Query multiple strings in a field in kibana3?

Elastic Stack Elasticsearch
1

I am using Logstash 1.4.1, elasticsearch 1.1.1, kibana 3.1 for analyzing my
logs. I get the parsed fields (from log) in Kibana 3.

Now, I have often query on a particular field for many strings. Eg:
auth_message is a field and I may have to query for like 20 different
strings (all together or separately).

If together:

auth_message: "login failed" OR "user XYZ" OR "authentication failure" OR .........

If separate queries:

auth_message: "login failed"
auth_message: "user XYZ"
auth_message: "authentication failure"

So user cannot remember 20 strings for a field to be searched for. Is there
a way to store or present it to user to select the strings he wants to
search for.

Can this be done using ELK ?? Please help

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/751ba805-557c-4531-9a4f-fe3d4d05a495%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

2

You can save dashboards with the query, if that is what you want. You will
need to save one per query though.

Regards,
Mark Walkom

Infrastructure Engineer
Campaign Monitor
email: markw@campaignmonitor.com
web: www.campaignmonitor.com

On 13 June 2014 18:15, Siddharth Trikha siddharthtrikha9@gmail.com wrote:

I am using Logstash 1.4.1, elasticsearch 1.1.1, kibana 3.1 for analyzing
my logs. I get the parsed fields (from log) in Kibana 3.

Now, I have often query on a particular field for many strings. Eg:
auth_message is a field and I may have to query for like 20 different
strings (all together or separately).

If together:

auth_message: "login failed" OR "user XYZ" OR "authentication failure" OR .........

If separate queries:

auth_message: "login failed"
auth_message: "user XYZ"
auth_message: "authentication failure"

So user cannot remember 20 strings for a field to be searched for. Is
there a way to store or present it to user to select the strings he wants
to search for.

Can this be done using ELK ?? Please help

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/751ba805-557c-4531-9a4f-fe3d4d05a495%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/751ba805-557c-4531-9a4f-fe3d4d05a495%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAEM624a56NNScBye20btBhLLxxCNMHT%2BHE6_Em48v_bag5G-sQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

3

So no way to store the query itself? I will have save the entire dashboard?

On Fri, Jun 13, 2014 at 4:35 PM, Mark Walkom markw@campaignmonitor.com
wrote:

You can save dashboards with the query, if that is what you want. You will
need to save one per query though.

Regards,
Mark Walkom

Infrastructure Engineer
Campaign Monitor
email: markw@campaignmonitor.com
web: www.campaignmonitor.com

On 13 June 2014 18:15, Siddharth Trikha siddharthtrikha9@gmail.com
wrote:

I am using Logstash 1.4.1, elasticsearch 1.1.1, kibana 3.1 for
analyzing my logs. I get the parsed fields (from log) in Kibana 3.

Now, I have often query on a particular field for many strings. Eg:
auth_message is a field and I may have to query for like 20 different
strings (all together or separately).

If together:

auth_message: "login failed" OR "user XYZ" OR "authentication failure" OR .........

If separate queries:

auth_message: "login failed"
auth_message: "user XYZ"
auth_message: "authentication failure"

So user cannot remember 20 strings for a field to be searched for. Is
there a way to store or present it to user to select the strings he wants
to search for.

Can this be done using ELK ?? Please help

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.

To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/751ba805-557c-4531-9a4f-fe3d4d05a495%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/751ba805-557c-4531-9a4f-fe3d4d05a495%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/oVamXmsrmVc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAEM624a56NNScBye20btBhLLxxCNMHT%2BHE6_Em48v_bag5G-sQ%40mail.gmail.com
https://groups.google.com/d/msgid/elasticsearch/CAEM624a56NNScBye20btBhLLxxCNMHT%2BHE6_Em48v_bag5G-sQ%40mail.gmail.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
Regards
Siddharth Trikha

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAH%3D5yJz49dJp94ubCL-Ewa%2BK4fg%3D%3DWBJEvixWZKNaiTinkdyaA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.