- Kibana Guide: other versions:
- What is Kibana?
- What’s new in 7.17
- Kibana concepts
- Quick start
- Set up
- Install Kibana
- Configure Kibana
- Alerting and action settings
- APM settings
- Banners settings
- Development tools settings
- Graph settings
- Fleet settings
- i18n settings
- Logging settings
- Logs settings
- Metrics settings
- Machine learning settings
- Monitoring settings
- Reporting settings
- Secure settings
- Search sessions settings
- Security settings
- Spaces settings
- Task Manager settings
- Telemetry settings
- URL drilldown settings
- Start and stop Kibana
- Access Kibana
- Securing access to Kibana
- Add data
- Upgrade Kibana
- Logging configuration migration
- Configure security
- Configure reporting
- Configure monitoring
- Production considerations
- Discover
- Dashboard and visualizations
- Canvas
- Maps
- Build a map to compare metrics by country or region
- Track, visualize, and alert on assets in real time
- Map custom regions with reverse geocoding
- Heat map layer
- Tile layer
- Vector layer
- Plot big data
- Search geographic data
- Configure map settings
- Connect to Elastic Maps Service
- Import geospatial data
- Troubleshoot
- Reporting and sharing
- Machine learning
- Graph
- Alerting
- Observability
- APM
- Security
- Dev Tools
- Fleet
- Osquery
- Stack Monitoring
- Stack Management
- REST API
- Get features API
- Kibana spaces APIs
- Kibana role management APIs
- User session management APIs
- Saved objects APIs
- Index patterns APIs
- Alerting APIs
- Action and connector APIs
- Cases APIs
- Import and export dashboard APIs
- Logstash configuration management APIs
- Machine learning APIs
- Short URLs APIs
- Get Task Manager health
- Upgrade assistant APIs
- Kibana plugins
- Accessibility
- Release notes
- Kibana 7.17.26
- Kibana 7.17.25
- Kibana 7.17.24
- Kibana 7.17.23
- Kibana 7.17.22
- Kibana 7.17.21
- Kibana 7.17.20
- Kibana 7.17.19
- Kibana 7.17.18
- Kibana 7.17.17
- Kibana 7.17.16
- Kibana 7.17.15
- Kibana 7.17.14
- Kibana 7.17.13
- Kibana 7.17.12
- Kibana 7.17.11
- Kibana 7.17.10
- Kibana 7.17.9
- Kibana 7.17.8
- Kibana 7.17.7
- Kibana 7.17.6
- Kibana 7.17.5
- Kibana 7.17.4
- Kibana 7.17.3
- Kibana 7.17.2
- Kibana 7.17.1
- Kibana 7.17.0
- Developer guide
Lucene query syntax
editLucene query syntax
editLucene query syntax is available to Kibana users who opt out of the Kibana Query Language. Full documentation for this syntax is available as part of Elasticsearch query string syntax.
The main reason to use the Lucene query syntax in Kibana is for advanced Lucene features, such as regular expressions or fuzzy term matching. However, Lucene syntax is not able to search nested objects or scripted fields.
To perform a free text search, simply enter a text string. For example, if
you’re searching web server logs, you could enter safari
to search all
fields:
safari
To search for a value in a specific field, prefix the value with the name of the field:
status:200
To search for a range of values, use the bracketed range syntax,
[START_VALUE TO END_VALUE]
. For example, to find entries that have 4xx
status codes, you could enter status:[400 TO 499]
.
status:[400 TO 499]
For an open range, use a wildcard:
status:[400 TO *]
To specify more complex search criteria, use the boolean operators
AND
, OR
, and NOT
. For example, to find entries that have 4xx status
codes and have an extension of php
or html
:
status:[400 TO 499] AND (extension:php OR extension:html)