Continuing the discussion from Kibana full text search:
I have the same question as above. So can anyone tell me how to full text search ?thx!
Hi,
I am not quite sure if I understand the question. I see that Tyler's answer has all the details about using analyzed field and the tokenizer/tokenfilter. This is something you do in Elasticsearch. Kibana provides the UI for you to search on it.
What problem are you trying to solve? Also which version of ES and Kibana are you on?
Thanks,
Bhavya
Hi,
Thanks for your reply! The following is my question:
Env:
Filebeat 5.5.1
Elasticsearch 5.5.1
Logstash 5.5.1
Kibana 5.5.1
OS : Linux 64bit
I use Filebeat as shipper to ship log to logstash, then output to Elasticsearch. Use Kibana as UI to search log.
But it seems that Kibana cannot search what i input in Kibana:
For example, when i search "/admin/em" in the following log sample, the string "/admin/em" cannot be found, but it exists in log indeed. So i am confused!!! The following is my log sample:
03/Aug/2017:00:26:47 -0700|52.9.101.47|GET /admin/email/markedAsRead?uuid=3211755339325447&type=2&tag= HTTP/1.1|200|-|66.102.8.56|Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0 (via ggpht.com GoogleImageProxy)|-|chime.me|845|0.018|0.018|172.31.21.87:28080|29917549|1|a2904ffe-29a8-471a-825c-6d03fbe745f8
Here is my logstash config:
input {
beats {
port => 5044
}
}
filter {
ruby {
code => "
event.timestamp.time.localtime
tstamp = event.get('@timestamp').to_i
event.set('date_str', Time.at(tstamp).strftime('%Y-%m-%d'))
"
}
}
output {
if [business] == "nginx" and [type] == "access" {
file{
path => "/home/ec2-user/realtime_log/nginx/nginx-access.%{date_str}"
codec => line { format => "%{message}" }
}
elasticsearch {
action => "index"
hosts => "http://log.a.b.c.com:9200"
index => "nginx-access-%{date_str}"
}
}
}
Hi,
Am extremely sorry for the delay. I forgot I had to follow up on this.
Can you see your data in discover in Kibana?
Also can you try searching for "/admin/email" ?
Thanks,
Bhavya
Hello,
Sorry, a long time
The following is log data:
03/Aug/2017:00:26:47 -0700|52.9.101.47|GET /admin/email/markedAsRead?uuid=3211755339325447&type=2&tag= HTTP/1.1|200|-|66.102.8.56|Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko Firefox/11.0 (via ggpht.com GoogleImageProxy)|-|chime.me|845|0.018|0.018|172.31.21.87:28080|29917549|1|a2904ffe-29a8-471a-825c-6d03fbe745f8
If i search for “/admin/email”, that can be searched. And if i search for "/admin/em", that cant be searched, but
it indeed exists in log data.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.