Searching like using grep in Kibana

vasek · July 2, 2019, 11:53am

Hello,
some people in our company would like to search in message field like in in (e)grep utility. Exact match.

Example:

STRING="[userID=[W192ADM-x/AM41], LC=4557-A/IL, T=78, DATE=2019-07-02 14:15:16.0]"
echo "$STRING" | egrep "=\[W192ADM-x\/A"

It matches this string:
=[W192ADM-x/A

Elasticsearch uses standard analyzer and with this analyzer they cannot find some events exactly.

POST _analyze
{
 "tokenizer": "standard",
 "text":      "[userID=[W192ADM-x/AM41], LC=4557-A/IL, T=78, DATE=2019-07-02 14:15:16.0]"
}

Should I use keyword data type?
Could you please help me which analyzer or data type should I choose for exact match (searching must be possible on all characters in message)?
Is it good way to store message as message.for-exact-match too and apply different analyzer to this field? I don't want lose possibility of standard analyzer.

vasek · July 29, 2019, 10:39am

Answered in Kuery exact match.

system · August 26, 2019, 10:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Exact match on log message field Kibana elastic-stack-alerting	6	2706	February 22, 2022
How to perform exact string match query in ES Elasticsearch	4	29394	March 2, 2019
String query - exact string Kibana	7	35246	May 15, 2019
Simple Query to search within log text (not keyword) Elasticsearch eql-elastic-query-language	4	1489	April 3, 2023
Regex + fixed string match needed Elasticsearch	2	974	July 6, 2017

Searching like using grep in Kibana

Related topics