occur when your map contains two or more layers with Elasticsearch sources from different indices. This can also occur with a single layer with an Elasticsearch source and a Terms join.
Searching across multiple indices might sometimes result in empty layers. The most common cause for empty layers are searches for a field that exists in one index, but does not exist in other indices. Add _index to your search to include documents from indices that do not contain a search field.
For example, suppose you have a vector layer showing the
and another vector layer with
(See adding sample data
to install the
If you query for
machine.os.keyword : "osx"
kibana_sample_data_flights layer is empty because the index
kibana_sample_data_flights does not contain the field
machine.os.keyword and no documents match the query.
If you instead query for
machine.os.keyword : "osx" or _index : "kibana_sample_data_flights"
kibana_sample_data_flights layer includes data.