Fuzzy Search Query using KQL or Lucene

Tiharqa · April 23, 2023, 10:24am

I'm trying to find documents where the host.os.platform field has some words similar to host.os.name for example I want to use Kibana discover either Lucene or KQL for that.
This is what I came up with :

host.os.platform:*host.os.name*

This query uses a wildcard character * to match any characters before or after the value of host.os.name . So if host.os.name is "Rocky Linux", this query will match documents where host.os.platform contains any words that include "Rocky", such as "rocky", "rockylinux", "rocky-8", etc.

I m not getting results can any one may be advise on what I m doing wrong here.

update some thing what I came up with may it will help some one

host.name: *linux* and host.os.type: linux

nickpeihl · April 26, 2023, 2:14pm

Hi @Tiharqa. It looks like you have figured out the solution. I would only add that *linux* can be a very resource intensive query because the pattern begins with the wildcard character * . Note the Warning in this documentation.

system · May 24, 2023, 2:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Lucene Kibana Query in KQL? Kibana kql-kibana-query-language	2	393	July 23, 2019
Looking for way to search for wildcard with space characters. Does KQL have character escaping? Kibana	1	699	August 6, 2022
Wildcard search in field doesn't work as expected Kibana	3	1174	December 21, 2021
Query with wildcard and space not working Kibana	3	8113	December 14, 2019
Kibana query for special character in KQL Kibana kql-kibana-query-language	4	9646	April 17, 2020

Fuzzy Search Query using KQL or Lucene

Related topics