No results match your search criteria

hi all! Maybe a stupid question, but I couldn't figure it out myself. inaccurate search in Kibana through the search bar in Discovery does not return anything ... if you search by fields, then the pots query works

image885×357 18.4 KB

image748×451 28.1 KB

I got a search query from Inspect, checked it through DevTools - there are no matches (although there should be a lot of them)

here is part of that search query:

“query": {
     bool: {
       "must": [],
       "filter": [
         {
           range: {
             "@timestamp": {
               "format": "strict_date_optional_time",
               "gte": "2022-09-02T15:06:52.521Z",
               lte: "2022-09-02T15:21:52.521Z"
             }
           }
         },
         {
           "match_phrase": {
             "agent": "mozilla"
           }
         }
       ],
       "should": [],
       "must_not": []
     }
   },

I have something with indexing? Or is it due to the lack of a data stream?

and when i search "* Mozilla *" or "Mozilla *" then I get search results.

711×441 36.6 KB

but and without * or whith "*Mozilla" I get nothing

1029×535 19.5 KB

1137×451 17.5 KB

You should take a look at this

In the KQL bar, you should name a field you want to search on.

I also suspect that field may a keyword, not a text field. You should probably look at what the difference is are.

Finally you could post a mappings of your index by

GET you-index-name

And share the result

yes you are right - all fields in that index "keyword"

You should probably read about the differences

Actually, this looks like a decent article

You should also learn about KQL

Using wildcards on keyword is not generally best practice... Not to say there is not specific use cases where it makes sense.

I suspect what you're thinking of is text search

thank you very much for your answer, i will read more