Failed to parse the query in Kibana

ankitsingh · September 3, 2020, 9:25am

Hi ,

I have this kind of data:
message: "message": "2020-09-02 08:11:55.000000000 +0000 state-handler: {"date":"2020-09-02T08:11:55.863Z","nfInstanceId":"0690e150-4c69-4d86-a49c-990bf056f333","instance":"ausf-nausf-auth-7cc94c6f97-p67xr","level":"INFO","catalog":"service-state","clusterDomain":"cluster.local","nfInstanceName":"default","subsystem":"","message":"Service state-handler is now in state STARTING","labels":["LIFECYCLE"],"hostname":"ausf-nausf-auth-7cc94c6f97-p67xr","vendor":"","service":"nausf-auth","arg":["state-handler"],"namespace":"ausf","id":"a54f347e-0b33-4ee2-9d65-97a40b2662a3","runid":"03093b3e-33b0-457d-83c2-cc3547ef4b5f","key":"STARTING","timestamp":1599034315863}",

I need to filter based on the labels so I am using the query like- message:"labels":["LIFECYCLE"]

but getting parsing error.
parse_exception: Encountered " ":" ": "" at line 1, column 16. Was expecting one of: ... ... ... "+" ... …

Could some one hepl plz.

Thanks for help.

matw · September 9, 2020, 7:28am

Hi and welcome to our community!

You need to escape " of your search query to make this work:

message: "\"labels\":[\"LIFECYCLE\"]"

However, it's high likely that you won't find documents this way, I guess you're searching a text field and data is indexed with default settings?

Best,
Matthias

system · October 7, 2020, 7:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.