I have the following log message in Kibana:
INFO : Sample.101-20170530.20170530-102.103.sample
When I search for numbers 102 or 103, I don't get any results, though I get results when I search either for 101 or for 20170530
What should be correct query for searching either 102 or 103 number.
Btw, when I search for 102.103 I get expected message.
It depends on the analyzer being used for your index. https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-analyzers.html has more details on analyzers.
Is this data in a standardized format? If it is, I would recommend defining mappings and parsing the field out using ingest node's grok processor. It will let your searches be more specific.
Thanks. I am confused how I can change analyzer to the correct one.
The data is in standardized format but there are multiple different formats in log file, I think I cannot define the pattern for every such format.
Btw, the data is Apache log. But I am curious how I can change analyzer to be able to search for every keyword.
I just created sample log file with the following record and send it to Elasticsearch:
15:35:18,125 INFO [sample]: [sample] Sample.101-20170530.20170530-102.103.sample
In Kibana I tried to search for 101, 102 and 103 and only when searched for 101 I was able to see the record in results.
Btw, I noticed, when I double click 102 or 103 in Kibana, both numbers and dot between them are highlighted: 102.103, and I am able to search for 102.103 and get the results record. Same for 20170530.20170530.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.