Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to use slash ('/') in Kibana Discovery?

Tags:

elasticsearch

kibana

I'm testing ELK stack for nginx-access logs. It looks good except I have not found a way to search records in Kibana Discovery (v5.3.2) with a path that start with "/test/a". Search works if I remove slashes, but in this case, I get what I don't need - "/ololo/ololo?test=1"

I tried different requests:

path:/\/test\/a/
path:/\\/test\\/a/
path:"/test/a"
path:"\/test\/a"
path:"\\/test\\/a"

but nothing works as I expect.

Records:

[
{
    ...
    "path": "/test/a1"
    ...
},
{
    ...
    "path": "/test/a2"
    ...
},
{
    ...
    "path": "/ololo/ololo?test=1"
    ...
},        
]

Mapping:

"path": {
  "type": "string", 
  "index": "analyzed", 
},

Is there any way to search using slashes as part of pattern?

Update:

These patterns do not work too:

path:/.*\/test\/a.*/
path:/[\/]test[\/]a/
like image 206
Alexey Avatar asked Jul 07 '17 23:07

Alexey

People also ask

Can you use regex in Kibana?

Kibana Regex Searches Regular expression queries, also known as regex queries, return search results that contain terms matching a regular expression. We use regex queries when matching data patterns that use placeholder characters, known as operators.

How do you search a sentence in Kibana?

A phrase is a group of words surrounded by double quotation marks, such as "test search" . To search for an exact string, you need to wrap the string in double quotation marks.

How do I search multiple keywords in Kibana?

Text Search The query in Kibana is not case-sensitive. Use the asterisk sign ( * ) for a fuzzy string search. Hit the space bar to separate words and query multiple individual terms. For example, get elasticsearch locates elasticsearch and get as separate words.

How do you curl Kibana?

When you search for your query in the Kibana dashboard you will see the request appear in the developer console. There you can "right click" and select Copy as cURL , which will copy the curl command to your clipboard.

2 Answers

You need to change the mapping of the path field to not be analyzed, otherwise the slashes will not be indexed.

The mapping should be like this:

"path": {
  "type": "string", 
  "index": "not_analyzed",    <--- change this
},

Note that you need to delete your index and re-create it with the proper mapping in order for this to work.

After that you'll be able to search using the following query path:"/test/a"

like image 187
Val Avatar answered Nov 07 '22 07:11

Val

Use this query as example:

{
  "query": {
    "query_string": {
      "fields": [
        "path.keyword"
      ],
      "query": "\\/test\\/a\\/*",
      "analyzer": "keyword",
      "analyze_wildcard": true
    }
  }
}
like image 34
Thiago Falcao Avatar answered Nov 07 '22 07:11

Thiago Falcao
Sign in to Comment

Related questions

How to prevent Facet Terms from tokenizing
analyzed v not_analyzed or ...?
How to perform full text search on number fields in ElasticSearch?
Elasticsearch completion suggest search with multiple-word inputs
Use mongoosastic for an autocomplete
Should create multiple document types or multiple indexes?
ElasticSearch 5: MapperParserException with multi_field
Get default stop word list in elastic search
elastic search 5.1 why stored_fields does not return asked field?
How to setup ELK with node.js
ElasticSearch Java High level REST Client - Singleton or one instance per user?
ElasticSearch duplicate results with paging
Elasticsearch array must and must_not
ElasticSearch Rails - Setting a Custom Analyzer
How can i get unique suggestions without duplicates when i use completion suggester?
Count distinct on elastic search
What is the use of MongoDB in GrayLog2?
ElasticSearch Java Client querying nested objects
select matching objects from array in elasticsearch
How to use Python Elasticsearch mget() API

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!