Hello,
I create visualize in Kibana, based on 2 terms (Name_Pass and Message ).
I search how to apply a specific filter on message_field (maybe with query dsl) :
If my message_field contains either the word "pass" or "pass" or "PASS"
=> To only keep the results that match
Message Field contains for example :
You a selected Pass Bolk
I want just the first and the last (because it contains word [P-p A-a S-s S-s]
lukas
September 1, 2017, 6:56pm
2
Is message_field analyzed? Could you provide the mapping for it?
It should just be a matter of doing something like message_field:pass if it is analyzed.
I don't know, i don't think here ma mapping in elasticsearch :
"mappings": {
"_default_": {
"dynamic_templates": [
{
"strings_as_keywords": {
"match_mapping_type": "string",
"mapping": {
"type": "keyword"
}
}
}
],
"_all": {
"enabled": false
},
lukas
September 7, 2017, 4:13pm
4
Did you try searching for message_field:pass in the search bar?
lukas:
essage_field:pass
Doesn't work. I try :
MESSAGE_TEXT:pass
I disable the _all field and i delete message field in logstash it's a problem ?
lukas
September 12, 2017, 3:54pm
6
Can you share your logstash config?
system
October 10, 2017, 3:54pm
7
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.