How do I search an array of objects in Kibana?
Question
We have logs coming into Kibana with this format:
{
"starttime": "2019-04-07T23:31:07.855Z",
"maxlevel": "ERROR",
"messages": [
{
"time": "2019-04-07T23:31:07.861Z",
"level": "ERROR",
"message": "[application.controllers.RestApiController] no_staff_member Please identify yourself"
},
{
"time": "2019-04-07T23:31:07.862Z",
"level": "INFO",
"message": "[application.controllers.RestApiController] received request"
}
]
}
How do I write a query in Kibana to search for any log entries where messages.message does contain "no_staff_member"?
I have tried:
-
messages.message:no_staff_member -
messages.message:/.*no_staff_member.*/
1 answers
solution1
0 2019-04-08 01:01:57
You need to query direct in the messages field, it will perform a full text query on the field, you can't query inside the fields on the array.
From the documentation :
Arrays of objects do not work as you would expect: you cannot query each object independently of the other objects in the array. If you need to be able to do this then you should use the nested datatype instead of the object datatype.
You can change it if you map your field as a nested or if you denormalize your data before index on elasticsearch.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.