In kibana I want to define a query, which will find all entries containing a field numberwith either a value of 234, 231, 1.

Is there a way to define a query, looking something like number: (234, 231, 1)(This does not work).

Currently my only working query looks like: (number:234 OR number:231 OR number:1).

2 Answers

Kibana uses Lucene query syntax.

You can't feed a conventional list to a field, but something like:

page_root:(owa OR ews OR autodiscover)

should work in lieu of the much more verbose

(page_root:owa OR page_root:ews OR page_root:autodiscover)

For numeric values it does not work, but works if we quote the numbers i.e. number: (234, 231, 1) will not work but number: ("234", "231", "1") works

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge that you have read and understand our privacy policy and code of conduct.