Is there a way to query for a value of a certain length in Kibana?
For example, given the following two KV pairs:
key: "some"
key: "something"
I would like to search for key.length > 5 and retrieve "something" only.
The other option I see is to add a tag from logstash, but then I'll have to reload a couple hundred GB.
You can use script query to do that in Kibana. Script Query in Kibana, There is an example for script query with key's length more than 5:
{
"query": {
"filtered": {
"filter": {
"script": {
"script": "doc['key'].getValue().length() > 5"
}
}
}
}
}
And also you need to enable script search in elasticsearch, you need to add the below config into elasticsearch.yml:
script.engine.groovy.inline.search: on