jaybobo/kibana-querying.md

Last active March 2, 2022 15:51

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/jaybobo/b253adecd7672faccb93.js"></script>
Save jaybobo/b253adecd7672faccb93 to your computer and use it in GitHub Desktop.

Using Kibana (Lucene query string syntax)

Raw

#Kibana gh The lucene query type uses LUCENE query string syntax to find matching documents or events within Elasticsearch.

Examples
status field contains active
status:active

title field contains quick or brown
title:(quick brown)

author field contains the exact phrase "john smith"
author:"John Smith"

Wildcard searches can be run on individual terms, using ? to replace a single character, and * to replace zero or more characters:
qu?ck bro*

Numbers 1..5
count:[1 TO 5]

Tags between alpha and omega, excluding alpha and omega:
tag:{alpha TO omega}

Numbers from 10 upwards
count:[10 TO *]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment