I installed Elasticsearch 6.5.1 and Kibana 6.5.1. I loaded my log file with Logstash and set up my index in Kibana the Discover search only works if the search is one character long. With nothing in the search bar I see my log data.
ex: message:r finds all r's
ex: message:rad gives No results match your search criteria
I have the "last 5 years" selected
Any clue?
What is the mapping for the fields in your index? More specifically, the message field.
"message": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},
try: message:*rad*
That works.
Thanks.
Great. If you want to do more reading on how this works... it involves the standard analyzer. Here is a good example for you to walk through: https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-standard-analyzer.html
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.