How to search Json message in Kibana elasticSearch

elasticsearch search lucene kibana
10,217

You can simply input the following Lucene query into the search field:

message.orders:>30 AND message.version:>3.4
Share:
10,217
Achaius
Author by

Achaius

Updated on June 04, 2022

Comments

  • Achaius
    Achaius almost 2 years

    I am using ElasticSearch Kibana dashboard with the following fields

    host
_id
_score
index
message

    of which message is a json string having values like

    {"version": "3.4.2", "model": "EX2308", "orders": "50"}

    I am searching for lucene query to search this JSON message having 

    orders > 30 and version > 3.4

    Any help is appreciated

    [Updated]

    I am using logback-elasticsearch-appender to push messages into ElasticSearch using SLF4j

    log.info(new org.json.JSONOject(arg).toString());
  • Achaius
    Achaius almost 6 years
    I am sorry, it is a JSON string stored as "{\"orders\": \"50\", \"version\": \"3.2.2\", \"model\": \"EU21x\"}"
  • Val
    Val almost 6 years
    How do you ingest your documents? You should parse that JSON before indexing the documents into ES.
  • Achaius
    Achaius almost 6 years
    Hey, I passed string to store using logStash. Kibana shows it as a JSON
  • Val
    Val almost 6 years
    Update your question with your Logstash config
  • Achaius
    Achaius almost 6 years
    Updated my question. Currently I don't have permission to see logstash config
  • Achaius
    Achaius almost 6 years
    Thank you. I changed my log to store Parsed JSON string. Now the query you provided is working
  • Val
    Val almost 6 years
    Awesome, glad you figured it out

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

elasticsearch query dates by range
Searching within an array in kibana
How to filter out fields that do not exist in elastic search?
nested vs object in Elasticsearch
Kibana query exact match
Solr vs. ElasticSearch
ElasticSearch/Lucene query string — select "field X exists"
ElasticSearch - Searching For Human Names
escape special character in elasticsearch query
Any open source alerting and reporting plugin for ELK stack is available?