How to implement multiple keywords in filter in Kibana

elasticheart · February 9, 2017, 7:46am

Hi,

I have a query in Kibana like;

user_id:user1|user2

This displays entries having either user1 or user2. I made a positive filter for user_id like;

{
  "query": {
    "match": {
      "user_id": {
        "query": "user1|user2",
        "type": "phrase"
      }
    }
  }
}

which is not working. It works fine with a single keyword like;

{
  "query": {
    "match": {
      "user_id": {
        "query": "user1",
        "type": "phrase"
      }
    }
  }
}

My questions are,

Why is this happening?
Is it possible to include multiple keywords in a filter?
What is the best practice? Is it with multiple keywords (in query box. my first scenario), or applying a filter (second scenario) is better to save a search if I have ~100 keywords?

Thanks in advance..

LeeDr · February 9, 2017, 6:32pm

I think you're filter will work if you take out the , "type": "phrase"

I'm not sure which is better. Either one can be saved in a saved search. If you have a lot of docs you could do a test and look at the statistics in the spy panel to check the Request and Response time for both methods. But I'm guessing Elasticsearch is optimized so that both methods are essentially the same.

system · March 9, 2017, 6:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.