Can't seem to search for a period in the message field

dpcrown · December 30, 2015, 10:55pm

Hi everyone, I'm trying to do a really basic search in Kibana 4.0.1 but I'm having a lot of difficulty for some reason. Basically we want to search for ".prod" in the message field. The period is important, but Kibana seems to be ignoring it, returning everything that matches prod, even stuff like /PROD/whatever, which we don't want.

I've tried to escape the period with "", but there's no difference. Am I doing something wrong? Here's our filter:

"404" AND (".prod" OR ".cat")

It doesn't work on .prod or .cat.

spalger · December 30, 2015, 11:50pm

This is likely because of the way that elasticsearch is analyzing your field values and not something that Kibana can control. Checkout this section of the Elasticsearch Definitive Guide for more information about analysis.

Topic		Replies	Views
Search in kibana Discovery ignores some characters Kibana	4	366	April 29, 2019
This simple Kibana query has me flummoxed Kibana	3	593	December 29, 2017
How to create a query to match a period Kibana	2	572	July 6, 2017
Kibana filtering issue Kibana	2	200	August 7, 2023
Simple Kibana "term query" not searching the all the fields Kibana	6	2063	November 12, 2020

Can't seem to search for a period in the message field

Related topics