I'm new to curator for elasticsearch and trying to make re-indexing but I need to search indexes that contains word "debug" inside index.
I was trying to do it with
filters:
- filtertype: pattern
kind: regex
value: '^*.debug.*$'
But it doesn't work properly.
From devtools in kibana if I will do get *.debug*/_search it shows how it should be. But how can I do the same with actionfile?
Your regular expression does not match the GET statement.
GET *.debug*/_search
will not match the same indices as
value: '^*.debug.*$'
but value: '^*.debug*$' might match the same query string.
Related
I am new to elastic search and Kibana. In Kibana, while trying to fetch elastic search document in json, by default a bsearch query been executed with wildcard field search as below
fields: [{field: "*", include_unmapped: "true"}, {field: "timestamp",
format: "date_time"}]
This in turn returns all the document values as array under fields section. I need to turn off requesting fields in search query and its enough to have _source metadata in my json.
How to update the default query been searched in kibana? Thanks in advance
Installed elastic search version - 7.17.3
In Advanced Settings, you can turn on "Read fields from source" instead of using the Fields API, but it's soon going to be deprecated:
Does elasticsearch index pattern support wildcards other than '*' but would match ex. a single character?
I'm trying to solve an issue with wrong index matching that someone implemented:
Indexes are called index-{customername}-{date} (ex. index-google-2020-12-31) but author did not consider that {customername} can contain dash. As a result query
curl localhost:9200/index-google-company-*/_search would also match index index-google-company-spies-me-2020-12-31.
I could fing a symbol that is not allowed in the ID (ex. ~) but then I need to re-index all the data.
background:
elasticsearch version 6.2
curator version 5.4.1.
Now I can use curator to delete one index that order 7 days, but I have more than one index and I don't want to create more than one action.yml, such as :
actions:
1:
action: delete_indices
description: >-
Delete indices older than 7 days (based on index name), for student-prefixed indices. Ignore the error if the filter does not result in an actionable list of indices (ignore_empty_list) and exit cleanly.
options:
ignore_empty_list: True
disable_action: False
filters:
- filtertype: pattern
kind: prefix
value: student=
- filtertype: age
source: name
direction: older
timestring: '%Y-%m-%d'
unit: days
unit_count: 7
According to this action.yml, It deletes student=2017-XX-XX.
But I have many indices such as teacher, parent and so on.
I replace studnet= with *= but doesn't work.
So what can I do?
Thank you very much.
You try a few things. A few examples include:
You can omit the pattern filtertype, leaving only the age. This might delete other indices with %Y-%m-%d patterns, however. In that case, you might use a different pattern filter, but to exclude patterns you don't want to delete:
- filtertype: pattern
kind: prefix
value: omit_me
exclude: true
Replacing your pattern filter with this will delete all indices with %Y-%m-%d that are older than 7 days, except indices starting with omit_me.
You might set up a regex instead of a prefix. For example:
- filtertype: pattern
kind: regex
value: '^(student|parent|teacher).*$'
This will match indices starting with student, parent, or teacher.
I am trying to query Elasticsearch where source is as follows:
source => /home/user/logs/serviceA.inst-app3.test.log.INFO.20180204-084131.21231
I want to filter all messages where source is serviceA.*INFO*. However, Kibana returns empty list. For queries like serviceA.* or serviceA* queries, Kibana returns the result where serviceA.inst is highlighted. My suspicion is minus sign in the file name is causing the issue.
How to query Elasticsearch from Kibana with regex which has minus sign (-) in it?
I have a analyzed field hostname and a not_analyzed field hostname.raw.
I'm trying to query a few hosts that have a dot in the field value, like
AP.MO.HALL-01
AP.MO.2FLOOR-01
When I try to query hostname:AP.MO.*, it also returns hosts with the value AP.MOOCA.HALL
When I try to query using the field that isn't analyzed, I get no results at all: hostname.raw:AP.MO.*
How can I make Kibana respect the dot before the wildcard?
I was able to get a similar issue resolved by using a RegEx query, and escaping the periods within the hostname.
Looking at your example, something similar to the following should work:
hostname: /.*AP\.MO\..*/