Kibana's filter (partial matching)

alexus · August 27, 2017, 11:38pm

I'm running elasticsearch 5.5.1 and while trying to follow Partial Matching | Elasticsearch: The Definitive Guide [2.x] | Elastic, I was not able to do partial matching through Kibana's filter(

My filter:

{
  "query": {
    "match": {
      "bin": {
        "query": "414720*",
        "type": "phrase"
      }
    }
  }
}

Please advise.

rashmi · August 28, 2017, 8:45pm

Yes, you could possibly use the kibana filters to achieve this. Just use the part of the word you want to match?

Thanks
Rashmi

alexus · September 8, 2017, 8:28pm

@rashmi if I use parts of my query, I do NOT get any match(

rashmi · September 11, 2017, 4:31pm

I don't understand your q. Can you plz rephrase it ?

alexus · September 11, 2017, 5:00pm

@rashmi

I have field that contains 6-7 digits:

if I use 6 digit inside of filter - I get no match
if I use 6 digit in search field (above filter) - I get partial match.

Why do I not get partial match using filter? How can I do partial match using filter instead of search?

LeeDr · September 11, 2017, 5:53pm

Here's one way to make it work. I'm not sure it's the only way or even the best way.

If you create a filter, and then edit it;

You can change your query to be like this;

{
  "query": {
    "bool": {
      "must": [
        {
          "query_string": {
            "query": "bin:414720*",
            "analyze_wildcard": true
          }
        }
      ]
    }
  }
}

It seems like there could be an option like "contains" in the Add filter dialog to do this. I'll check and see if there's any enhancement request for something like that.

Regards,
Lee

LeeDr · September 11, 2017, 5:56pm

I should mention how I got the query to do this very easily. I just used the query bar to search, and then clicked the little ^ under the histogram and looked at the request. Then copied that bit of the query. Then created a filter and edited it.

Bargs · September 11, 2017, 7:32pm

I would use a wildcard query instead of a query string query. If it's a number field a range query should work also.

The query in the original post does not work because the match query does not support wildcards.

rashmi · September 11, 2017, 7:45pm

I raised an enhancement request for the same here: https://github.com/elastic/kibana/issues/13943

you can subscribe to the issue above to get more updates.

Thanks
Rashmi

alexus · September 11, 2017, 8:27pm

unfortunately there is no "contain", there are only followings: "is", "is not", "is one of", "is not one of", "exists", "does not exists".

I'm not quite sure how you create query (manually?), but I did noticed you now have query_string, can you please explain step by step how to get there?

Bargs · September 11, 2017, 8:50pm

@alexus When you've got the filter editor open, click the "Edit Query DSL" link in the top right corner of the editor. Here you can type in raw elasticsearch query DSL.

system · October 9, 2017, 8:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana partial/substring matches are not working Kibana	2	3148	September 21, 2020
Regex in Kibana Search bar? Kibana	3	12270	December 17, 2020
Using Regex in Kibana Query DSL Elasticsearch kql-kibana-query-language	5	1163	June 2, 2022
Kibana filters running as ES Queries Kibana	1	423	July 6, 2017
How I partially filter in tab discover Kibana	3	622	July 20, 2017

Kibana's filter (partial matching)

Related topics