Exclude file extensions in Kibana query/filter?

LeeSyd · February 17, 2016, 10:58am

Sorry, I'm sure this is going to be an easy answer but can anybody assist in excluding certain file extensions from a query? I'm getting HTTP URIs passed in and would like to exclude all Image files (*.png, *.jpg, *.ico etc).

I've gone through online documentation and tried filtering with

-httpURI: "*.png"

and

-httpURI.raw: "*.png"

along with variations of png inside and outside of quotes, brackets, with and without wildcards and also tried with my limited knowledge of RegEx but cannot get consistent exclusion?

Thanks in advance

LeeDr · February 17, 2016, 5:59pm

Hi Lee,

My logstash data has an extension field and I can filter out extensions by putting this in my search bar;

-extension:"png" -extension:"php"

I also have "url" field, and can filter with;

-url:*.png -url:"*.php"

The double quotes don't seem to matter around the "*.php" (I guess because there's no spaces).

It looks like you're doing the right thing. Maybe someone else can chime in if they know what's wrong.

Lee