Kibana provides a powerful query language for searching and filtering data in Elasticsearch. This cheat sheet covers the most commonly used query operations and syntax in Kibana.
Basic Queries
Match Query
{
"query": {
"match": {
"field_name": "search_term"
}
}
}
Matches documents where field_name
contains search_term
.
Term Query
{
"query": {
"term": {
"field_name": "exact_value"
}
}
}
Matches documents where field_name
has an exact match to exact_value
.
Range Query
{
"query": {
"range": {
"field_name": {
"gte": "min_value",
"lte": "max_value"
}
}
}
}
Matches documents where field_name
falls within the range between min_value
and max_value
.
Compound Queries
Bool Query
{
"query": {
"bool": {
"must": { "match": { "field1": "value1" } },
"must_not": { "term": { "field2": "value2" } },
"should": { "range": { "field3": { "gte": 10 } } }
}
}
}
Combines multiple queries with logical operators (must
, must_not
, should
) to create complex queries.
Full-Text Search
Match Phrase Query
{
"query": {
"match_phrase": {
"field_name": "search_phrase"
}
}
}
Matches documents where field_name
contains the exact search_phrase
.
Fuzzy Query
{
"query": {
"fuzzy": {
"field_name": "search_term"
}
}
}
Matches documents with approximate matches to search_term
.
Wildcard Query
{
"query": {
"wildcard": {
"field_name": "wildcard_pattern"
}
}
}
Matches documents where field_name
matches the wildcard_pattern
(e.g., *term*
).
Aggregation Queries
Terms Aggregation
{
"aggs": {
"field_name": {
"terms": {
"field": "field_name"
}
}
}
}
Groups documents by unique values of field_name
and provides count for each group.
Date Histogram Aggregation
{
"aggs": {
"date_histogram": {
"date_histogram": {
"field": "timestamp_field",
"interval": "1d"
}
}
}
}
Creates a date histogram of timestamp_field
with a daily interval.
Geospatial Queries (GeoJSON Format)
Geo Shape Query
{
"query": {
"geo_shape": {
"location_field": {
"shape": {
"type": "Polygon",
"coordinates": [[[], [], [], []]]
},
"relation": "intersects"
}
}
}
}
Matches documents where location_field
intersects with the specified polygon.
Geo Distance Query
{
"query": {
"geo_distance": {
"distance": "10km",
"location_field": {
"lat": 40.73,
"lon": -73.98
}
}
}
}
Matches documents within a specified distance from a given latitude and longitude.
This cheat sheet covers some of the most commonly used queries in Kibana. Depending on your specific use case, you may need to customize queries further to meet your requirements. Kibana offers a wide range of querying and filtering options to help you explore and analyze your Elasticsearch data effectively.