Substring search in Kibana 4 search bar

yolife · October 27, 2015, 8:47pm

Hi,
I am trying to search substring in specific field using search bar, tried using wild card search but it doesn't work.

Example,
I want to find out all documents where errorcode field in document contains "ERROR" word.
errorcode field contains "Display ERROR", "Search ERROR", "Null ERROR" etc.

Please help here.

OR refer to screenshot below. I only want to search testplan: which contain word "3D". The field testplan is not analyzed.

tbragin · October 29, 2015, 6:18am

So what search were you trying in the screenshot above? Are you trying to get only records that have the exact value "3D" or anything that includes "3D" as a substring?

yolife · October 29, 2015, 12:20pm

I tried following searches in searchbar --

testplan:"3D"
testplan:"3D"
testplan:3D
testplan: "3D~20"
3D -- this one searches in all fields -- which I don't want. I want to find all records where testplan field contains "3D" word.

I am trying to get records where testplan field contains value "3D" as substring. Only testplan field.

yolife · October 29, 2015, 4:19pm

This Query worked in Kibana 4.2 Toolbar. Is there any other easier way to do it.

{
"wildcard" :
{
"testplan" : "3D"
}
}

Thank you,
Yogesh.

yolife · November 5, 2015, 8:14pm

Guys, anyone knows any easier way to do this? it will be great help...

Thanks in advance.

PSi_AU · November 5, 2015, 10:35pm

Try 3D* without the double quotes.
Also try asterix3Dasterix again without the double quotes. Replace the asterix with *, for some reason the forums are mangling my response.

yolife · November 6, 2015, 12:49pm

I only want to search in one field 'testplan' and not all fields. The solution provided will work for all fields.

PSi_AU · November 6, 2015, 1:03pm

Then do testplan:asterix3Dasterix
Again replace asterix with *
Don't enclose the whole lot in double quotes.

yolife · November 9, 2015, 11:03am

@PSi_AU -- No this doesn't work.

and when I search with asterix3Dasterix (replace asterix with *)

then I get testplans with 3D as well as not containing 3D

Rajeev_Gaurav · April 13, 2016, 1:09pm

Any update on this. Any help regarding substring search in Kibana 4 search bar.

jazzed · September 12, 2016, 10:33pm

Substring search is just put in double quotes. To search a specific field, use the field name and double quotes.

message: "blah1 blah2"

A_User · May 11, 2017, 11:56am

nothing of the mentioned solutions work for me.

I have a field called branchCode and i try to search for any values containing either master or single, like "origin/master" or "dev/singleObject".

I either get a full string matching or nothing. How do i something like this:
branchCode: *master OR branchCode: single

The docs are far away from being helpfull (in most cases sadly).

Using kibana 5.3.2 and a solution for this problem would be very appreciated!