When using the search bar, I'd like to have wildcards implied. For example, I have a dataset that has URLs in the url.full field. I'd like to be able to enter in the search bar url.domain: google and it matches on any value that has google in it. Is this possible?
You can use the 'wildcard query' in Elasticsearch (Wildcard query | Elasticsearch Guide [8.14] | Elastic).
For example:
GET /websites/_search
{
"query": {
"wildcard": {
"url.domain": "*google*"
}
}
}
This would return any document that has "google" in the url.domain field.
Yes, I'm aware of this as an Elasticsearch/Kibana admin/"power user". I'm talking about people who are not in IT seeing the search bar and just typing in google and expect to see anything that mentions Google, google, www.google.com, etc...
Are you talking about creating a web application and a search bar to accomplish this, or using the search bar from Kibana UI itself?
For the example your are giving, that should work out of the box with a default text field.
Because the following strings are analyzed this way:
Google->googlegoogle->googlewww.google.com->www,google,com
So searching for google will match the 3 terms.
It depends on the type used for url.domain and its analyzer if it's a text field.
ah, you got me on a special character. Those all do indeed work, but I also meant something like a user searching for google and seeing googleapis.com in the results as well. I'm working within the Elastic ECS schema and, currently, looking at the url.domain field and using the default analyzer on ingest and search.
Not trying to move the goal post, I just wasn't completely clear.