Querying a range in Kibana

rdesanno · January 11, 2019, 7:42pm

Not sure if this can be done outside of the api but curious to know for sure. I was searching Kibana earlier today for messages that had a string and a number that followed larger than 5000. A few examples:

foo foo foo by 4195 bar bar bar
foo foo foo by 4689 bar bar bar
foo foo foo by 5301 bar bar bar
foo foo foo by 3902 bar bar bar
foo foo foo by 5763 bar bar bar

Is there a way to filter my message field to all lines that contain "by " and a number greater than 5000 so I would only get 2 lines back in the above example without having to break this field into its own bucket?

TIA

stiltz · January 11, 2019, 9:53pm

You could use a regular expression to look for any string starting with 5 through 9 followed by 3 or more number characters.
Your query might look something like this:
field.name:/by ([5-9]\d{3,})/

Hope that helps

rdesanno · January 12, 2019, 4:24pm

Dang, I was close. Thanks for the suggestion!

system · February 9, 2019, 4:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ranges with one side? Kibana	7	340	January 21, 2019
Query a range of values in phrase Kibana	7	597	August 27, 2020
KIbana Query: regexp of 10 numbers Kibana	5	5555	March 4, 2020
Extract number from a text in kibana Kibana	6	2485	May 3, 2022
Kibana regex search with range or number Kibana	3	13875	February 7, 2017

Querying a range in Kibana

Related topics