Is there any way to do scripted field to return a string value? Currently kibana documentations says only number scripted fields are allowed.
example: I am having field A = 1 and i want my required field B = "Foo 1".
As of Kibana4, it doesn't support non-numeric fields. If you require non-numeric scripted field, you can still you elastic search scripted field instead kibana scripted field.
But the downside is you have to reindex your ES.
Related
As title, i can't find a way to do it in kibana KQL.
I have tried NOT field, it's not work.
if your field is a keyword type, the KQL query below will check for existing but empty field values:
fieldname:""
Note that this won't work for a text analysed type
When adding a filter in kibana all string fields have a entry and .keyword entry. What is the difference?
From elasticsearch 5 there is no string field type, instead there is two types:
Keyword - use it for filter, aggregation and sort.
Text - use it for search text.
When you index documents with string field, for example name, elasticsearch mapping the field to text field for search and to keyword for filter.
Kibana use the field for filter and aggregation, therefore using the keyword.
Look at elasticsearch documentation
In fact, it is not an Kibana issue, it's an ElasticSearch issue which make full-text and keyword search both conformable. The field.keyword is for keyword search and aggregation, while the original field is used for full-text search.
There is an official blog specialized for this:
https://www.elastic.co/cn/blog/strings-are-dead-long-live-strings
There is also a post on the official discuss board, here is the link for your reference: https://discuss.elastic.co/t/why-am-i-getting-keyword-for-my-feilds-in-index-pattern/137983
to add on to this in case it helps someone is that the .keyword field can be used to create scripted fields on the index if you already have a matching keyword field. Do not need to go through the trouble of switching fielddata to true and reindexing
In my Kibana, when I search my document I need to look for exact match:
In my document I have a field named message.
So If I search (Using Kibana) something like:
message: "Provider replied with error code 2006"
I get all the documents that have one instance of those words.
I would like to have exact match.
I am running Kibana: 5.3.2. and Elasticsearch is 5.3.2
In Elasticsearch are two Types of "Strings".
Keyword:
They are typically used for filtering (Find me all blog posts where status is published), for sorting, and for aggregations. Keyword
fields are only searchable by their exact value.
See the docs
Text
field to index full-text values, such as the body of an email or the description of a product. These fields are analyzed, that is they are passed through an analyzer to convert the string into a list of individual terms before being indexed.
See the docs
Sometimes it is possible to access to the Keyword by adding ".keyword" to your field. So try this one:
message.keyword: "Provider replied with error code 2006"
Otherwise you have to check your mapping and change it to Keyword.
I am new to Kibana. I have successfully installed Logstash ,Elasticsearch and Kibana. All the links or documents i read have simple query syntax like search by text,by typing phrase or putting logical operators .but all this is so basic.
How can we query in detail.for example i have logs of my magento store and the logs have time stamp,product ID and the action that is the product is purchased or viewed or removed like that.
I imported these logs in kibana via logstash.
Now i want to query logs for the action field not different fields.When i query the logs it returns me logs that have added action and logs that have remove action.The query is "added" OR "removed" when i do "added" AND "removed" there are no logs given because these both words are of same field type and kibana does not allow this it returns zero records because any particular log cant have two valuesin the action field that is product added and removed.I need to know the product which is added and removed the most by people and do a visualization of that.
please suggest if there are any tutorial for studying kibana lik, how to configure it learn to write complex queries
You can try to parse your logs in Logstash to multiple fields.
As your requirement, say add field-"Action" and field "Product".
In the Kibana you can add Table with terms set to "Product" field.
So, when you search for "Added", the table will show out all the product with Added action.
I wanted to match two disparate search terms in the SAME field using logical operators. For example, a field called 'product_comments' has value 'residential plumbing bathroom sink", and I want "residential" AND "sink" to match.
The documentation here: https://lucene.apache.org/core/2_9_4/queryparsersyntax.html#AND says this is possible, just as OP originally tried.
Using Kibana 5.1.1 I found that logical operator is case sensitive:
"residential" and "sink" matched documents with the word 'and' in it, but
"residential" AND "sink" worked as expected
Is there any possibility of querying the fields using datatype. I need to query the email field of multiple objects. Email field names are different. So I am trying to get the data using the email datatype.
You can use SOSL for this, here is an example of using SOSL.
You can use the SOSL to query multiple objects and there is a search group in SOSL to limit it to search only email fileds
Syntax :FIND 'SearchQuery' [IN SearchGroup] [RETURNING ObjectsAndFields]
Eg : FIND 'SearchQuery' IN EMAIL FIELDS RETURNING Obj1(filed1,fileds2) , Obj2(filed1,fileds2)
SearchGoup accept following groups
ALL FIELDS
NAME FIELDS
EMAIL FIELDS
PHONE FIELDS
SIDEBAR FIELDS