I have a field that contains numbers. I want a filter that shows all logs that are less than a constant value. When I try to add a new query filter, all I can see is a query string option.
asked Oct 10, 2014 at 16:25
Add a comment
|
1 Answer
If you are talking about the query field a syntax like this works:
field:<10
Will find just records with a field value less than 10. Found this by experimentation one day -- don't know if it's documented anywhere.
-
5There is a link to the appropriate documentation inside Kibana itself, when you click on a query's coloured dot (which allows you to change the colour as well the query type). A real-world example: assume you log the number of microseconds Apache took to service a response, and you ship this out as a JSON integer. I create a few queries that selects events with durations in different ranges. Each query looks a bit like duration_micros:(>=10000 AND <500000) For some queries, I make them a topN query to break down on content-type, which I also log. Commented Oct 29, 2014 at 21:28
-
8It's strange that it's important to not have a [space] between the operator and the number. I mean this not works: field:< 10 (but this: field: <10 and this field:<10)– kecsoCommented Aug 31, 2015 at 20:19
-
3The syntax is documented in the "Query String Query" topic of the Elasticsearch Reference. Commented Sep 4, 2015 at 8:44
-
Note, doesn't appear that this works for post query values. For example, you cant do
Count:>100– K2xLCommented Dec 30, 2016 at 18:15