Question:
Query logs using KibanaCopy the codePrinciple:
It's just a visual page.Copy the codeDocuments:
Steps:
Full-text search
If YOU type Login in the search field, it will return all documents that have Login in their field value and use double quotation marks as a phrase search for "like Gecko."Copy the codefield
You can also search by the fields displayed on the left of the page: Qualified Field Full-text search: field:value Exact search: keyword with double quotation marks field:"value"HTTP. Code: 404 Searches for whether the document field with the HTTP status code 404 exists. HTTP: exists: the returned result must contain an HTTP fieldCopy the codeThe wildcard
? Matches single character * Matches 0 to more characters kiba? a, el\*search ? * Cannot use the first character, for example:? text *textCopy the codeFuzzy search
Quikc ~ BRWN ~ foks~ ~: Add ~ to the end of a list to enable fuzzy search, you will find some misspelled lists first~ this will also match firstCopy the codeSet similarity
Set edit distance (integer), specify how much similarity cromm~1 will match from and Chrome default 2, the larger the closer to the original search value, set to 1 will roughly search 80% of misspelled wordsCopy the codeThe approximate search
Words separated or in different order can be searched by adding ~ to the end of a phrase"where select"~5 indicates select andwhereSelect password from users. Select password from userswhere id =1
Copy the codeField range search
The value, time, IP, and string fields are used TO query a certain range. Length :[100 TO 200] SIP :["172.16.1.100" TO "172.16.1.200"]
date:{"now-6h" TO "now"Count :[1 To 5} [] indicates that the endpoint value is included in the range. {} indicates that the endpoint value is not included in the range. This statement can be mixed. Age :(>=10 AND < 20)Copy the codepriority
Quick ^2 Fox uses ^ to give one term higher priority than another search. The default is 1, which can be a floating point number between 0 and 1 to lower the priorityCopy the codeLogical operations
AND OR +: must be included in search results -: cannot include + apache-jakartatestAaa BBB: Apache must exist in the result, not Jakarta, and the rest of the result should match as much as possibleCopy the codeEscape special characters
+ - = && | | < >! ^ () {} []"~ *? : \ / character as a value above search when need to use \ escape \ \ = 2 (1 + 1 \ \) is used to query (1 + 1) = 2Copy the code