I am using Elasticsearch 5.4.1 and Kibana 5.4.1 . When I try to perform filter aggregations on field values like fieldName:fieldValue , I get no results.However when I only enter the fieldValue as a filter I obtain a list with matching fieldValue from all the fields. I am not able to figure out the issue.
I captured the request using chrome developer tools.Following request is fired when I use fieldName:fieldValue
{"index":"logstash-*","ignore_unavailable":true,"preference":1499662909171}
{"query":{"bool":{"must":[{"query_string":{"analyze_wildcard":true,"query":"*"}},{"range":{"#timestamp":{"gte":1499612400000,"lte":1499698799999,"format":"epoch_millis"}}}],"must_not":[]}},"size":0,"_source":{"excludes":[]},"aggs":{"2":{"date_histogram":{"field":"#timestamp","interval":"1h","time_zone":"Asia/Tokyo","min_doc_count":1},"aggs":{"3":{"filters":{"filters":{"Success":{"query_string":{"query":"Response Status:200","analyze_wildcard":true}},"Failed":{"query_string":{"query":"-Response Status:200","analyze_wildcard":true}}}}}}}}}
But when I use only fieldValue below request is fired
{"index":"logstash-*","ignore_unavailable":true,"preference":1499662909171}
{"query":{"bool":{"must":[{"query_string":{"analyze_wildcard":true,"query":"*"}},{"range":{"#timestamp":{"gte":1499612400000,"lte":1499698799999,"format":"epoch_millis"}}}],"must_not":[]}},"size":0,"_source":{"excludes":[]},"aggs":{"2":{"date_histogram":{"field":"#timestamp","interval":"1h","time_zone":"Asia/Tokyo","min_doc_count":1},"aggs":{"3":{"filters":{"filters":{"Success":{"query_string":{"query":"200","analyze_wildcard":true}},"Failed":{"query_string":{"query":"-200","analyze_wildcard":true}}}}}}}}}
I am not able to figure out the issue.
Thanks in advance !
Related
I am currently using Grafana v9.1.7 and ElasticSearch 8.4.2
What I'm trying to achieve is to create a dashboard that can filter the data by country. I have a keyword field named honeypot_country (it's a string that mapped into keyword in elastic). When this filter is selected, it should only provide set of data filtered by that country
I already tried to create a variable query to filter these data. But it doesn't filter as I want to. So, I hope anyone can help me with this issue. Thanks
Trying to search for a complete json request in kibana webapp.
Sample
Request body::
{"mobileNumber":"***** ","custType":"abc","rejectReasonDesc":"","applicationId":"*****"}
i want to filter only the request with "rejectReasonDesc":"" i.e empty reject reason desc value .
please help on this
Create index pattern to point to your index.
Click on Add filter link
Select rejectReasonDesc.keyword field as per below image
I am trying to implement some dashboard in Grafana on top of ElasticSearch index based on some user selection from dropdown ($Key). My dropdown Grafana variable reads $Key and I have mentioned the query to pull data for that $Key is like fields.key:$Key. Now the issue I am facing is , Grafana query string uses analyze_wildcard:true and I want exact match , is there a way to do it in Grafana.
If you go ahead and edit this file you can change the analyze_wildcard flag to false. I haven't quite figured out why this is hardcoded to true.
I am using olivere/elastic library for elasticsearch in my go app . I have list of values for a particular field (say fieldA) of elasticsearch document. I want to update a particular field of all document by searching on field fieldA .
This : Updating a record in ElasticSearch using olivere/elastic in google go
explains the update part. But in my case in don't have Id of documents to be updated . So, either i can make search call to retrieve document ids and then update them , or is there another way am missing? Thanks in Advance.
If you need to update a list of documents, you can use the Update By Query API. The unit tests give you a hint about how the syntax looks like. However, if you have individual values for individual documents, I guess there's no other way than updating them one by one. The fastest way to achieve that is by using the Bulk API.
I have the following URI which should retrieve all values from the Gender field.
http://localhost:9200/persons/_search?_source=Gender
However, it does not return me all the data in the index of the Gender field. I want to get the data distinct also.
I am consuming this REST API in AngularJS. Can someone help me to achieve this type of URI query ?
Thank you.
Elasticsearch returns 10 hits by default, unless otherwise specified by size.
To get distinct values of a field use terms aggregation.
Refer: ES-return-unique-values