Kibana full text search

Ajay_Singh_Chouhan · May 25, 2016, 11:09am

Hi I have recently ingested apache logs to ES through logstash and I am analyzing them through Kibana . Few of the log lines contains the phrase- java.lang.outofmemory.....but when I search for the word "memory" in the kibana search bar it doesn't show up the document containing above phrase.
but when I search for "java.lang.outofmemory" it comes up.
I am below ELK versions-
ES : 2.3.0
Logstash:2.2.0
Kibana:4.5.0

looks like the default analyzer considering the whole phrase java.lang.outofmemory as one term rather than splitting it up into java,lang,outofmemory
Do need to change the standard analyzer to english analyzer?
Please help
Thanks

tylersmalley · May 25, 2016, 10:51pm

You will need to make sure that it's an analyzed field and the tokenizer/tokenfilter makes sense for how you want to query the information. You can read about that here: https://www.elastic.co/guide/en/elasticsearch/guide/current/full-text-search.html and https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html

The english analyzer might not work since the words are not split up by whitespace or punctation.

You can use the settings API to view the analyzed fields: https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-get-settings.html

Ajay_Singh_Chouhan · May 31, 2016, 7:07am

Thank you