Home > OS >  Kibana visualize use wild card in search bar
Kibana visualize use wild card in search bar

Time:02-11

Is it possible to use wild card in Kibana visualize search bar.

Tried to use it like below, but did not work.

operation: "Revers" NOT file:"*Test.Revers"

This returns 2 because there are two Revers terms ("Revers", "/test/count/Test.Revers" ) even though only one data entry is in the stats data.

The following also returns the same value as 2.

operation: "Revers" 

Stat data sample is as below.

"_source": {
  "status": 0,
  "trstime": 1819,
  "username": "test",
  "operation": "Revers",
  "file": "/test/count/Test.Revers"
}

CodePudding user response:

I have tested it in ES 7.10 as you not mentioned ES version.

Answer to your question is YES, you can use wildcrad in Kibana visualize search bar but value should be without double quotes. Because if you give value in doble quotes it will consider as text and search for it.

You can try below query and it will give you your expected output:

operation: Revers AND NOT file.keyword: *Test.Revers

CodePudding user response:

The result given for the below query as 1 without double quotes.

operation: Revers AND NOT file: *Test.Revers
  • Related