I have 2 documents in elasticsearch. There is a field domain that has 8.8.8.8 as value and other has ip-188-165-238.eu as value.
When I'm trying to find 8.8.8.8 it finds both of the documents.
Problem is that the dot "." is a separator in elasticsearch and I can't find any option to escape it in search query. I tried 8\.8\.8\.8 but still the same results.
The question is if there is any way of escaping dot in ES query? Or maybe some workaournd?
Related
there i tried searching query on index where the result should come by searching on the field . But the searching pattern should be like:
lets say i have 3 fields :A ,B,C .
so if the searched query matches on field A then return that value and don't perform search operation on other field B,C.
i tried using multi match and highlight feature to search but unable to get desired output...
So , if any one can help it will be great.
Thank you.
I am trying to search my logs within the search bar of Kibana UI for error codes that consist of:
a fixed 3 digit String
a minus
a 5 digit number
, e.g. TED-12345. The error codes can be located anywhere inside the message field
I tried the following Regex message: /.*TED-[0-9]{5}.*/ but it did not return the expected results. I probably mixed query and "search bar syntax". Can anybody suggest the correct regex?
Please make sure you have the Lucene syntax enabled for your queries, because Kibana Query Language does not support regular expressions.
From docs: https://www.elastic.co/guide/en/kibana/master/kuery-query.html
KQL has a different set of features than the Lucene query syntax. KQL is able to query nested fields and scripted fields. KQL does not support regular expressions or searching with fuzzy terms. To use the legacy Lucene syntax, click KQL next to the Search field, and then turn off KQL.
Does elasticsearch index pattern support wildcards other than '*' but would match ex. a single character?
I'm trying to solve an issue with wrong index matching that someone implemented:
Indexes are called index-{customername}-{date} (ex. index-google-2020-12-31) but author did not consider that {customername} can contain dash. As a result query
curl localhost:9200/index-google-company-*/_search would also match index index-google-company-spies-me-2020-12-31.
I could fing a symbol that is not allowed in the ID (ex. ~) but then I need to re-index all the data.
I am trying to query Elasticsearch where source is as follows:
source => /home/user/logs/serviceA.inst-app3.test.log.INFO.20180204-084131.21231
I want to filter all messages where source is serviceA.*INFO*. However, Kibana returns empty list. For queries like serviceA.* or serviceA* queries, Kibana returns the result where serviceA.inst is highlighted. My suspicion is minus sign in the file name is causing the issue.
How to query Elasticsearch from Kibana with regex which has minus sign (-) in it?
I have a analyzed field hostname and a not_analyzed field hostname.raw.
I'm trying to query a few hosts that have a dot in the field value, like
AP.MO.HALL-01
AP.MO.2FLOOR-01
When I try to query hostname:AP.MO.*, it also returns hosts with the value AP.MOOCA.HALL
When I try to query using the field that isn't analyzed, I get no results at all: hostname.raw:AP.MO.*
How can I make Kibana respect the dot before the wildcard?
I was able to get a similar issue resolved by using a RegEx query, and escaping the periods within the hostname.
Looking at your example, something similar to the following should work:
hostname: /.*AP\.MO\..*/