I am new to Kibana. I have successfully installed Logstash ,Elasticsearch and Kibana. All the links or documents i read have simple query syntax like search by text,by typing phrase or putting logical operators .but all this is so basic.
How can we query in detail.for example i have logs of my magento store and the logs have time stamp,product ID and the action that is the product is purchased or viewed or removed like that.
I imported these logs in kibana via logstash.
Now i want to query logs for the action field not different fields.When i query the logs it returns me logs that have added action and logs that have remove action.The query is "added" OR "removed" when i do "added" AND "removed" there are no logs given because these both words are of same field type and kibana does not allow this it returns zero records because any particular log cant have two valuesin the action field that is product added and removed.I need to know the product which is added and removed the most by people and do a visualization of that.
please suggest if there are any tutorial for studying kibana lik, how to configure it learn to write complex queries
You can try to parse your logs in Logstash to multiple fields.
As your requirement, say add field-"Action" and field "Product".
In the Kibana you can add Table with terms set to "Product" field.
So, when you search for "Added", the table will show out all the product with Added action.
I wanted to match two disparate search terms in the SAME field using logical operators. For example, a field called 'product_comments' has value 'residential plumbing bathroom sink", and I want "residential" AND "sink" to match.
The documentation here: https://lucene.apache.org/core/2_9_4/queryparsersyntax.html#AND says this is possible, just as OP originally tried.
Using Kibana 5.1.1 I found that logical operator is case sensitive:
"residential" and "sink" matched documents with the word 'and' in it, but
"residential" AND "sink" worked as expected
Related
I am using the firestore dashboard to browse through some documents in my collection. In one particular case, I am looking to find a document in a collection called private, but when I enter "id" in the "Filter by field" and specify the ID that I want it to match, the dashboard doesn't find anything.
All I want to do is a find a specific document in a collection via the ID using the dashboard. Any idea how to do this? Seems such a mundane feature that I am just surprised firebase wouldn't have it?!
you can search for one specific document by clicking on the "table header", in your case, "Home > private > 0EU..."
The value you type there is taken as the name of a field to search for. "id" means the name of the field called literally "id". There is one special field name "__name__" which is taken by the Firestore SDK to mean the document ID in some cases (normally specified as FieldPath.documentId()), but apparently the console does not accept that.
What you have here is, in my opinion, a valid feature request for the Firebase console, and you can file that with Firebase support.
When adding a filter in kibana all string fields have a entry and .keyword entry. What is the difference?
From elasticsearch 5 there is no string field type, instead there is two types:
Keyword - use it for filter, aggregation and sort.
Text - use it for search text.
When you index documents with string field, for example name, elasticsearch mapping the field to text field for search and to keyword for filter.
Kibana use the field for filter and aggregation, therefore using the keyword.
Look at elasticsearch documentation
In fact, it is not an Kibana issue, it's an ElasticSearch issue which make full-text and keyword search both conformable. The field.keyword is for keyword search and aggregation, while the original field is used for full-text search.
There is an official blog specialized for this:
https://www.elastic.co/cn/blog/strings-are-dead-long-live-strings
There is also a post on the official discuss board, here is the link for your reference: https://discuss.elastic.co/t/why-am-i-getting-keyword-for-my-feilds-in-index-pattern/137983
to add on to this in case it helps someone is that the .keyword field can be used to create scripted fields on the index if you already have a matching keyword field. Do not need to go through the trouble of switching fielddata to true and reindexing
In my Kibana, when I search my document I need to look for exact match:
In my document I have a field named message.
So If I search (Using Kibana) something like:
message: "Provider replied with error code 2006"
I get all the documents that have one instance of those words.
I would like to have exact match.
I am running Kibana: 5.3.2. and Elasticsearch is 5.3.2
In Elasticsearch are two Types of "Strings".
Keyword:
They are typically used for filtering (Find me all blog posts where status is published), for sorting, and for aggregations. Keyword
fields are only searchable by their exact value.
See the docs
Text
field to index full-text values, such as the body of an email or the description of a product. These fields are analyzed, that is they are passed through an analyzer to convert the string into a list of individual terms before being indexed.
See the docs
Sometimes it is possible to access to the Keyword by adding ".keyword" to your field. So try this one:
message.keyword: "Provider replied with error code 2006"
Otherwise you have to check your mapping and change it to Keyword.
How can I read a people picker field and query AD to load additional fields related to the person in the field. Example: Employee Name; load information want to load email address, phone number. the InfoPath form is being used with Nintex Workflow and SharePoint 2010.
I have searched and have not been able to find answer.
Thanks
D
Unfortunately I don't have enough reputation points yet to leave a comment, but your question really doesn't provide enough detail. So any answer provided is going to be based on assumptions. You don't even clarify what version of InfoPath you're using.
That said, a good place to start is to create a data connection to receive data. You'll need to select the web service option and will then need to enter in the web server address. The address will probably be in the following format:
http://yourservernamehere/_vti_bin/userprofileservice.asmx?wsdl
Replace yourservernamehere with the address of your SharePoint server. Then, you'll need to select GetUserProfileByName as the operation you need. Just keep on clicking next and then finish to complete the connection.
You will then have to view the data source within InfoPath to see what fields are available and map the ones you want to the fields you want prepopulated on your form.
All this is based on my own assumptions, so I can't guarantee it will work in your scenario. Happy to assist if you still need help and are able to provide more details.
To autocomplete you can use your e-mail or phone number fields, with a new action rule. This is due to people picker fields not allowing any action rules applied to them.
The web service option mentioned in another answer unfortunately no longer works in SharePoint Online. Please use a data connection the hidden User Information List located on the stem of your SharePoint site instead.
Condition:
Use the condition DisplayName is not blank by using "Select a field or group..." in advanced view and selecting your people pickers DisplayName field
Actions:
Set a field's value
Field: User Information List data connection queryFields DisplayName of people picker
Value: your forms DisplayName of people picker
Query using a data connection: User Information List data connection
Set a field's value
Field: your forms email or phone number field
Value: data fields > Work_email / Work_phone of your data connection
Folks, I was wondering what is the best way to model document and/or map functions that allows me "Not Equals" queries.
For example, my documents are:
1. { name : 'George' }
2. { name : 'Carlin' }
I want to trigger a query that returns every documents where name not equals 'John'.
Note: I don't have all possible names before hand. So the parameters in query can be any random text like 'John' in my example.
In short: there is no easy solution.
You have four options:
sending a multi range query
filter the view response with a server-side list function
using a CouchDB plugin
use the mango query language
sending a multi range query
You can request the view with two ranges defined by startkey and endkey. You have to choose the range so, that the key John is not requested.
Unfortunately you have to find the commit request that somewhere exists and compile your CouchDB with it. Its not included in the official source.
filter the view response with a server-side list function
Its not recommended but you can use a list function and ignore the row with the key John in your response. Its like you will do it with a JavaScript array.
using a CouchDB plugin
Create an additional index with e.g. couchdb-lucene. The lucene server has such query capabilities.
use the "mango" query language
Its included in the CouchDB 2.0 developer preview. Not ready for production but will be definitely included in the stable release.