I am using Logstash 1.4.1, elasticsearch 1.1.1, kibana 3.1 for analyzing my logs. I get the parsed fields (from log) in Kibana 3.
Now, I have often query on a particular field for many strings. Eg: auth_message is a field and I may have to query for like 20 different strings (all together or separately). If together: auth_message: "login failed" OR "user XYZ" OR "authentication failure" OR ......... If separate queries: auth_message: "login failed" auth_message: "user XYZ" auth_message: "authentication failure" So user cannot remember 20 strings for a field to be searched for. Is there a way to store or present it to user to select the strings he wants to search for. Can this be done using ELK ?? Please help -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/751ba805-557c-4531-9a4f-fe3d4d05a495%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
