Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Thank you. That is the same with regexp. I managed to get it working with using 4 backslashes. On Wednesday, 4 February 2015 00:20:10 UTC, Itamar Syn-Hershko wrote: Here's a working gist: https://gist.github.com/synhershko/3d915a7819145f2d7a1f You need to double escape the slashes - not sure if this is by design or no but that works now -- Itamar Syn-Hershko http://code972.com | @synhershko https://twitter.com/synhershko Freelance Developer Consultant Lucene.NET committer and PMC member On Tue, Feb 3, 2015 at 7:56 PM, Ali Kheyrollahi alio...@gmail.com javascript: wrote: Wildcard does not work either. {wildcard:{CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Failure Exceptions}} And regardless, Regexp does not work so on its own right it is a bug. Can you please help open the issue on GitHub? Already have an issue which was closed: https://github.com/elasticsearch/kibana/issues/2698 On Tuesday, 3 February 2015 13:42:11 UTC, Itamar Syn-Hershko wrote: Thinking of it, I'm not sure why you are using regexp here - can you just use wildcard query instead? http://www.elasticsearch.org/guide/en/ elasticsearch/reference/current/query-dsl-wildcard-query.html -- Itamar Syn-Hershko http://code972.com | @synhershko https://twitter.com/synhershko Freelance Developer Consultant Lucene.NET committer and PMC member On Tue, Feb 3, 2015 at 12:00 PM, Ali Kheyrollahi alio...@gmail.com wrote: No it doesn't which has been my experience: {regexp:{CounterName:\\Windows Azure Caching:Client\\(w3wp_.*\\)\\Failure Exceptions}} or {regexp:{CounterName:\\Windows Azure Caching\\:Client\\(w3wp_.*\\)\\Failure Exceptions}} None of them work -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearc...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/ msgid/elasticsearch/9a4eabaa-1634-46a5-aa8a-f2c47ccd5745% 40googlegroups.com https://groups.google.com/d/msgid/elasticsearch/9a4eabaa-1634-46a5-aa8a-f2c47ccd5745%40googlegroups.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearc...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3ed729ef-697b-42e0-975b-3b3c86fd7734%40googlegroups.com https://groups.google.com/d/msgid/elasticsearch/3ed729ef-697b-42e0-975b-3b3c86fd7734%40googlegroups.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9607bc7a-f1d3-40fe-bcbc-732b23cfc734%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Wildcard does not work either. {wildcard:{CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Failure Exceptions}} And regardless, Regexp does not work so on its own right it is a bug. Can you please help open the issue on GitHub? Already have an issue which was closed: https://github.com/elasticsearch/kibana/issues/2698 On Tuesday, 3 February 2015 13:42:11 UTC, Itamar Syn-Hershko wrote: Thinking of it, I'm not sure why you are using regexp here - can you just use wildcard query instead? http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-wildcard-query.html -- Itamar Syn-Hershko http://code972.com | @synhershko https://twitter.com/synhershko Freelance Developer Consultant Lucene.NET committer and PMC member On Tue, Feb 3, 2015 at 12:00 PM, Ali Kheyrollahi alio...@gmail.com javascript: wrote: No it doesn't which has been my experience: {regexp:{CounterName:\\Windows Azure Caching:Client\\(w3wp_.*\\)\\Failure Exceptions}} or {regexp:{CounterName:\\Windows Azure Caching\\:Client\\(w3wp_.*\\)\\Failure Exceptions}} None of them work -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearc...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9a4eabaa-1634-46a5-aa8a-f2c47ccd5745%40googlegroups.com https://groups.google.com/d/msgid/elasticsearch/9a4eabaa-1634-46a5-aa8a-f2c47ccd5745%40googlegroups.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/3ed729ef-697b-42e0-975b-3b3c86fd7734%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
No it doesn't which has been my experience: {regexp:{CounterName:\\Windows Azure Caching:Client\\(w3wp_.*\\)\\Failure Exceptions}} or {regexp:{CounterName:\\Windows Azure Caching\\:Client\\(w3wp_.*\\)\\Failure Exceptions}} None of them work -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9a4eabaa-1634-46a5-aa8a-f2c47ccd5745%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Thanks for responding. It is *surely* not_analyzed - hence my frustration. Here is the mapping { my_index: { mappings: { my_type: { properties: { @timestamp: { type: date, format: dateOptionalTime }, CounterName: { type: string, index: not_analyzed }, CounterValue: { type: double }, DeploymentId: { type: string, index: not_analyzed }, EventTickCount: { type: long }, PartitionKey: { type: string, index: not_analyzed }, Role: { type: string, index: not_analyzed }, RoleInstance: { type: string, index: not_analyzed }, RowKey: { type: string, index: not_analyzed } } } } } } On Monday, 2 February 2015 13:20:49 UTC, Itamar Syn-Hershko wrote: It looks like your field is analyzed and you are trying to query it assuming its not_analyzed (e.g. one string). Hard to say without seeing your index mapping. -- Itamar Syn-Hershko http://code972.com | @synhershko https://twitter.com/synhershko Freelance Developer Consultant Lucene.NET committer and PMC member On Mon, Feb 2, 2015 at 3:08 PM, Ali Kheyrollahi alio...@gmail.com javascript: wrote: Any help please?? On Saturday, 31 January 2015 09:56:38 UTC, Ali Kheyrollahi wrote: Hi, I really haven't found a consistent way to use query window in Discover or Visualize tabs. My results become hit and miss and inconsistent. So I am searching for types of my_type and I have a field called CounterName and I am looking for \Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits Funny thing is searching for verbatim value does not work: CounterName\Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits And I have to escape only backslashes (well I am using double quotes so it is literal, no?) and not brackets or colon: CounterName\\Windows Azure Caching:Client(w3wp_2392)\\Total Local Cache Hits Now, the 2392 number here is variable (pid on the box) so I am trying to look for \Windows Azure Caching:Client(w3wp_*)\Total Local Cache Hits and I have tried all these to no avail: CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits CounterName:\\Windows Azure Caching:Client(w3wp_\*)\\Total Local Cache Hits CounterName:\Windows Azure Caching:Client(w3wp_*\Total Local Cache Hits (nothing comes back) And also tried regex: CounterName:/\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits/ CounterName:/\Windows Azure Caching:Client(w3wp_.*)\\Total Local Cache Hits/ ... With many different combinations of replacing reserved chars with ?. What am I doing wrong? Thanks -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearc...@googlegroups.com javascript:. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/54e8264f-00ee-4327-b4fc-ae074152669e%40googlegroups.com https://groups.google.com/d/msgid/elasticsearch/54e8264f-00ee-4327-b4fc-ae074152669e%40googlegroups.com?utm_medium=emailutm_source=footer . For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/a5aa9d83-a0cc-459d-87fe-d5da8142a4fb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
This *works* (exact value) {term:{CounterName:\\Windows Azure Caching:Client(w3wp_5412)\\Failure Exceptions}} But NOT this: {term:{CounterName:Caching}} Nor {term:{CounterName:\\Windows Azure Caching:Client(w3wp_.*)\\Failure Exceptions}} Or this {term:{CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Failure Exceptions}} And *not even* this {regexp:{CounterName:\\Windows Azure Caching:Client(w3wp_.*)\\Failure Exceptions}} or {regexp:{CounterName:\\Windows Azure Caching:Client(w3wp_.+)\\Failure Exceptions}} or {regexp:{CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Failure Exceptions}} -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/327ba38a-9caf-41c1-8a45-f93be1532bf2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Any help please?? On Saturday, 31 January 2015 09:56:38 UTC, Ali Kheyrollahi wrote: Hi, I really haven't found a consistent way to use query window in Discover or Visualize tabs. My results become hit and miss and inconsistent. So I am searching for types of my_type and I have a field called CounterName and I am looking for \Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits Funny thing is searching for verbatim value does not work: CounterName\Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits And I have to escape only backslashes (well I am using double quotes so it is literal, no?) and not brackets or colon: CounterName\\Windows Azure Caching:Client(w3wp_2392)\\Total Local Cache Hits Now, the 2392 number here is variable (pid on the box) so I am trying to look for \Windows Azure Caching:Client(w3wp_*)\Total Local Cache Hits and I have tried all these to no avail: CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits CounterName:\\Windows Azure Caching:Client(w3wp_\*)\\Total Local Cache Hits CounterName:\Windows Azure Caching:Client(w3wp_*\Total Local Cache Hits (nothing comes back) And also tried regex: CounterName:/\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits/ CounterName:/\Windows Azure Caching:Client(w3wp_.*)\\Total Local Cache Hits/ ... With many different combinations of replacing reserved chars with ?. What am I doing wrong? Thanks -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/54e8264f-00ee-4327-b4fc-ae074152669e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: The elasticsearch docker image is wiping my index when I stop and start the docker container.
Please mark as completed. On Sunday, 1 February 2015 06:16:16 UTC, Olav Grønås Gjerde wrote: I found the problem settingsBuilder.put(gateway.type, none); This should be set to local: settingsBuilder.put(gateway.type, local); -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/42c4a6fa-c016-419c-86a0-aafb27369932%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Anyone please?? On Saturday, 31 January 2015 09:56:38 UTC, Ali Kheyrollahi wrote: Hi, I really haven't found a consistent way to use query window in Discover or Visualize tabs. My results become hit and miss and inconsistent. So I am searching for types of my_type and I have a field called CounterName and I am looking for \Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits Funny thing is searching for verbatim value does not work: CounterName\Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits And I have to escape only backslashes (well I am using double quotes so it is literal, no?) and not brackets or colon: CounterName\\Windows Azure Caching:Client(w3wp_2392)\\Total Local Cache Hits Now, the 2392 number here is variable (pid on the box) so I am trying to look for \Windows Azure Caching:Client(w3wp_*)\Total Local Cache Hits and I have tried all these to no avail: CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits CounterName:\\Windows Azure Caching:Client(w3wp_\*)\\Total Local Cache Hits CounterName:\Windows Azure Caching:Client(w3wp_*\Total Local Cache Hits (nothing comes back) And also tried regex: CounterName:/\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits/ CounterName:/\Windows Azure Caching:Client(w3wp_.*)\\Total Local Cache Hits/ ... With many different combinations of replacing reserved chars with ?. What am I doing wrong? Thanks -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/989971d3-3c4d-49ce-82bb-8dbfe7e559f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Hi, I really haven't found a consistent way to use query window in Discover or Visualize tabs. My results become hit and miss and inconsistent. So I am searching for types of my_type and I have a field called CounterName and I am looking for \Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits Funny thing is searching for verbatim value does not work: CounterName\Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits And I have to escape only backslashes (well I am using double quotes so it is literal, no?) and not brackets or colon: CounterName\\Windows Azure Caching:Client(w3wp_2392)\\Total Local Cache Hits Now, the 2392 number here is variable (pid on the box) so I am trying to look for \Windows Azure Caching:Client(w3wp_*)\Total Local Cache Hits and I have tried all these to no avail: CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits CounterName:\\Windows Azure Caching:Client(w3wp_\*)\\Total Local Cache Hits CounterName:\Windows Azure Caching:Client(w3wp_*\Total Local Cache Hits (nothing comes back) And also tried regex: CounterName:/\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits/ CounterName:/\Windows Azure Caching:Client(w3wp_.*)\\Total Local Cache Hits/ ... With many different combinations of replacing reserved chars with ?. What am I doing wrong? Thanks -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/8670910d-2fef-485f-ba6d-7e32851be397%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Kibana 4 beta3: How to apply filters (or multiple filters) when in Discover/Search tab (not visualize)
Hi, I am trying to filter based on _type in the search/discover tab. So I know that when I click on a field, I get to see values and can click on the + to filter but if item I am interested is not within the top top items, I have to go to visualize page by clicking the Visualize (see below) and select but when I get back to Discover tab, the filter gets disappeared. *Is there a way to apply filter on the discover tab?* Thanks Ali https://lh5.googleusercontent.com/-c7_k9ywIdJs/VMjnBste3jI/I0k/IrjuMdr0URw/s1600/Untitled.png -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/acbfad24-baed-4395-a350-37d14f7d3266%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
ES_HEAP_SIZE is set but still see -Xms256m -Xmx1g
Hi, I have an ES cluster running on Ubuntu 14 and created a file in /etc/profile.d/es_vars.sh with this content: export ES_HEAP_SIZE=7g I have 14GB of memory so giving 7GB to ES heap but I can see in ps aux: ... elastic+ 1474 17.0 2.2 5929120 325284 ? Sl 22:33 0:38 /usr/lib/jvm/java-7-oracle/bin/java *-Xms256m -Xmx1g* -Xss256k -Djava.awt.headless=true -XX:+UseParNewGC - ... So it seems it is still running with Xms 256MB and Xmx of 1GB. I also once got *memory circuit breaker* for using 600MB RAM for fields so *confirming that my Max memory is only 1GB*. I am sure environment variable is there: $ES_HEAP_SIZE $7g Is there something I am missing? Thanks in advance -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/6105e526-f399-4324-8d15-843eb4881c39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: ES_HEAP_SIZE is set but still see -Xms256m -Xmx1g
Sorry missed *echo* $ES_HEAP_SIZE -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/65b8ce31-c0df-4cd3-a85c-99cb563becae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Discrete value aggregations on a URL field
Hi, I am trying to find numbers of discrete value per URL in a day and the result is not what I expect. So let's say I have an index which contains such document: { date: ..., url: , other... } And basically I am trying to group by url for a particular date: { query: { range:{date: {gte:2014-09-08, lte:2014-09-09}} }, aggregations: { mt_agg: { terms: {field: url} } } } Result is bizarre, I mean it breaks my URL into its segments and aggregates on that. Do I need to use Hash of the URL (I prefer not to)? Here is the result: aggregations: { shabash: { buckets: [ { key: http, doc_count: 903 }, { key: rss, doc_count: 638 }, { key: service, doc_count: 381 }, { key: zzz.fff, doc_count: 337 }, { key: e, doc_count: 153 }, { key: xxx.com, doc_count: 153 }, { key: www.yyy, doc_count: 153 }, { key: fa, doc_count: 127 }, { key: feed, doc_count: 119 }, { key: www.nnn.com, doc_count: 71 } ] } } -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ac784f35-d8ee-4fe5-979f-de1ca7446da0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Discrete value aggregations on a URL field
OK, it seems that I need to use not_analyzed on the field. Is that correct? On Friday, 12 September 2014 08:18:19 UTC+1, Ali Kheyrollahi wrote: Hi, I am trying to find numbers of discrete value per URL in a day and the result is not what I expect. So let's say I have an index which contains such document: { date: ..., url: , other... } And basically I am trying to group by url for a particular date: { query: { range:{date: {gte:2014-09-08, lte:2014-09-09}} }, aggregations: { mt_agg: { terms: {field: url} } } } Result is bizarre, I mean it breaks my URL into its segments and aggregates on that. Do I need to use Hash of the URL (I prefer not to)? Here is the result: aggregations: { shabash: { buckets: [ { key: http, doc_count: 903 }, { key: rss, doc_count: 638 }, { key: service, doc_count: 381 }, { key: zzz.fff, doc_count: 337 }, { key: e, doc_count: 153 }, { key: xxx.com, doc_count: 153 }, { key: www.yyy, doc_count: 153 }, { key: fa, doc_count: 127 }, { key: feed, doc_count: 119 }, { key: www.nnn.com, doc_count: 71 } ] } } -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/e453b450-3329-476c-9102-852af3180745%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.