如何使用Kibana和ElasticSearch过滤掉空白邮件?
[英]How to filter out blank messages using Kibana and ElasticSearch?
问题描述
According to Kibana, there are many log messages where the message is " " (2 blank spaces). 
根据Kibana的说法,有许多日志消息,其中消息为“”(2个空格)。
How to filter these out? 如何过滤掉这些?
I tried matching " ", exists and regex with \\s, but those don't seem to work. 我尝试将“”,存在和正则表达式与\\ s匹配,但这些似乎不起作用。
EDIT: 编辑:
It seems my question was not clear. 看来我的问题不清楚。 I created filters matching " ", exists and regex, but they did not work. 我创建了与“”,“ exist”和“ regex”匹配的过滤器,但它们不起作用。
Here is the JSON. 这是JSON。 There are 2 spaces between the quotes. 引号之间有2个空格。 "message": " ",
2 个解决方案
解决方案1
0 2019-01-07 22:17:12
Trying using filter to filter out the blank messages 尝试使用过滤器过滤掉空白邮件
解决方案2
0 2019-01-12 18:55:14
As discussed in the comments, the analyzer is the issue. 如评论中所述,分析仪就是问题所在。 If you use the .keyword field, which isn't analyzed and gets created by default for text fields, you won't have that problem. 如果您使用.keyword字段,该字段不会被分析,并且默认情况下是为文本字段创建的,则不会出现此问题。
Example with the Lucene query syntax: Lucene查询语法的示例:
Example with Kibana's new query language (for this usecase they are the same): Kibana的新查询语言的示例(在此用例中,它们是相同的):
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.