Re: help with kibana partial string search

2014-08-08 Thread Cristian Falcas 
Try like this:

.*"ABCD FHGHIK EX".*




On Fri, Aug 8, 2014 at 7:39 PM, Kingdom Joy 
wrote:

> Hello,
>
> I have logs that look like these:
> 07 Aug 2014 20:59:15,903 [ERROR] some-id
> this.is.a.package.ExceptionTranslator: ABCD FHGHIK EX:Failed to invoke
>
> I use ELK stack. In Kibana I am trying to search for logs that contain
> string "ABCD FHGHIK EX" but it returns no data, I've tried using regex
> /ABCD FHGHIK EX*/ but it also returns no data. I also tried escaping
> whitespace /ABCD\ FHGHIK\ EX*/ but it also returns nothing.
>
> Could someone explain how to make this type of search work?
>
> Thank you!
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/5021ff02-ac9b-4202-b8e3-486d381c8dd9%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAMo7R_eXju5%2B1eRifhB%2BB4TCNgxkfLSUucV558j1pO9rJ1hBqA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

timestamp format

2014-07-31 Thread Cristian Falcas 
Hello all,

I'm using currently rsyslogd to send messages to elasticsearch and kibana
as a GUI.

Rsyslogd is sending the @timestamp in the following format:

2014-07-31T21:01:16.515922+03:00

I was wondering if elasticsearch is able to understand this format? Because
kibana sorting doesn't do anything with it. The sorting is completly random.

Should I send the timestamp in another format? Can I keep the microseconds?

Best regards,
Cristian Falcas

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAMo7R_dKY%3DE-PyiKhc1SUtv5NKPM%3DAUJFyNmiwN-yuOigDEmQQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.