Strings query

jerrychen · January 10, 2018, 8:36am

kibana 5.4 + es 5.4
I want to terms the suffix of the url.keyword,such as docs or doc or zip...etc.

url.keyword field content like 'abcde.html','abcde11.zip','abcde**222.doc'...

How to do that.

Thanks for your help.

Marius_Dragomir · January 10, 2018, 2:08pm

Best way to do this is to create url.keyword.extension at ingest, but if that is not possible, you could create a scripted field to parse the string and create a new scripted field that only has the data from last . to the end of the string.
You can find good examples here: https://www.elastic.co/blog/using-painless-kibana-scripted-fields

jerrychen · January 11, 2018, 7:33am

Thanks for your advice.Scripted field is good idea.

If don't want to add field,just do query in es.Can I do that such as using distinct(substr) by SQL.

system · February 8, 2018, 7:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elastic search : Is there any suffix query/filter Elasticsearch	2	2192	July 6, 2017
Extract (substring) and count(distinct) in Kibana Kibana	6	18658	July 6, 2017
How Query string pattern in kibana in simple syntax query space Kibana	2	4607	June 7, 2019
How to split URL in kibana Kibana	4	7593	July 6, 2017
Elasticsearch “ends with” word in phrases Elasticsearch	3	6111	July 5, 2017

Strings query

Related topics