kurdit
September 2, 2022, 6:44pm
1
hi all! Maybe a stupid question, but I couldn't figure it out myself. inaccurate search in Kibana through the search bar in Discovery does not return anything ... if you search by fields, then the pots query works
I got a search query from Inspect, checked it through DevTools - there are no matches (although there should be a lot of them)
here is part of that search query:
“query": {
bool: {
"must": [],
"filter": [
{
range: {
"@timestamp": {
"format": "strict_date_optional_time",
"gte": "2022-09-02T15:06:52.521Z",
lte: "2022-09-02T15:21:52.521Z"
}
}
},
{
"match_phrase": {
"agent": "mozilla"
}
}
],
"should": [],
"must_not": []
}
},
I have something with indexing? Or is it due to the lack of a data stream?
kurdit
September 3, 2022, 11:23pm
2
and when i search "* Mozilla *" or "Mozilla *" then I get search results.
but and without * or whith "*Mozilla" I get nothing
stephenb
September 4, 2022, 12:33am
3
You should take a look at this
In the KQL bar, you should name a field you want to search on.
I also suspect that field may a keyword, not a text field. You should probably look at what the difference is are.
Finally you could post a mappings of your index by
GET you-index-name
And share the result
kurdit
September 4, 2022, 12:49am
4
yes you are right - all fields in that index "keyword"
stephenb
September 4, 2022, 1:04am
5
You should probably read about the differences
Actually, this looks like a decent article
You should also learn about KQL
Using wildcards on keyword is not generally best practice... Not to say there is not specific use cases where it makes sense.
I suspect what you're thinking of is text search
kurdit
September 4, 2022, 1:15am
6
thank you very much for your answer, i will read more
system
October 2, 2022, 1:16am
7
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
