Skip to content

Instantly share code, notes, and snippets.

@jaybobo

jaybobo/kibana-querying.md

Last active March 2, 2022 15:51
Show Gist options
  • Save jaybobo/b253adecd7672faccb93 to your computer and use it in GitHub Desktop.
Save jaybobo/b253adecd7672faccb93 to your computer and use it in GitHub Desktop.
Download ZIP
Using Kibana (Lucene query string syntax)
Raw
kibana-querying.md

#Kibana gh The lucene query type uses LUCENE query string syntax to find matching documents or events within Elasticsearch.

Examples
status field contains active
status:active

title field contains quick or brown
title:(quick brown)

author field contains the exact phrase "john smith"
author:"John Smith"

Wildcard searches can be run on individual terms, using ? to replace a single character, and * to replace zero or more characters:
qu?ck bro*

Numbers 1..5
count:[1 TO 5]

Tags between alpha and omega, excluding alpha and omega:
tag:{alpha TO omega}

Numbers from 10 upwards
count:[10 TO *]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment