WARNING: Version 6.2 of Kibana has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Lucene Query Syntax
editLucene Query Syntax
edit-
To perform a free text search, simply enter a text string. For example, if
you’re searching web server logs, you could enter
safari
to search all fields for the termsafari
. -
To search for a value in a specific field, prefix the value with the name
of the field. For example, you could enter
status:200
to find all of the entries that contain the value200
in thestatus
field. -
To search for a range of values, you can use the bracketed range syntax,
[START_VALUE TO END_VALUE]
. For example, to find entries that have 4xx status codes, you could enterstatus:[400 TO 499]
. -
To specify more complex search criteria, you can use the Boolean operators
AND
,OR
, andNOT
. For example, to find entries that have 4xx status codes and have an extension ofphp
orhtml
, you could enterstatus:[400 TO 499] AND (extension:php OR extension:html)
.
For more detailed information about the Lucene query syntax, see the Query String Query docs.
These examples use the Lucene query syntax. When lucene is selected as your query language you can also submit queries using the Elasticsearch Query DSL.