Wildcard search Kibana + Filepath + Filename

Elastic Stack Kibana
1

Hello,

There are multiple files present at location supposedly:

/test/1/2/3/file123.txt
/test/1/2/3/file145.txt
/test/1/2/3/fileoutput.txt
/test/1/2/3/fileout123.txt
/test/1/2/3/file167sdw.txt
/test/1/2/3/testout123.txt
/test/1/2/3/testoutput123.txt
/test/1/2/3/test123.txt

I am trying to run a filter which will help in fetching file which starts with name "file*" only

Now, I can filter based on filepath, but cant filter it with name.

/test/ * / * / * /file* - not working
/test/ * / * / * /(file)*txt - not working
/test/ * / * / * /[file]txt - not working
/test/ * / * / * /{file}.txt - not working
/test/ * / * / * /file?????? - not working

Please help

Thank You

2

Hi @Yashwant_Shettigar,

This sounds like a mapping issue. What is the field mapping in Elasticsearch that is set for filepath?

3

Hi Mike,

In index patterns setting, it is set as "String "

While, in mapping as below :

"source": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},

Thank you

4

With a similar field using our test data containing a URL, I managed to search for a part of the url the following way:

Discover_-_Elastic_und_matthiaswilhelm_kertal-elastic____projects_kibana__es_8_0_0_logs
Discover_-_Elastic_und_matthiaswilhelm_kertal-elastic____projects_kibana__es_8_0_0_logs2712×1892 682 KB

If I want this query as a filter, this is also possible:

Discover_-_Elastic
Discover_-_Elastic2038×1512 280 KB

With your filepath, this should be possible in a similar way. If you need to search for files like in a performant way you could think of using the path hierarchy tokenizer of Elasticsearch when indexing you data: https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-pathhierarchy-tokenizer-examples.html

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.