Querying a range in Kibana

rdesanno · January 11, 2019, 7:42pm

Not sure if this can be done outside of the api but curious to know for sure. I was searching Kibana earlier today for messages that had a string and a number that followed larger than 5000. A few examples:

foo foo foo by 4195 bar bar bar
foo foo foo by 4689 bar bar bar
foo foo foo by 5301 bar bar bar
foo foo foo by 3902 bar bar bar
foo foo foo by 5763 bar bar bar

Is there a way to filter my message field to all lines that contain "by " and a number greater than 5000 so I would only get 2 lines back in the above example without having to break this field into its own bucket?

TIA

stiltz · January 11, 2019, 9:53pm

You could use a regular expression to look for any string starting with 5 through 9 followed by 3 or more number characters.
Your query might look something like this:
field.name:/by ([5-9]\d{3,})/

Hope that helps

rdesanno · January 12, 2019, 4:24pm

Dang, I was close. Thanks for the suggestion!

system · February 9, 2019, 4:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.