Query Strings
Escape Characters
- e.g. to look for /usr/percyv/, use /usr/percyv/
Logic Operators Searches
- AND operator: this AND that, this && that
- OR operator: this that, this || that
- Exact phrase: "exact phrase"
- NOT: included NOT excluded, included -excluded, included !excluded
- e.g. (this && that) OR (something !another)
Field Searches
- requires exact match
- Not null value e.g. field.name:*
- e.g. field.name:my_exact_value
Proximity Searches
- Specify maximum word separation (count of words between) limit
- Order of words do not matter
- e.g. "Joda deprecated" ~3
Wildcard Searches
- Does not work inside phrases (e.g. "this * phrase")
- Any number of characters: *
- Single character: ?
- e.g. *liday?
- Also work on Field Searches e.g. my.field:??_valu*
Range Searches
- Square: include value [
- Curly: exclude value {
- e.g. {pod-1 TO pod-6]
Non-existing and Existing Field Searches
- Will display only those records with/without a specific field
- exists:field.name
- NOT exists:field.name
Fuzzy Searches
- do not use with wildcards
- the default variation number is 1 e.g. mi5take~, percy~
- to find payload, use payl0ads~2
Regular Expressions
- any single lower case or single digit: /[a-z0-9]/
- ecs.version:/[0-9].[0-9].[0-9]/