I have a doc in Elasticsearch with different fieldnames, eg: a,b,c,d...
I want to use templating in Grafana to query a term aggregation in such way that I get the values in a field. eg: i.
I'm trying to use this query:
{"find":"terms","field":"i","size":25}
but it does not return any values.
I know that there are some values as I query the same docs with Sense.
I have Grafana v 4.6.2 and Elasticsearch v 2.3.4
The field I wanted has a "-" in the string. ES sees it as a separator, this was the reason of the error.
Changing the field's mapping to "not analyzed" should help.
Related
I'm using elastic kibana Visualization and I have a field in the data that has a string value,
in my visualize I wanna use the range aggregation in order to make different group range of that field, however since the field is String value it does not show in Range aggregation field option.
what work around can be done to solve this issue? or maybe a way to use the data from another kibana chart in the Range aggregation Field option
I am trying to query Elasticsearch where source is as follows:
source => /home/user/logs/serviceA.inst-app3.test.log.INFO.20180204-084131.21231
I want to filter all messages where source is serviceA.*INFO*. However, Kibana returns empty list. For queries like serviceA.* or serviceA* queries, Kibana returns the result where serviceA.inst is highlighted. My suspicion is minus sign in the file name is causing the issue.
How to query Elasticsearch from Kibana with regex which has minus sign (-) in it?
I have an elasticsearch (version 1.7) cluster with multiple indices. Each index has multiple doc_types, and each has fields w/ a variety of types. I'd like to get a list of field names for a given field type. This would be a necessarily nested list. For example, I'd like to query for field type "string", and return {index1: {doc_type1.1: [field1.1.1, field1.1.2], ...} -- the leaves of this nested dicts are only those fields w/ the given type. So the hits for this query won't be documents but rather a subset of the cluster's mapping. Is this possible using Elasticsearch?
One solution: I know I can get the mapping as a dict using Python, then work on the mapping dict to recover this nested list. But I think there should be an elasticsearch way of doing this, not a Python solution. In my searches through the documentation I just keep finding the "type filter" which filters by doc_type, not field type.
There's currently no way of achieving this. The _mapping endpoint will return all fields of the request mapping type(s).
However, there might be a way, provided your fields have a special naming convention hinting at their type, for instance name_str (string field for "name"), age_int (integer field for "age"), etc. In this case, you could use response filtering on the _mapping call and retrieve only the fields ending with _str:
curl -XGET localhost:9200/yourindex/_mapping/yourtype?filter_path=*_str
I'm trying to do a query on Elasticsearch using the query string interface on a Geolocation. Specifically, I am trying to return all documents within a circle (point with radius). This is clearly possible using the full query DSL based on JSON. However, I can't find the syntax for the same search using query strings in the docs here:
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#query-string-syntax
Does this mean geo queries are not supported by query string queries?
Thanks
No. It's not supported as far as I know.
Is there a way in elasticsearch to query for a date type with a blank/empty value? What value gets assigned in the index to blank date fields?
Must I use the missing filter, or is there a way to use a query - a term maybe?
Thanks.
Unless you have a null_value specified on the date field, I believe missing filter is the recommended way.
This answer in elasticsearch discussion group talks about value being null in query is treated similar to the value not present the way elasticsearch looks at it.