How to implement multiple keywords in filter in Kibana

elasticheart · February 9, 2017, 7:46am

Hi,

I have a query in Kibana like;

user_id:user1|user2

This displays entries having either user1 or user2. I made a positive filter for user_id like;

{
  "query": {
    "match": {
      "user_id": {
        "query": "user1|user2",
        "type": "phrase"
      }
    }
  }
}

which is not working. It works fine with a single keyword like;

{
  "query": {
    "match": {
      "user_id": {
        "query": "user1",
        "type": "phrase"
      }
    }
  }
}

My questions are,

Why is this happening?
Is it possible to include multiple keywords in a filter?
What is the best practice? Is it with multiple keywords (in query box. my first scenario), or applying a filter (second scenario) is better to save a search if I have ~100 keywords?

Thanks in advance..

LeeDr · February 9, 2017, 6:32pm

I think you're filter will work if you take out the , "type": "phrase"

I'm not sure which is better. Either one can be saved in a saved search. If you have a lot of docs you could do a test and look at the statistics in the spy panel to check the Request and Response time for both methods. But I'm guessing Elasticsearch is optimized so that both methods are essentially the same.

system · March 9, 2017, 6:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to acheive multiple filter in elastic search using API Kibana	1	319	October 24, 2022
Using multi_match in kibana filters Kibana	4	423	June 24, 2020
Kibana visualize filter Kibana	5	6791	December 15, 2017
How to query multiple fileds in Kibana Elasticsearch kql-kibana-query-language	23	2245	July 7, 2022
Filtering for multiple values of a single field Kibana	4	38078	September 18, 2017

How to implement multiple keywords in filter in Kibana

Related topics