Exclude file extensions in Kibana query/filter?

LeeSyd · February 17, 2016, 10:58am

Sorry, I'm sure this is going to be an easy answer but can anybody assist in excluding certain file extensions from a query? I'm getting HTTP URIs passed in and would like to exclude all Image files (*.png, *.jpg, *.ico etc).

I've gone through online documentation and tried filtering with

-httpURI: "*.png"

and

-httpURI.raw: "*.png"

along with variations of png inside and outside of quotes, brackets, with and without wildcards and also tried with my limited knowledge of RegEx but cannot get consistent exclusion?

Thanks in advance

LeeDr · February 17, 2016, 5:59pm

Hi Lee,

My logstash data has an extension field and I can filter out extensions by putting this in my search bar;

-extension:"png" -extension:"php"

I also have "url" field, and can filter with;

-url:*.png -url:"*.php"

The double quotes don't seem to matter around the "*.php" (I guess because there's no spaces).

It looks like you're doing the right thing. Maybe someone else can chime in if they know what's wrong.

Lee

Topic		Replies	Views
Trying to use a wildcard to filter the Kibana output Kibana	9	1798	March 5, 2024
Include and exclude pattern Kibana	3	3495	March 29, 2018
Filtering data in kibana with wildcard not working Kibana	9	27269	July 18, 2018
Filters in Visualization Kibana	2	388	January 19, 2022
Search a string in Kibana Elasticsearch	2	547	September 11, 2019

Exclude file extensions in Kibana query/filter?

Related topics