Kibana query exact match
Problem Description:
I would like to know how to query a field to exactly match a string.
I’m actually trying to query like this:
url : "http://www.domain_name.com"
Which returns all string starting with http://www.domain_name.com .
Solution – 1
As per you query, it seems fine.
For matching the exact following is the syntax :
fieldname : string
and
For matchign the Substring, use wild card (*),
Syntax :
fieldname : *string*
Also, whatever the query you applied; is that query is the part of Query Criteria of your particuler output component.
So, i suggest you to check whether any of the wild card is applied in your search.
Solution – 2
I had a similar issue, and ifound that ".raw" fixed it – in your example, try
url.raw : "http://www.domain_name.com"
Or for newer versions of ES(5.x, 6.x):
url.keyword : "http://www.domain_name.com"
Solution – 3
Exact value is not supported out of the box.
Out of the box, Lucene does not provide exact field matches, like matching “Acer Negundo Ab” and only “Acer Negundo Ab” (not also “Acer
Negundo Ab IgG” ). Neither does Lucene provide “Starts With” or “Ends
With” functionality. Fortunately, there are workarounds.
Solution – 4
Just giving more visibility to @dezhi’s comment.
in newer version of ES(5.x, 6.x),
you should use `url.keyword` instead,
as they have changed to a new keyword type.
Therefore, it would be:
url.keyword : "http://www.domain_name.com"
Solution – 5
"Cannot change the info of a user"
To search for an exact string, you need to wrap the string in double
quotation marks. Without quotation marks, the search in the example
would match any documents containing one of the following words:
“Cannot” OR “change” OR “the” OR “info” OR “a” OR “user”.
Kibana v6.5