Exclude file extensions in Kibana query/filter?

LeeSyd · February 17, 2016, 10:58am

Sorry, I'm sure this is going to be an easy answer but can anybody assist in excluding certain file extensions from a query? I'm getting HTTP URIs passed in and would like to exclude all Image files (*.png, *.jpg, *.ico etc).

I've gone through online documentation and tried filtering with

-httpURI: "*.png"

and

-httpURI.raw: "*.png"

along with variations of png inside and outside of quotes, brackets, with and without wildcards and also tried with my limited knowledge of RegEx but cannot get consistent exclusion?

Thanks in advance

LeeDr · February 17, 2016, 5:59pm

Hi Lee,

My logstash data has an extension field and I can filter out extensions by putting this in my search bar;

-extension:"png" -extension:"php"

I also have "url" field, and can filter with;

-url:*.png -url:"*.php"

The double quotes don't seem to matter around the "*.php" (I guess because there's no spaces).

It looks like you're doing the right thing. Maybe someone else can chime in if they know what's wrong.

Lee

Topic		Replies	Views
Trying to use a wildcard to filter the Kibana output Kibana	9	1498	March 5, 2024
Filtering data in kibana with wildcard not working Kibana	9	27150	July 18, 2018
Query to exclude multiple wildcard values from single field Kibana	3	4484	February 6, 2019
[Kibana] - Add filter using specific regex Kibana	4	4062	April 12, 2019
Wildcard search Kibana + Filepath + Filename Kibana	4	4910	July 10, 2020

Exclude file extensions in Kibana query/filter?

Related Topics