Wildcard search Kibana + Filepath + Filename

Yashwant_Shettigar · June 10, 2020, 8:58am

Hello,

There are multiple files present at location supposedly:

/test/1/2/3/file123.txt
/test/1/2/3/file145.txt
/test/1/2/3/fileoutput.txt
/test/1/2/3/fileout123.txt
/test/1/2/3/file167sdw.txt
/test/1/2/3/testout123.txt
/test/1/2/3/testoutput123.txt
/test/1/2/3/test123.txt

I am trying to run a filter which will help in fetching file which starts with name "file*" only

Now, I can filter based on filepath, but cant filter it with name.

/test/ * / * / * /file* - not working
/test/ * / * / * /(file)*txt - not working
/test/ * / * / * /[file]txt - not working
/test/ * / * / * /{file}.txt - not working
/test/ * / * / * /file?????? - not working

Please help

Thank You

mikecote · June 10, 2020, 2:44pm

Hi @Yashwant_Shettigar,

This sounds like a mapping issue. What is the field mapping in Elasticsearch that is set for filepath?

Yashwant_Shettigar · June 10, 2020, 4:54pm

Hi Mike,

In index patterns setting, it is set as "String "

While, in mapping as below :

"source": {
"type": "text",
"fields": {
"keyword": {
"type": "keyword",
"ignore_above": 256
}
}
},

Thank you

matw · June 12, 2020, 6:55am

With a similar field using our test data containing a URL, I managed to search for a part of the url the following way:

If I want this query as a filter, this is also possible:

With your filepath, this should be possible in a similar way. If you need to search for files like in a performant way you could think of using the path hierarchy tokenizer of Elasticsearch when indexing you data: https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-pathhierarchy-tokenizer-examples.html

system · July 10, 2020, 6:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.