elasticsearchkibanakibana-6
Kibana query for sentence (words with specific order) with 4 digit number
I am pretty new to Elasticsearch and want to find below sentence in message field
completed in ???? ms
where ???? are numbers
I have this at the moment
{
"query": {
"query_string": {
"analyze_wildcard": true,
"default_field": "*",
"query": "(message:completed) AND (message:in) AND (message:/[0-9]{4}/) AND (message:ms)"
}
}
}
But the problem is result also contains messages like this which I am not interested in
How can I specify order of matching words?
Thanks in advance
I've also tried this with no luck:
{
"query": {
"regexp": {
"message": {
"value": "completed in [0-9]{4} ms"
}
}
}
}
Solution
regex works on analyzed terms, regex as a phrase will not work You can use span query to achieve same. in terms to performance better option is to handle this at index time, probably create a structured log where subtext to query is a seperate field
{
"query": {
"span_near": {
"clauses": [
{
"span_term": {
"message": {
"value": "job"
}
}
},
{
"span_term": {
"message": {
"value": "completed"
}
}
},
{
"span_term": {
"message": {
"value": "in"
}
}
},
{
"span_multi": {
"match": {
"regexp": {
"message": "[0-9]{4}"
}
}
}
},
{
"span_term": {
"message": {
"value": "ms"
}
}
}
],
"slop": 0,
"in_order": true
}
}
}
- brew install elasticsearch on M1 macbook results in "Bad CPU type in executable" error
- Spring Data Elasticsearch Bulk Index/Delete - Millions of Records
- fluentd with OpenSearch - where does the @timestamp field come from?
- Storing and managing Forex trading tick data
- mongodb fulltext searching strategy
- Is it possible to use elasticsearch synonyms dynamically?
- Elasticsearch showing received plaintext http traffic on an https channel in console
- Wildcard/regexp query with asterix chacter
- How to Count Unique Assets with Specific Severity in Elasticsearch?
- Am I correct that Elasticsearch simple_query_string does not support wildcards, but only prefix queries?
- ElasticSearch text array length
- Elasticsearch Nested Aggregations with Spring data elasticsearch 5.2
- How to check that all shards are moved from a specific elasticsearch node?
- How do to an Elasticsearch ESQL Distinct Query?
- How can I add a field to existing mapping with values in other fields?
- Elastic Search sort documents with same score using another field value
- OpenSearch with Spring Boot - Displaying docuemnts by number of keywors
- How to one value come first during sort on that field Elastic Search
- Retrieve selected fields from a search
- Logstash main class JvmOptionsParser not found / cannot load
- What is the difference between standard and language analyzer in Elasticsearch?
- How can I count all the occurrences within my date_histogram?
- Reliable .NET API for Elastic Search
- Not working fuzzy logic when use the fuzzines.auto elasticsearch
- Yellow health status on elastic causing kibana to fail at launch?
- How to Enable Logging in Rails Application with OpenSearch and Searchkick Integration?
- ElasticSearch - Unable To Search Using Fuzzy Match Query For Underscore in value (ES Fuzzy not matching underscore value)
- registering a custom analyzer and using it in a template
- Elasticsearch implement off-the-shelf language analyser but use custom tokeniser
- KQL query Count and Limit Matching Documents in Time Frame