Hi,
I'm trying the Kuery language in Kibana 6.3.1 but there's a few things I wasn't able to achieve.
I can't find a way to query data with a space and a wildcard, like this lucene query: nginx.access.user_agent.os:Mac\ OS*
When I try the same query in Kuery, I get an error message stating that I'm using an old Kuery syntax
When I remove the escape character (as Kuery is not breaking the query on whitespaces anymore if I understood well), I get no results: nginx.access.user_agent.os:Mac OS*
I also have issues when trying to query on a range, like this lucene query: nginx.access.response_code:[400 TO 499]
When running a similar query in Kuery, I have no results with an error on shards
Is this possible to run this kind of query using Kuery?
I was able to run a similar Kuery query using quotes to include the space. Translated to your query, this would be: nginx.access.user_agent.os: "Mac OS"
For your range question, the new syntax for this range is: nginx.access.response_code > 400 AND nginx.access.response_code < 499
Thanks for your reply @Aaron_Caldwell
Indeed, that's another way to write a range query.
For the first one, your example doesn't include the wildcard character. The query in Lucene will select all value starting with "Mac OS" whereas the one you suggested select all values equal to "Mac OS". At least that's what it does when I try it.
I was going to direct you to try using the .keyword version of this field (assuming it exists in your case) however we were unable to get it working locally. Wildcard support is still under active development so it appears this may be a bug, we've submitted it here:
Sorry for the trouble but I appreciate you bringing it to our attention!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.