elasticsearch logstash syslog kibana-4 elasticsearch-2.0

Kibana Discover: filter errors, exceptions

I'm using Kibana Discover for filtering messages with different Severity levels.

According to RFC-3164 it may be done using formula:

i * 8 + <severity_level> = syslog_pri

Using this information I can filter errors with severity_level=3 using something like this:

# Here is some Python code to extract list of PRI's for errors:
[i*8 + 3 for i in range(24)]

syslog_pri: in (3, 11, 19, 27,...)

The question is: How to check IN condition in Kibana's search string?

Solution

The syntax from Kibana search bar should be the same as the one from query_string. Something like the following should work:

syslog_pri: (3 OR 11 OR 19 OR...)

brew install elasticsearch on M1 macbook results in "Bad CPU type in executable" error
Spring Data Elasticsearch Bulk Index/Delete - Millions of Records
fluentd with OpenSearch - where does the @timestamp field come from?
Storing and managing Forex trading tick data
mongodb fulltext searching strategy
Is it possible to use elasticsearch synonyms dynamically?
Elasticsearch showing received plaintext http traffic on an https channel in console
Wildcard/regexp query with asterix chacter
How to Count Unique Assets with Specific Severity in Elasticsearch?
Am I correct that Elasticsearch simple_query_string does not support wildcards, but only prefix queries?
ElasticSearch text array length
Elasticsearch Nested Aggregations with Spring data elasticsearch 5.2
How to check that all shards are moved from a specific elasticsearch node?
How do to an Elasticsearch ESQL Distinct Query?
How can I add a field to existing mapping with values in other fields?
Elastic Search sort documents with same score using another field value
OpenSearch with Spring Boot - Displaying docuemnts by number of keywors
How to one value come first during sort on that field Elastic Search
Retrieve selected fields from a search
Logstash main class JvmOptionsParser not found / cannot load
What is the difference between standard and language analyzer in Elasticsearch?
How can I count all the occurrences within my date_histogram?
Reliable .NET API for Elastic Search
Not working fuzzy logic when use the fuzzines.auto elasticsearch
Yellow health status on elastic causing kibana to fail at launch?
How to Enable Logging in Rails Application with OpenSearch and Searchkick Integration?
ElasticSearch - Unable To Search Using Fuzzy Match Query For Underscore in value (ES Fuzzy not matching underscore value)
registering a custom analyzer and using it in a template
Elasticsearch implement off-the-shelf language analyser but use custom tokeniser
KQL query Count and Limit Matching Documents in Time Frame