Filter logs with only DEBUG in them

mrkr188 · June 26, 2018, 7:22pm

Hello,

I am new to ELasticsearch. I'm having a hard time in finding out how to filter the logs in Kibana. We have ELK stack setup to view logs from kubernates cluster. I am able to get the log files using Kibana with this query. Since log is one of the field in data I get all the logs.

{
  "exists": {
    "field": "log"
  }
}

With this I get all logs with INFO, DEBUG, WARNING. I want to filter the logs based on string matching. I tried something like this, but it gives me an error.

{
  "exists": {
    "field": "log"
  },
 "query": {
        "regexp":{
            "name.first": "s.*y"
        }
 }
}

Could you please help me with the query?

cjcenizal · June 26, 2018, 7:54pm

Hi there,

Try using a BOOL query to combine your conditions:

GET _search
{
  "query": {
    "bool" : {
      "must" : [{
        "exists" : { "field" : "log" }
      }, {
        "regexp":{
          "name.first": "s.*y"
        }
      }]
    }
  }
}

Does this help?

Thanks,
CJ

mrkr188 · June 26, 2018, 9:00pm

Thanks for the answer.

It still doesn't seem to work. I think I must use some other identifier than "name.first". I tried using "log" since the field name i wanna match string is log. But it still didn't work. "wildcard" also doesn't seem to work.

Could you point me to a simple introduction to query language. I find the documents a bit too involved for a beginner like me.

system · July 24, 2018, 9:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.