Kibana Query Cheat Sheet – Kodecamps- Learn to code in a fun and interactive way

Kibana provides a powerful query language for searching and filtering data in Elasticsearch. This cheat sheet covers the most commonly used query operations and syntax in Kibana.

Basic Queries

Match Query

{
  "query": {
    "match": {
      "field_name": "search_term"
    }
  }
}

Matches documents where field_name contains search_term.

Term Query

{
  "query": {
    "term": {
      "field_name": "exact_value"
    }
  }
}

Matches documents where field_name has an exact match to exact_value.

Range Query

{
  "query": {
    "range": {
      "field_name": {
        "gte": "min_value",
        "lte": "max_value"
      }
    }
  }
}

Matches documents where field_name falls within the range between min_value and max_value.

Compound Queries

Bool Query

{
  "query": {
    "bool": {
      "must": { "match": { "field1": "value1" } },
      "must_not": { "term": { "field2": "value2" } },
      "should": { "range": { "field3": { "gte": 10 } } }
    }
  }
}

Combines multiple queries with logical operators (must, must_not, should) to create complex queries.

Full-Text Search

Match Phrase Query

{
  "query": {
    "match_phrase": {
      "field_name": "search_phrase"
    }
  }
}

Matches documents where field_name contains the exact search_phrase.

Fuzzy Query

{
  "query": {
    "fuzzy": {
      "field_name": "search_term"
    }
  }
}

Matches documents with approximate matches to search_term.

Wildcard Query

{
  "query": {
    "wildcard": {
      "field_name": "wildcard_pattern"
    }
  }
}

Matches documents where field_name matches the wildcard_pattern (e.g., *term*).

Aggregation Queries

Terms Aggregation

{
  "aggs": {
    "field_name": {
      "terms": {
        "field": "field_name"
      }
    }
  }
}

Groups documents by unique values of field_name and provides count for each group.

Date Histogram Aggregation

{
  "aggs": {
    "date_histogram": {
      "date_histogram": {
        "field": "timestamp_field",
        "interval": "1d"
      }
    }
  }
}

Creates a date histogram of timestamp_field with a daily interval.

Geospatial Queries (GeoJSON Format)

Geo Shape Query

{
  "query": {
    "geo_shape": {
      "location_field": {
        "shape": {
          "type": "Polygon",
          "coordinates": [[[], [], [], []]]
        },
        "relation": "intersects"
      }
    }
  }
}

Matches documents where location_field intersects with the specified polygon.

Geo Distance Query

{
  "query": {
    "geo_distance": {
      "distance": "10km",
      "location_field": {
        "lat": 40.73,
        "lon": -73.98
      }
    }
  }
}

Matches documents within a specified distance from a given latitude and longitude.

This cheat sheet covers some of the most commonly used queries in Kibana. Depending on your specific use case, you may need to customize queries further to meet your requirements. Kibana offers a wide range of querying and filtering options to help you explore and analyze your Elasticsearch data effectively.