{"id":583,"date":"2022-12-30T11:14:50","date_gmt":"2022-12-30T19:14:50","guid":{"rendered":"https:\/\/liangqi.org\/?p=583"},"modified":"2022-12-30T11:14:52","modified_gmt":"2022-12-30T19:14:52","slug":"kibana-query-cheatsheet","status":"publish","type":"post","link":"https:\/\/liangqi.org\/?p=583","title":{"rendered":"Kibana Query cheatsheet"},"content":{"rendered":"\n

Example<\/strong><\/p>\n\n\n\n

    \n
  1. this is a test<\/li>\n\n\n\n
  2. test<\/li>\n<\/ol>\n\n\n\n
    Query<\/strong><\/td>Result<\/strong><\/td>DSL<\/strong><\/td><\/tr>
    message:”a test”<\/td>1<\/td>match phase<\/td><\/tr>
    message: a test<\/td>1, 2<\/td>match<\/td><\/tr>
    message.keyword: “a test”<\/td>none<\/td>match phase<\/td><\/tr>
    message.keyword: “this is a test”<\/td>2<\/td>match phase<\/td><\/tr>
    <\/td><\/td><\/td><\/tr>
    <\/td><\/td><\/td><\/tr>
    <\/td><\/td><\/td><\/tr>
    <\/td><\/td><\/td><\/tr>
    <\/td><\/td><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n

    KQL got converted to DSL before sending to the server:<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    We can check the related DSL by clicking “inspect” button in UI. <\/p>\n\n\n\n

    Reference: <\/p>\n\n\n\n

    https:\/\/xeraa.net\/blog\/2021_kibana-map-kql-url-elasticsearch-query\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    Example Query Result DSL message:”a test” 1 match phase message: a test 1, 2 match message.keyword: “a test” none match phase message.keyword: “this is a test” 2 match phase KQL got converted to DSL before sending to the server: We can check the related DSL by clicking “inspect” button in UI. Reference: https:\/\/xeraa.net\/blog\/2021_kibana-map-kql-url-elasticsearch-query\/<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29,16],"tags":[],"class_list":["post-583","post","type-post","status-publish","format-standard","hentry","category-29","category-16"],"yoast_head":"\nKibana Query cheatsheet - Liangqi\u2018s Technical Journey<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/liangqi.org\/?p=583\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kibana Query cheatsheet - Liangqi\u2018s Technical Journey\" \/>\n<meta property=\"og:description\" content=\"Example Query Result DSL message:”a test” 1 match phase message: a test 1, 2 match message.keyword: “a test” none match phase message.keyword: “this is a test” 2 match phase KQL got converted to DSL before sending to the server: We can check the related DSL by clicking “inspect” button in UI. Reference: https:\/\/xeraa.net\/blog\/2021_kibana-map-kql-url-elasticsearch-query\/\" \/>\n<meta property=\"og:url\" content=\"https:\/\/liangqi.org\/?p=583\" \/>\n<meta property=\"og:site_name\" content=\"Liangqi\u2018s Technical Journey\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-30T19:14:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-30T19:14:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/liangqi.org\/wp-content\/uploads\/2022\/12\/image-5.png\" \/>\n<meta name=\"author\" content=\"liangqi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"liangqi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/liangqi.org\/?p=583#article\",\"isPartOf\":{\"@id\":\"https:\/\/liangqi.org\/?p=583\"},\"author\":{\"name\":\"liangqi\",\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3\"},\"headline\":\"Kibana Query cheatsheet\",\"datePublished\":\"2022-12-30T19:14:50+00:00\",\"dateModified\":\"2022-12-30T19:14:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/liangqi.org\/?p=583\"},\"wordCount\":64,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3\"},\"articleSection\":[\"\u5de5\u5177\",\"\u6280\u672f\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/liangqi.org\/?p=583#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/liangqi.org\/?p=583\",\"url\":\"https:\/\/liangqi.org\/?p=583\",\"name\":\"Kibana Query cheatsheet - Liangqi\u2018s Technical Journey\",\"isPartOf\":{\"@id\":\"https:\/\/liangqi.org\/#website\"},\"datePublished\":\"2022-12-30T19:14:50+00:00\",\"dateModified\":\"2022-12-30T19:14:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/liangqi.org\/?p=583#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/liangqi.org\/?p=583\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/liangqi.org\/?p=583#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/liangqi.org\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kibana Query cheatsheet\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/liangqi.org\/#website\",\"url\":\"https:\/\/liangqi.org\/\",\"name\":\"Liangqi\u2018s Technical Journey\",\"description\":\"Chasing Excellence; Enjoy life.\",\"publisher\":{\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/liangqi.org\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3\",\"name\":\"liangqi\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/liangqi.org\/wp-content\/uploads\/2022\/01\/P1100089-3-scaled.jpg\",\"contentUrl\":\"https:\/\/liangqi.org\/wp-content\/uploads\/2022\/01\/P1100089-3-scaled.jpg\",\"width\":2560,\"height\":1920,\"caption\":\"liangqi\"},\"logo\":{\"@id\":\"https:\/\/liangqi.org\/#\/schema\/person\/image\/\"},\"sameAs\":[\"https:\/\/liangqi.org\"],\"url\":\"https:\/\/liangqi.org\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Kibana Query cheatsheet - Liangqi\u2018s Technical Journey","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/liangqi.org\/?p=583","og_locale":"en_US","og_type":"article","og_title":"Kibana Query cheatsheet - Liangqi\u2018s Technical Journey","og_description":"Example Query Result DSL message:”a test” 1 match phase message: a test 1, 2 match message.keyword: “a test” none match phase message.keyword: “this is a test” 2 match phase KQL got converted to DSL before sending to the server: We can check the related DSL by clicking “inspect” button in UI. Reference: https:\/\/xeraa.net\/blog\/2021_kibana-map-kql-url-elasticsearch-query\/","og_url":"https:\/\/liangqi.org\/?p=583","og_site_name":"Liangqi\u2018s Technical Journey","article_published_time":"2022-12-30T19:14:50+00:00","article_modified_time":"2022-12-30T19:14:52+00:00","og_image":[{"url":"https:\/\/liangqi.org\/wp-content\/uploads\/2022\/12\/image-5.png"}],"author":"liangqi","twitter_card":"summary_large_image","twitter_misc":{"Written by":"liangqi","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/liangqi.org\/?p=583#article","isPartOf":{"@id":"https:\/\/liangqi.org\/?p=583"},"author":{"name":"liangqi","@id":"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3"},"headline":"Kibana Query cheatsheet","datePublished":"2022-12-30T19:14:50+00:00","dateModified":"2022-12-30T19:14:52+00:00","mainEntityOfPage":{"@id":"https:\/\/liangqi.org\/?p=583"},"wordCount":64,"commentCount":0,"publisher":{"@id":"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3"},"articleSection":["\u5de5\u5177","\u6280\u672f"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/liangqi.org\/?p=583#respond"]}]},{"@type":"WebPage","@id":"https:\/\/liangqi.org\/?p=583","url":"https:\/\/liangqi.org\/?p=583","name":"Kibana Query cheatsheet - Liangqi\u2018s Technical Journey","isPartOf":{"@id":"https:\/\/liangqi.org\/#website"},"datePublished":"2022-12-30T19:14:50+00:00","dateModified":"2022-12-30T19:14:52+00:00","breadcrumb":{"@id":"https:\/\/liangqi.org\/?p=583#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/liangqi.org\/?p=583"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/liangqi.org\/?p=583#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/liangqi.org\/"},{"@type":"ListItem","position":2,"name":"Kibana Query cheatsheet"}]},{"@type":"WebSite","@id":"https:\/\/liangqi.org\/#website","url":"https:\/\/liangqi.org\/","name":"Liangqi\u2018s Technical Journey","description":"Chasing Excellence; Enjoy life.","publisher":{"@id":"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/liangqi.org\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/liangqi.org\/#\/schema\/person\/105c89d9b783fda67b62e3ce113d6cd3","name":"liangqi","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/liangqi.org\/#\/schema\/person\/image\/","url":"https:\/\/liangqi.org\/wp-content\/uploads\/2022\/01\/P1100089-3-scaled.jpg","contentUrl":"https:\/\/liangqi.org\/wp-content\/uploads\/2022\/01\/P1100089-3-scaled.jpg","width":2560,"height":1920,"caption":"liangqi"},"logo":{"@id":"https:\/\/liangqi.org\/#\/schema\/person\/image\/"},"sameAs":["https:\/\/liangqi.org"],"url":"https:\/\/liangqi.org\/?author=1"}]}},"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/posts\/583","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/liangqi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=583"}],"version-history":[{"count":1,"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/posts\/583\/revisions"}],"predecessor-version":[{"id":585,"href":"https:\/\/liangqi.org\/index.php?rest_route=\/wp\/v2\/posts\/583\/revisions\/585"}],"wp:attachment":[{"href":"https:\/\/liangqi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/liangqi.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/liangqi.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}