Search for a substring within a specific field

ghouston10 · February 7, 2018, 12:25pm

Hi,

Is it possible in kibana to search for a substring contained within a specific field?

thomasneirynck · February 7, 2018, 7:33pm

I think the answer is, it depends.

In any place you would be using Painless, for example, in Kibana's scripted fields, you can use Regex to do substring matches on a field-value.

See here for an example: Substring in painless

You can also do prefix-queries with lucene using the wildcard character. So in the Kibana query-bar, you could do something like url:https* to search for all https calls. The wildcard query in lucene cannot be put at the start of a string. More info on that here: https://lucene.apache.org/core/2_9_4/queryparsersyntax.html#Terms

ghouston10 · February 8, 2018, 8:53am

Hi,

Thanks for the reply. I would be performing the search using dev tools within Kibana. How would it be implemented there?

Thanks

thomasneirynck · February 8, 2018, 1:58pm

In the console, you would just put raw ES-queries. You probably want to look at the regexp searching:

Note that this only works on keyword fields, not on analyzed fields.

system · March 8, 2018, 1:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Search for a string within a specific field Kibana	2	4337	March 7, 2018
Is possible Exact match substring in kibana? Kibana	5	8985	October 25, 2019
Substring search in Kibana 4 search bar Kibana	12	72860	July 6, 2017
Fetch substring from a list of URL using scripted field Kibana	2	344	June 29, 2018
Is it possible to search or exclude something like a string "{}"? Kibana	11	12883	July 6, 2017