Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Thank you.
That is the same with regexp. I managed to get it working with using 4
backslashes.
On Wednesday, 4 February 2015 00:20:10 UTC, Itamar Syn-Hershko wrote:
Here's a working gist:
https://gist.github.com/synhershko/3d915a7819145f2d7a1f
You need to double escape the slashes - not sure if this is by design or
no but that works now
--
Itamar Syn-Hershko
http://code972.com | @synhershko https://twitter.com/synhershko
Freelance Developer Consultant
Lucene.NET committer and PMC member
On Tue, Feb 3, 2015 at 7:56 PM, Ali Kheyrollahi alio...@gmail.com
javascript: wrote:
Wildcard does not work either.
{wildcard:{CounterName:\\Windows Azure
Caching:Client(w3wp_*)\\Failure Exceptions}}
And regardless, Regexp does not work so on its own right it is a bug.
Can you please help open the issue on GitHub? Already have an issue which
was closed:
https://github.com/elasticsearch/kibana/issues/2698
On Tuesday, 3 February 2015 13:42:11 UTC, Itamar Syn-Hershko wrote:
Thinking of it, I'm not sure why you are using regexp here - can you
just use wildcard query instead? http://www.elasticsearch.org/guide/en/
elasticsearch/reference/current/query-dsl-wildcard-query.html
--
Itamar Syn-Hershko
http://code972.com | @synhershko https://twitter.com/synhershko
Freelance Developer Consultant
Lucene.NET committer and PMC member
On Tue, Feb 3, 2015 at 12:00 PM, Ali Kheyrollahi alio...@gmail.com
wrote:
No it doesn't which has been my experience:
{regexp:{CounterName:\\Windows Azure
Caching:Client\\(w3wp_.*\\)\\Failure
Exceptions}}
or
{regexp:{CounterName:\\Windows Azure
Caching\\:Client\\(w3wp_.*\\)\\Failure Exceptions}}
None of them work
--
You received this message because you are subscribed to the Google
Groups elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/elasticsearch/9a4eabaa-1634-46a5-aa8a-f2c47ccd5745%
40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/9a4eabaa-1634-46a5-aa8a-f2c47ccd5745%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/3ed729ef-697b-42e0-975b-3b3c86fd7734%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/3ed729ef-697b-42e0-975b-3b3c86fd7734%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/9607bc7a-f1d3-40fe-bcbc-732b23cfc734%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Wildcard does not work either.
{wildcard:{CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Failure
Exceptions}}
And regardless, Regexp does not work so on its own right it is a bug.
Can you please help open the issue on GitHub? Already have an issue which
was closed:
https://github.com/elasticsearch/kibana/issues/2698
On Tuesday, 3 February 2015 13:42:11 UTC, Itamar Syn-Hershko wrote:
Thinking of it, I'm not sure why you are using regexp here - can you just
use wildcard query instead?
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-wildcard-query.html
--
Itamar Syn-Hershko
http://code972.com | @synhershko https://twitter.com/synhershko
Freelance Developer Consultant
Lucene.NET committer and PMC member
On Tue, Feb 3, 2015 at 12:00 PM, Ali Kheyrollahi alio...@gmail.com
javascript: wrote:
No it doesn't which has been my experience:
{regexp:{CounterName:\\Windows Azure
Caching:Client\\(w3wp_.*\\)\\Failure Exceptions}}
or
{regexp:{CounterName:\\Windows Azure
Caching\\:Client\\(w3wp_.*\\)\\Failure Exceptions}}
None of them work
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/9a4eabaa-1634-46a5-aa8a-f2c47ccd5745%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/9a4eabaa-1634-46a5-aa8a-f2c47ccd5745%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/3ed729ef-697b-42e0-975b-3b3c86fd7734%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
No it doesn't which has been my experience:
{regexp:{CounterName:\\Windows Azure
Caching:Client\\(w3wp_.*\\)\\Failure Exceptions}}
or
{regexp:{CounterName:\\Windows Azure
Caching\\:Client\\(w3wp_.*\\)\\Failure Exceptions}}
None of them work
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/9a4eabaa-1634-46a5-aa8a-f2c47ccd5745%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Thanks for responding.
It is *surely* not_analyzed - hence my frustration. Here is the mapping
{
my_index: {
mappings: {
my_type: {
properties: {
@timestamp: {
type: date,
format: dateOptionalTime
},
CounterName: {
type: string,
index: not_analyzed
},
CounterValue: {
type: double
},
DeploymentId: {
type: string,
index: not_analyzed
},
EventTickCount: {
type: long
},
PartitionKey: {
type: string,
index: not_analyzed
},
Role: {
type: string,
index: not_analyzed
},
RoleInstance: {
type: string,
index: not_analyzed
},
RowKey: {
type: string,
index: not_analyzed
}
}
}
}
}
}
On Monday, 2 February 2015 13:20:49 UTC, Itamar Syn-Hershko wrote:
It looks like your field is analyzed and you are trying to query it
assuming its not_analyzed (e.g. one string). Hard to say without seeing
your index mapping.
--
Itamar Syn-Hershko
http://code972.com | @synhershko https://twitter.com/synhershko
Freelance Developer Consultant
Lucene.NET committer and PMC member
On Mon, Feb 2, 2015 at 3:08 PM, Ali Kheyrollahi alio...@gmail.com
javascript: wrote:
Any help please??
On Saturday, 31 January 2015 09:56:38 UTC, Ali Kheyrollahi wrote:
Hi,
I really haven't found a consistent way to use query window in Discover
or Visualize tabs. My results become hit and miss and inconsistent.
So I am searching for types of my_type and I have a field called
CounterName and I am looking for \Windows Azure
Caching:Client(w3wp_2392)\Total Local Cache Hits
Funny thing is searching for verbatim value does not work:
CounterName\Windows Azure Caching:Client(w3wp_2392)\Total Local Cache
Hits
And I have to escape only backslashes (well I am using double quotes so
it is literal, no?) and not brackets or colon:
CounterName\\Windows Azure Caching:Client(w3wp_2392)\\Total Local
Cache Hits
Now, the 2392 number here is variable (pid on the box) so I am trying to
look for \Windows Azure Caching:Client(w3wp_*)\Total Local Cache Hits and
I have tried all these to no avail:
CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache
Hits
CounterName:\\Windows Azure Caching:Client(w3wp_\*)\\Total Local Cache
Hits
CounterName:\Windows Azure Caching:Client(w3wp_*\Total Local Cache
Hits (nothing comes back)
And also tried regex:
CounterName:/\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache
Hits/
CounterName:/\Windows Azure Caching:Client(w3wp_.*)\\Total Local Cache
Hits/
...
With many different combinations of replacing reserved chars with ?.
What am I doing wrong?
Thanks
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com javascript:.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/54e8264f-00ee-4327-b4fc-ae074152669e%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/54e8264f-00ee-4327-b4fc-ae074152669e%40googlegroups.com?utm_medium=emailutm_source=footer
.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/a5aa9d83-a0cc-459d-87fe-d5da8142a4fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
This *works* (exact value)
{term:{CounterName:\\Windows Azure Caching:Client(w3wp_5412)\\Failure
Exceptions}}
But NOT this:
{term:{CounterName:Caching}}
Nor
{term:{CounterName:\\Windows Azure Caching:Client(w3wp_.*)\\Failure
Exceptions}}
Or this
{term:{CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Failure
Exceptions}}
And *not even* this
{regexp:{CounterName:\\Windows Azure Caching:Client(w3wp_.*)\\Failure
Exceptions}}
or
{regexp:{CounterName:\\Windows Azure Caching:Client(w3wp_.+)\\Failure
Exceptions}}
or
{regexp:{CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Failure
Exceptions}}
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/327ba38a-9caf-41c1-8a45-f93be1532bf2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Any help please?? On Saturday, 31 January 2015 09:56:38 UTC, Ali Kheyrollahi wrote: Hi, I really haven't found a consistent way to use query window in Discover or Visualize tabs. My results become hit and miss and inconsistent. So I am searching for types of my_type and I have a field called CounterName and I am looking for \Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits Funny thing is searching for verbatim value does not work: CounterName\Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits And I have to escape only backslashes (well I am using double quotes so it is literal, no?) and not brackets or colon: CounterName\\Windows Azure Caching:Client(w3wp_2392)\\Total Local Cache Hits Now, the 2392 number here is variable (pid on the box) so I am trying to look for \Windows Azure Caching:Client(w3wp_*)\Total Local Cache Hits and I have tried all these to no avail: CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits CounterName:\\Windows Azure Caching:Client(w3wp_\*)\\Total Local Cache Hits CounterName:\Windows Azure Caching:Client(w3wp_*\Total Local Cache Hits (nothing comes back) And also tried regex: CounterName:/\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits/ CounterName:/\Windows Azure Caching:Client(w3wp_.*)\\Total Local Cache Hits/ ... With many different combinations of replacing reserved chars with ?. What am I doing wrong? Thanks -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/54e8264f-00ee-4327-b4fc-ae074152669e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: The elasticsearch docker image is wiping my index when I stop and start the docker container.
Please mark as completed. On Sunday, 1 February 2015 06:16:16 UTC, Olav Grønås Gjerde wrote: I found the problem settingsBuilder.put(gateway.type, none); This should be set to local: settingsBuilder.put(gateway.type, local); -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/42c4a6fa-c016-419c-86a0-aafb27369932%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Anyone please?? On Saturday, 31 January 2015 09:56:38 UTC, Ali Kheyrollahi wrote: Hi, I really haven't found a consistent way to use query window in Discover or Visualize tabs. My results become hit and miss and inconsistent. So I am searching for types of my_type and I have a field called CounterName and I am looking for \Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits Funny thing is searching for verbatim value does not work: CounterName\Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits And I have to escape only backslashes (well I am using double quotes so it is literal, no?) and not brackets or colon: CounterName\\Windows Azure Caching:Client(w3wp_2392)\\Total Local Cache Hits Now, the 2392 number here is variable (pid on the box) so I am trying to look for \Windows Azure Caching:Client(w3wp_*)\Total Local Cache Hits and I have tried all these to no avail: CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits CounterName:\\Windows Azure Caching:Client(w3wp_\*)\\Total Local Cache Hits CounterName:\Windows Azure Caching:Client(w3wp_*\Total Local Cache Hits (nothing comes back) And also tried regex: CounterName:/\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits/ CounterName:/\Windows Azure Caching:Client(w3wp_.*)\\Total Local Cache Hits/ ... With many different combinations of replacing reserved chars with ?. What am I doing wrong? Thanks -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/989971d3-3c4d-49ce-82bb-8dbfe7e559f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Kibana4 Beta3: Battling with wildcard search on not_analyzed fields
Hi, I really haven't found a consistent way to use query window in Discover or Visualize tabs. My results become hit and miss and inconsistent. So I am searching for types of my_type and I have a field called CounterName and I am looking for \Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits Funny thing is searching for verbatim value does not work: CounterName\Windows Azure Caching:Client(w3wp_2392)\Total Local Cache Hits And I have to escape only backslashes (well I am using double quotes so it is literal, no?) and not brackets or colon: CounterName\\Windows Azure Caching:Client(w3wp_2392)\\Total Local Cache Hits Now, the 2392 number here is variable (pid on the box) so I am trying to look for \Windows Azure Caching:Client(w3wp_*)\Total Local Cache Hits and I have tried all these to no avail: CounterName:\\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits CounterName:\\Windows Azure Caching:Client(w3wp_\*)\\Total Local Cache Hits CounterName:\Windows Azure Caching:Client(w3wp_*\Total Local Cache Hits (nothing comes back) And also tried regex: CounterName:/\Windows Azure Caching:Client(w3wp_*)\\Total Local Cache Hits/ CounterName:/\Windows Azure Caching:Client(w3wp_.*)\\Total Local Cache Hits/ ... With many different combinations of replacing reserved chars with ?. What am I doing wrong? Thanks -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/8670910d-2fef-485f-ba6d-7e32851be397%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Kibana 4 beta3: How to apply filters (or multiple filters) when in Discover/Search tab (not visualize)
Hi, I am trying to filter based on _type in the search/discover tab. So I know that when I click on a field, I get to see values and can click on the + to filter but if item I am interested is not within the top top items, I have to go to visualize page by clicking the Visualize (see below) and select but when I get back to Discover tab, the filter gets disappeared. *Is there a way to apply filter on the discover tab?* Thanks Ali https://lh5.googleusercontent.com/-c7_k9ywIdJs/VMjnBste3jI/I0k/IrjuMdr0URw/s1600/Untitled.png -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/acbfad24-baed-4395-a350-37d14f7d3266%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
ES_HEAP_SIZE is set but still see -Xms256m -Xmx1g
Hi, I have an ES cluster running on Ubuntu 14 and created a file in /etc/profile.d/es_vars.sh with this content: export ES_HEAP_SIZE=7g I have 14GB of memory so giving 7GB to ES heap but I can see in ps aux: ... elastic+ 1474 17.0 2.2 5929120 325284 ? Sl 22:33 0:38 /usr/lib/jvm/java-7-oracle/bin/java *-Xms256m -Xmx1g* -Xss256k -Djava.awt.headless=true -XX:+UseParNewGC - ... So it seems it is still running with Xms 256MB and Xmx of 1GB. I also once got *memory circuit breaker* for using 600MB RAM for fields so *confirming that my Max memory is only 1GB*. I am sure environment variable is there: $ES_HEAP_SIZE $7g Is there something I am missing? Thanks in advance -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/6105e526-f399-4324-8d15-843eb4881c39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: ES_HEAP_SIZE is set but still see -Xms256m -Xmx1g
Sorry missed *echo* $ES_HEAP_SIZE -- You received this message because you are subscribed to the Google Groups elasticsearch group. To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/65b8ce31-c0df-4cd3-a85c-99cb563becae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Discrete value aggregations on a URL field
Hi,
I am trying to find numbers of discrete value per URL in a day and the
result is not what I expect.
So let's say I have an index which contains such document:
{
date: ...,
url: ,
other...
}
And basically I am trying to group by url for a particular date:
{
query:
{
range:{date: {gte:2014-09-08, lte:2014-09-09}}
},
aggregations:
{
mt_agg:
{
terms: {field: url}
}
}
}
Result is bizarre, I mean it breaks my URL into its segments and aggregates
on that. Do I need to use Hash of the URL (I prefer not to)? Here is the
result:
aggregations: {
shabash: {
buckets: [
{
key: http,
doc_count: 903
},
{
key: rss,
doc_count: 638
},
{
key: service,
doc_count: 381
},
{
key: zzz.fff,
doc_count: 337
},
{
key: e,
doc_count: 153
},
{
key: xxx.com,
doc_count: 153
},
{
key: www.yyy,
doc_count: 153
},
{
key: fa,
doc_count: 127
},
{
key: feed,
doc_count: 119
},
{
key: www.nnn.com,
doc_count: 71
}
]
}
}
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/ac784f35-d8ee-4fe5-979f-de1ca7446da0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Discrete value aggregations on a URL field
OK, it seems that I need to use not_analyzed on the field. Is that correct?
On Friday, 12 September 2014 08:18:19 UTC+1, Ali Kheyrollahi wrote:
Hi,
I am trying to find numbers of discrete value per URL in a day and the
result is not what I expect.
So let's say I have an index which contains such document:
{
date: ...,
url: ,
other...
}
And basically I am trying to group by url for a particular date:
{
query:
{
range:{date: {gte:2014-09-08, lte:2014-09-09}}
},
aggregations:
{
mt_agg:
{
terms: {field: url}
}
}
}
Result is bizarre, I mean it breaks my URL into its segments and
aggregates on that. Do I need to use Hash of the URL (I prefer not to)?
Here is the result:
aggregations: {
shabash: {
buckets: [
{
key: http,
doc_count: 903
},
{
key: rss,
doc_count: 638
},
{
key: service,
doc_count: 381
},
{
key: zzz.fff,
doc_count: 337
},
{
key: e,
doc_count: 153
},
{
key: xxx.com,
doc_count: 153
},
{
key: www.yyy,
doc_count: 153
},
{
key: fa,
doc_count: 127
},
{
key: feed,
doc_count: 119
},
{
key: www.nnn.com,
doc_count: 71
}
]
}
}
--
You received this message because you are subscribed to the Google Groups
elasticsearch group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/e453b450-3329-476c-9102-852af3180745%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
