hi all,
im running elastic 7.6 and kibana 7.6. Im getting logs from my 2 servers tomcat and i use filebeat to send them directly to elasticseach..
doing it i added some custom fields: project
the project field is populated like that (for example):
myproject-platform-backend
myproject2-platform-backend
platform-backend
when i add this on the discovery -> query:
fields.project : "platform-backend"
i expect to see only my logs coming from this tomcat here.... but i see also the logs from the other 2...
the : is an exact match from the docs... what am i doing wrong ?
Is the project field mapped as a text field? If you want to do exact matches, it's recommended to use a keyword indexed field, then the query should only return the third document.
This means “project” is a text field, but there is a keyword indexed version of the same field called “project.keyword”. Try filtering on the second one, that should work as you expect.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.