Kibana query for sentence (words with specific order) with 4 digit number
I am pretty new to Elasticsearch and want to find below sentence in message field
completed in ???? ms
where ???? are numbers
I have this at the moment
{
"query": {
"query_string": {
"analyze_wildcard": true,
"default_field": "*",
"query": "(message:completed) AND (message:in) AND (message:/[0-9]{4}/) AND (message:ms)"
}
}
}
But the problem is result also contains messages like this which I am not interested in
How can I specify order of matching words?
Thanks in advance
I've also tried this with no luck:
{
"query": {
"regexp": {
"message": {
"value": "completed in [0-9]{4} ms"
}
}
}
}
Solution
regex works on analyzed terms, regex as a phrase will not work You can use span query to achieve same. in terms to performance better option is to handle this at index time, probably create a structured log where subtext to query is a seperate field
{
"query": {
"span_near": {
"clauses": [
{
"span_term": {
"message": {
"value": "job"
}
}
},
{
"span_term": {
"message": {
"value": "completed"
}
}
},
{
"span_term": {
"message": {
"value": "in"
}
}
},
{
"span_multi": {
"match": {
"regexp": {
"message": "[0-9]{4}"
}
}
}
},
{
"span_term": {
"message": {
"value": "ms"
}
}
}
],
"slop": 0,
"in_order": true
}
}
}
- Elasticsearch showing received plaintext http traffic on an https channel in console
- How to make facet search by multiple nested fields in Elasticsearch Java API Client?
- Elasticsearch English stemming not working correctly
- How to take the current week's data (from the beginning of the week) from elasticsearch query irrespective of present week?
- Why does Elasticsearch use 9 GB of memory, with default settings?
- Fetch data from a middle of a big stack using searchAfter(jump to a specific page,)
- The remote server returned an error: (413) Request Entity Too Large. Elasticsearch and JSON
- Elasticsearch lightweight monitors unable to use params
- elasticsearch 2 node cluster: proper setup?
- How many racks should I set in my ElasticSearch cluster
- Split a string in Painless/ELK
- Elastic KNN search num candidates. How are the candidates selected?
- How to change elastic Eck operator setting to create node sets as Kind: Deployment instead of StatefulSet?
- Observability in Laravel Applications
- What is the use case for index closing in ElasticSearch?
- ElasticSearch: Filter by minimal value in nested field
- opensearch-py not accepting connection with AWS signer on async client
- elasticsearch query nested array of objects
- ElasticSearch: Unassigned Shards, how to fix?
- get elasticsearch schema via commandline tool
- What happened to elasticsearch/elasticsearch?
- Elasticsearch:how to change cluster health from yellow to green
- ConnectionError when initializing BM25Assembler in DB-GPT
- Configuring ElasticSearch SSL and Python Querying, Certificates Question
- How different types of indexes are stored in elastic search?
- How to upload a csv to aws opensearch?
- Elasticsearch synonyms for index analyzer
- Could not connect Logstash to Kafka via compose file
- Kafka Elasticsearch Sink Connector: Connection Error
- How to set track_total_hits in Elasticsearch using Laravel Scout?