Search in an array in kiban

Question

Search in an array in kiban

I push my magazines to elasticsearch, which stores a typical document like -

{
  "_index": "logstash-2014.08.11",
  "_type": "machine",
  "_id": "2tSlN1P1QQuHUkmoJfkmnQ",
  "_score": null,
  "_source": {
    "category": "critical log with list",
    "app_name": "attachment",
    "stacktrace_array": [
      "this is the first line",
      "this is the second line",      
      "this is the third line",      
      "this is the fourth line",    
    ],
    "@timestamp": "2014-08-11T13:30:51+00:00"
  },
  "sort": [
    1407763851000,
    1407763851000
  ]
}

Kibana makes it easy to find substrings. For example, a search "critical"in the control panel will select all logs with a word criticalin any value converted to a string.

How can I find something like "second line"that is a string nested in an array inside my document?

+4

elasticsearch lucene kibana

erbdex Aug 11 '14 at 14:12

source share

1 answer

Amit · Accepted Answer · 2014-08-12T06:52:08+0000

This would be a simple query field:<search_term>, for example -

  "query": {
    "query_string": {
      "query": "stacktrace_array:*second line*"
    }
    ...

So, in a non-professional environment, for the Kibana toolbar, put your search query like this:

stacktrace_array:*second line*

Search in an array in kiban

More articles: