I've been reading some post regarding include and exclude patterns and i'm still not sure what the correct syntax is.
Is there a single syntax to these pattern options or is it based on the field your searching for a pattern on? I've tried RegEx and the visual throws errors. Even tried
Lucene query format (http://www.lucenetutorial.com/lucene-query-syntax.html) - still get errors.
here is the error i keep getting: Error: [parsing_exception] Expected [START_OBJECT] under [size], but got a [VALUE_NUMBER] in [3], with { line=1 & col=427 }
@cisaksen - If you're running version 5.2.0 or 5.2.1 of Elasticsearch, this is a known issue. The Include/Exclude syntax that Kibana uses was accidentally removed when it should have been deprecated. If you upgrade Elasticsearch to 5.2.2, this is resolved.
@cisaksen Feel free to keep using it, we'll be upgrading Kibana to use the new syntax with 6.0 so you won't have to worry about anything. It just requires you to use 5.2.2 of Elasticsearch for the time being.
@cisaksen The Include/Exclude fields are used for the terms aggregation that is passed to Elasticsearch and it's the same as the Regular Expression Syntax
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
