Filtering data in kibana with wildcard not working

(Naresh Reddy) #1

Hello, I have files like below

I want to add multiple filters by exclude data with *.png *.js *.jsp etc


But it doesn't filter like expected.

Please help.


(Christian Dahlqvist) #2

If you want to filter based on extension, I would recommend that you parse it out into a separate filed at index time. Even if you were able to do what you want in Kibana, this type of leading wildcard query/filter is extremely inefficient and will not perform or scale well.

(Naresh Reddy) #3

One of the filter is extension, other criteria may be /3dspace/* or /3dspace/common/*

How can i achieve that without parsing the HTTP Request into multiple fields.?
Because we wanted to see HTTP Requests with complete URL only, not splitting.


(Christian Dahlqvist) #4

I suspect you will need to make sure you are filtering on a field that is mapped as keyword for this to work. Even with a trailing wildcard, which is not quite as bad as a leading wildcard, it may be slow at scale though.

(Naresh Reddy) #5

It is already mapped as keyword



(Christian Dahlqvist) #6

Which version of the stack are you using?

(Naresh Reddy) #7


(Guillaume Dufrenne) #8

in the query lucene bar you can type

NOT HTTP_request : *.js AND NOT HTTP_request : *jsp AND NOT HTTP_request : *png

(Naresh Reddy) #9

Thank you very much. It worked with the lucene bar.

Is there any specific reason it is not working with "add a filter" option ?

(system) #10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.