Is wildcard queries not supporting in kibana discovery search ? want to search the all pods/container names in particular namespace

Want to search the all pods/container names in particular namespace in kibana discovery search

expection :-

should display all available resources as per query/wildcard

Search qurie :-

kubernetes.namespace_name.keyword : "dev" and kubernetes.pod_name.keyword :dev-web*

by providing any * at the end should display all possible name like

dev-web-0
dev-web-1
dev-web-2
dev-web-3

but not displaying anything ..

tried some possible search like

kubernetes.namespace_name.keyword : "dev" and kubernetes.pod_name.keyword :""dev-web*"" -- not working
kubernetes.namespace_name.keyword : "dev" and kubernetes.pod_name.keyword : "dev-web*" --- not working
kubernetes.namespace_name.keyword : "dev" and kubernetes.pod_name.keyword : "dev-web-" -- not working
kubernetes.namespace_name.keyword : "dev" and kubernetes.pod_name.keyword :dev-web --- not working
kubernetes.namespace_name.keyword : "dev" and kubernetes.pod_name.keyword :dev-web-0 ---- worked
kubernetes.namespace_name.keyword : "dev" and kubernetes.pod_name.keyword : "dev-web-0" --- worked

Why any wildcard is not working any idea ??

Hello @vikas4cloud

If you're using KQL, you should be able to search:

kubernetes.namespace_name.keyword : dev and kubernetes.pod_name.keyword : dev-web*

If you're using Lucene search, you should be able to use:

kubernetes.namespace_name.keyword:dev AND kubernetes.pod_name.keyword:dev-web*

From the field names, I can see you are not using the Index Templates provided with Filebeat to ingest Kubernetes logs.

This is an example on our demo data

@Luca_Belluccini Much appreciated its solved my problem

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.