Hello, I have files like below
I want to add multiple filters by exclude data with *.png *.js *.jsp etc
But it doesn't filter like expected.
Please help.
Regards,
Naresh
1 Like
If you want to filter based on extension, I would recommend that you parse it out into a separate filed at index time. Even if you were able to do what you want in Kibana, this type of leading wildcard query/filter is extremely inefficient and will not perform or scale well.
One of the filter is extension, other criteria may be /3dspace/* or /3dspace/common/*
How can i achieve that without parsing the HTTP Request into multiple fields.?
Because we wanted to see HTTP Requests with complete URL only, not splitting.
Regards,
Naresh
I suspect you will need to make sure you are filtering on a field that is mapped as keyword for this to work. Even with a trailing wildcard, which is not quite as bad as a leading wildcard, it may be slow at scale though.
It is already mapped as keyword
{"name":"HTTP_request","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":false,"readFromDocValues":false},
{"name":"HTTP_request.keyword","type":"string","count":0,"scripted":false,"searchable":true,"aggregatable":true,"readFromDocValues":true}
Regards,
Naresh
Which version of the stack are you using?
6.2.3
in the query lucene bar you can type
NOT HTTP_request : *.js AND NOT HTTP_request : *jsp AND NOT HTTP_request : *png
1 Like
Thank you very much. It worked with the lucene bar.
Is there any specific reason it is not working with "add a filter" option ?
2 Likes
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.