Question about query syntaxe #184
Comments
|
When you don't specify the field to search in, Elasticsearch looks in _all, unless you disable it in your mapping. In that case you'd either need to specify a new default field, or specify the field in every search. Here is the query syntax documentation: https://lucene.apache.org/core/3_5_0/queryparsersyntax.html |
|
Thank you very much for this quick answer, I posed the question because I found a way to hide the "@fields" display in field and table panel. |
|
I choose not to modify the field display to match the logstash schema because a) it would tie kibana to a single application and b) the logstash schema is getting rid of @fields soon |
|
Ok thank you, I did it because we have a very little new project for a "special" client and we don't allow to query ES in his dashboard so hide @fields is prettier :) Great news for logstash ! Youpi ! |
…ge-formats Research indexer message formats
Hi,
I wonder what is the best way to query.
Currently I write a query like this :
"@fields.ip:127.0.0.1 OR @fields.ip:123.456.789.0"
But I can get same results by using a query like this "127.0.0.1 OR 123.456.789.0".
Use "@fields" to query in a specific field is quicker isn't it ?
"127.0.0.1 OR 123.456.789.0" queries in @message ?
Thank you for the answer,
jsm-oxa
The text was updated successfully, but these errors were encountered: