Hi,
I'm sorry to ask this question but I didn't find anything on google on on the forum concerning this.
I would like to search, on kibana, on all fields with a simple value.
For example, in Discover, into the KQL bar, I would like search across all fields the value "OK" and get the results where the value is "OK".
How to do this ? Do I have to specify all the fields ?
See if a simple query string works for what you need. The default for fields is all but I just put that in for an example. You can specify which fields you want or use all.
POST INDEX/_search
{
"query": {
"simple_query_string" : {
"query": "Query String Goes Here",
"fields": ["*"]
}
}
}
Hi,
thanks for your answer. That's working in the Query DSL Filter. Can I do this in the KQL Bar to simplify ?
You can just put your query string in the KQL bar without a field name and it will search across all fields. You can see this by clicking inspect and request to see how it converts it to DSL.
The end result looks like this minus all the other options passed in.
GET kibana_sample_data_logs/_search
{
"query": {
"multi_match": {
"query": "Query String Goes Here"
}
}
}
So it's the same as above except using multi_match vs simple_query_string.
References - Multi Match
Thanks, that's working.
I have 2 Kibana's :
A - 2000 Documents per seconds
B - Few http logs (75 documents per hour)
I made my tests on the A one and it's returning 0 results. After testing on the B and working, I think it's an Elasticearch limit with the number of documents. I will investigate.
Thank you !
By the way, if you have an idea of how to fix it, don't hesitate
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.