On the kibana UI if I want to search the term car in text on a field named message I would do
message: "%car%"
that works.
If I want to find text that contains both car and bike, I would try
message:"%car%bike%"
but that did not work.
I also tried
message: carbike*
that didnt work either.
What the right way to do this?
Hi Vivek,
If you just enter 2 words in the Discover query bar with a space between them, you'll get results where any of the fields in the docs contain either of those words;
If you want to be specific on which fields should be searched you can list them (again with a space between);
So this finds docs where @message:uploads OR extension:jpg (the default is OR)
And this finds that meet both conditions; @message:uploads AND extension:jpg
Regards,
Lee
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
