ELK
2 min read
Last updated:
We've created a helpful infographic as a reference to help with Kibana and Elasticsearch Lucene query syntax that can be easily shared with your team.
Kibana and Elastic Search combined are a very powerful combination but remembering the syntax, especially for more complex search scenarios can be difficult.
Although Kibana can provide some syntax suggestions and help, it's also useful to have a reference to hand that you can keep or share with your colleagues.
Term Search
Keywords, e.g. United Kingdom - Will return the words 'United' and/or 'Kingdom'.
Phrase, e.g. "United Kingdom" - Returns results where the words 'United Kingdom' are present together.
OR keyword, e.g. United - Returns results where either the words 'United' or 'Kingdom' are present.
AND Keyword, e.g. United AND Kingdom - Returns results where the words 'United' and 'Kingdom' are both present.
+ keyword, e.g. "United +Kingdom - Returns results that contain the words 'United' but must also contain the word 'Kingdom'.
- keyword, e.g. "United" -Kingdom - Returns results that contain the words 'United' but must not include the word 'Kingdom'.
Field Search
Field Search, e.g. message: logit.io - Will return results that contain 'logit.io' under the field named 'message'.
Field and Term OR, e.g. message:(United or Kingdom) - Returns results containing either 'United' OR 'Kingdom' under the field named 'message'.
Field and Term AND, e.g. message:(United and logit.io) - Returns results containing 'United' and 'Logit.io' under the field named 'message'.
Exact Phrase Match, e.g. message. "United Kingdom" - Returns results where the words 'United Kingdom' are presented together under the field named 'message'.
EXISTS e.g. exists:message AND NOT message:kingdom - Returns results with the field named 'message' but does not include results where the value 'Kingdom' exists.
Wildcard Search
Multiple Characters, e.g. United Kingdom - Searches for any number of characters before or after the word, e.g 'Unite' will return United Kingdom, United States, United Arab Emirates.
Single Characters, e.g. "D?g" - Replaces single characters in words to return results, e.g 'D?g' will return 'Dig', 'Dog', 'Dug', etc.
Fuzzy, e.g. "Dog~" - Searches for a wider field of results such as words that are related to the search criteria, e.g 'Dog-' will return 'Dogs', 'Doe', 'Frog'.
Proximity Wildcard Field, e.g. Animal*.Dog - Searches against any field containing the specific word, e.g searches for results containing the word 'Dog' within any fields named with 'Animal'.
Range Search
Inclusive Range, e.g [1 to 5] - Searches inclusive of the range specified, e.g within numbers 1 to 5.
Exclusive Range, e.g. {1 to 5} - Searches exclusive of the range specified, e.g. between the numbers 1 and 5, so 2, 3 or 4 will be returned, but not 1 and 5.
Larger Than, e.g. age:>3 - Searches for numeric value greater than a specified number, e.g. greater than 3 years of age.
Less Than, e.g. age:<3 - Searches for numeric value less than a specified number, e.g. less than 3 years of age.
Boost, e.g. United^2Kingdom - Prioritises results with the word 'United' in proximity to the word 'Kingdom' in a sentence or paragraph. The higher the value, the closer the proximity.
Boost Phrase, e.g. "United Kingdom" - Prioritises results with the phrase 'United Kingdom' in proximity to the word London' in a sentence or paragraph. The higher the value, the closer the proximity.
If you don’t have the time to build, configure and host Kibana locally, then why not get started with hosted Kibana from Logit.io.
With our no credit card required 14-day free trial you can launch Stacks within minutes and explore the full potential of Kibana as well as OpenSearch Dashboards and Grafana, all within a single platform.
If you enjoyed this cheatsheet on Kibana then why not learn something new by checking out our post on Rest APIs vs Soap?