Kibana - GradedJestRisk/cicd-training GitHub Wiki
Kibana
_source field includes all the other fields
KQL
https://www.elastic.co/guide/en/kibana/current/kuery-query.html
Basics :
- equality (
:):: $VALUE-status: 500 - fuzzy-find (
*):*$PATTERN*-logs.host : *database* - access property (
.):$object.property-container_name.keyword : "database" - check if property exists (
: *):: *-container_name.keyword : *
Predicates :
- combine (
AND) :container_name : nginx AND logs.status : 500 - exclude (
NOT ()) :container_name : nginx AND NOT (logs.request : application.js)
Text:
- with spaces, enclose in double-quotes (
") :logs.message: "An error occured" - fuzzy :
message : "occured in"matchan error occured in database