Search for only numbers match

Elastic Stack Kibana
1

Hi, I want to search for id with numbers only in Kibana discovery tab. I came up with below query but it's not returning hits as desired. I pasted the sample message also which is expected output. Thanks in advance.

Query: "/api/discover/v1/search" AND id=/[0-9]+/

Message: 2017-11-04T23:55:39.005766+00:00 host app web.18 - Tags: xapi ~ 172.17.128.1 [4/Nov/2017:23:55:38 +0000] 296 GET /api/discover/v1/search?id=28273&size=small&requestFacets=true&requestProducts=true&pathname=/shop/handbags-accessories/sale-clearance/Pageindex,Price/5,0.0%257C49.99&_application=MEW&_deviceType=PHONE&_navigationType=BROWSE&shoppingMode=SITE&regionCode=US HTTP/1.1 200 95436 https://xxx.com/shop/handbags-accessories/sale-clearance/Pageindex,Price/5,0.0%7C49.99?id=28273&cm_sp=c2_3111US_catsplash_handbags-%26-sunglasses--row3--image_handbag-sale-and-clearance%2C-great-savings-are-in-the-bag&edge=hybrid&parentcategoryname=handbags-accessories&categorystring=sale-clearance&parentCategoryName=handbags-accessories&categoryString=sale-clearance Mozilla/5.0 (iPad; CPU OS 11_0_3 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A432 Safari/604.1 online_uid=12331603474 request_id=0876570772d2-9799-c919-52c2-102490fc2731 -

2

Hi @elasticuser1

Have you extracted the id as a separate field prior to indexing, using a tool like logstash or ingest pipelines?

If so, I suspect the problem is that the string you're searching for has slashes, and the standard analyzer removes slashes. If you want to do an exact match on the URL you should extract it as a separate field at index time. By default you'll get a keyword version of each text field, so then you can run a query like url.keyword:"/api/discover/v1/search" which will find documents where the URL is exactly that value instead of doing analysis on the value.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.