Querying a range in Kibana

rdesanno · January 11, 2019, 7:42pm

Not sure if this can be done outside of the api but curious to know for sure. I was searching Kibana earlier today for messages that had a string and a number that followed larger than 5000. A few examples:

foo foo foo by 4195 bar bar bar
foo foo foo by 4689 bar bar bar
foo foo foo by 5301 bar bar bar
foo foo foo by 3902 bar bar bar
foo foo foo by 5763 bar bar bar

Is there a way to filter my message field to all lines that contain "by " and a number greater than 5000 so I would only get 2 lines back in the above example without having to break this field into its own bucket?

TIA

stiltz · January 11, 2019, 9:53pm

You could use a regular expression to look for any string starting with 5 through 9 followed by 3 or more number characters.
Your query might look something like this:
field.name:/by ([5-9]\d{3,})/

Hope that helps

rdesanno · January 12, 2019, 4:24pm

Dang, I was close. Thanks for the suggestion!

system · February 9, 2019, 4:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
KIbana Query: regexp of 10 numbers Kibana	5	5503	March 4, 2020
Extract number from a text in kibana Kibana	6	2461	May 3, 2022
Kibana regex search with range or number Kibana	3	13865	February 7, 2017
DSL query with string and numeric regex in Kibana Kibana	2	303	December 22, 2020
Help with query Kibana	5	80	May 21, 2024

Querying a range in Kibana

Related Topics