Hi,
I have a few visualizations that are messed up by this index pattern "index_pattern":"*" and I want to fix them. But I cannot figure out how I should escape the search string.
Thanks,
A
In general, you should be able to escape by using the backslash: \*
Is that not fixing your issue here?
Expression 1: \"index_pattern\"\:\"filebeat\-\*\"
Highlights index_pattern and filebeat in all pieces where these words appear independently from each other.
Expression 2: visualization.visState:\"index_pattern\"\:\"filebeat\-\*\"
Highlights the matches only in the given field.
Still it doesn't make any difference if I omit or add stuff after the filebeat word.
Expression 3: visualization.visState:\"index_pattern\*
Still highlights index_pattern
This may be a consequence of the parser that is used on this field but I find it hard to believe that searching for these kind of strings is not possible.
PS: not being able to copy the request sent in Discovery mode from Kibana is a huge pain.
not being able to copy the request sent in Discovery mode from Kibana is a huge pain
Yeah, unfortunately the best way to do this currently is through the browser dev tools, looking at the network tab.
Searching for these kinds of strings is tricky because of how the values get analyzed in Elasticsearch. When indexed, Elasticsearch strips out special characters (like ", -, *) which makes it difficult to search for them. Unfortunately, you don't have a lot of control over Kibana's mapping either, since it's set by Kibana itself.
1 Like
In the end I went over all docs one-by-one and fixed stuff manually.
I understand but I find it strange that even if I would give up on processing performance, I can't do a simple text search on documents. (Given the analyzers are not set up accordingly to begin with.)
Anyway, thanks @lukas. I'm looking forward for the feature to be able to copy the queries in all kinds of visualizations. 
That would make our lives so much easier. Btw, is there a github issue for this? I'd give it a thunbs up.
I guess I'm not exactly sure what you mean... Can you explain?
I mentioned above that not being able to copy the queries that go to Elasticsearch is quite painful. Especially in Discovery. But the same applies to all other visualizations.
Where it's present, make it easy to click copy the "Request" tab.
Where not present, e.g. in Visual Builder or Discovery on non-timebased indices, add the tab.
This would already be huge help.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.