Complex search - If you are bored

nlh · January 25, 2019, 5:01pm

OK figured it. missed Lucene at the end

{
  "index": "1cf03af0-037a-11e9-beef-5f4114182e77",
  "highlightAll": true,
  "version": true,
  "query": {
    "query_string": {
      "fields": [
        "process.cwd.keyword",
        "auditd.data.name.keyword",
        "auditd.paths.name.keyword",
        "file.path.keyword",
        "auditd.summary.object.primary.keyword"
      ],
      "query": "\\/PTC\\/*\\/code\\/*",
      "analyzer": "keyword",
      "analyze_wildcard": true
    },
    "language": "lucene"
  },
  "filter": []
}

Topic		Replies	Views
Trace queries and filters for audit Kibana	2	251	June 27, 2022
Use ElasticEearch Query as Filter DSL Query in Discover Section of Kibana Kibana	3	855	September 24, 2019
Kibana filters running as ES Queries Kibana	1	439	July 6, 2017
Does the same filtering that works for Discover also work for Logs? So far it's not for me Logs	4	817	December 14, 2018
Extract the underlying query from a filter which I created visually Kibana	4	13001	January 10, 2017

Complex search - If you are bored

Related topics