Add In-Table Search (CTRL+F "like") Functionality to Discover Table (Unified Table)

[ninoslavmiskovic]

WHY

The CTRL+F browser search functionality is a critical tool for users, especially those working with large, complex datasets, such as logs and audit records. There are some users that rely heavily on this feature for quick and precise searches within Discover. The absence of this functionality in the current Discover UI has resulted in inefficient workflows, as the search is now limited to visible rows, leading to missed logs and slower performance.

As a result, many teams have developed workarounds like using separate Kibana spaces with the legacy table or third-party tools for browser-based searching. Bringing back this capability would greatly enhance the user experience and operational efficiency.

WHAT

The proposal is to implement the CTRL+F functionality directly within the Discover table. This feature would capture the user’s CTRL+F input and allow for searching across all loaded data (not just the visible rows) in the table. The feature should provide the following benefits:

• Search Across All Loaded Data: Users can search within the entirety of their data, even if it’s not visible on the screen, restoring the previous functionality.
• Browser-Like Search Experience: Mimic the native browser search functionality, enabling users to quickly locate specific transaction IDs, logs, and details.
• In-Table Search: Works specifically for the Unified Data Table in Discover, making it agnostic of the underlying data source while providing an intuitive and familiar search experience.
• Optional Feature: The CTRL+F shortcut would be optional for dashboards with multiple data tables, ensuring flexibility in its use.

Feature description

The feature will be implemented within the Discover table and triggered by the keyboard shortcut CTRL+F. When a user presses CTRL+F, the following actions will take place:

• A search UI will appear at the top of the table, allowing the user to input text for the search.
• The search will comb through all loaded data, not just the visible rows, and highlight matching results within the table.
• Users will be able to navigate between search results using keyboard shortcuts (e.g., pressing Enter to jump to the next match).
• The feature will be highly performant, taking into account large datasets with up to 10.000 rows.
• A toggle option will allow users to activate or deactivate this search functionality on dashboards with multiple tables, ensuring that CTRL+F behaves intuitively.

By integrating this functionality, we address a critical user need while improving data exploration efficiency and accuracy in the Discover experience.

[elasticmachine]

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

[davismcphee]

The feature will be highly performant, taking into account large datasets with up to millions of rows.

Issue looks good overall with the exception of this requirement. Millions of rows is a bit ambitious, especially since we couldn't really handle that many records in memory anyway. I'd probably shoot for 10,000 here since it's the ES|QL max and max for our "load more" functionality.

[ninoslavmiskovic]

I changed it 👍