Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I have the following plain text string in the message field in Kibana

message: Request result. Request: amount=58289.540000, name=Raj, so on.....

In Kibana in Lucene search when I use message: "Request Result" then I get the correct match.

But I want to search using wildcard like message: "Request Resu*" . Is this possible without any changes to the logs or to Kibana index?

Edit:

I thought that "message" is a plain text log, when I search "amount=58289.540000, name=Raj" then I get the result but when I search for "amount=58289.540000, name=R" then I dont get any result. How does Kibana know that this is a partial value?

I guess message is not plain text? How can I know what is the type of the log that I am viewing in Kibana GUI?

What you're trying to achieve, might not be currently available, but you can try putting Request Resu in the query bar (without the "Message:" part and no double-quotes).

NB : Since Elasticsearch applies the analyzers on your queries, it might look like wildcards are working inside phrases if you place them at the beginning/end of words. — e.g. IN YOUR CASE: message: "Request Resu*" (with quotes) will still return both documents on analyzed data, but. that is not because your wildcard worked as expected, but it is because the analyzer stripped the asterisk when analyzing the query. That query wouldn't find the value "Request Resuxxxxx".

You might wanna go through this link for more details.

Thanks for contributing an answer to Stack Overflow!

• Please be sure to answer the question . Provide details and share your research!

But avoid …

• Asking for help, clarification, or responding to other answers.
• Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers .