Search Analytics Options Overview
Review wildcard and syntax options that can help to improve Search Analytics Discover operations
Search Analytics and Elastic support some logic options for the search term values. The following table describes different options for search terms that provide some flexibility in values.
Note that Dashboards Query Language (DQL) does not support regular expressions or searching with fuzzy or proximity terms. ChaosSearch does support some regular expressions in Lucene searches.
Lucene Query Syntax
Elasticsearch uses the Lucene query syntax for searches. Refer to query string syntax for more information about constructing your queries.
| Search Option | Description |
|---|---|
| Wildcard (*) | The asterisk wildcard character replaces (represents) multiple characters. For example: - *reg* finds instances of the chars reg as is or within strings like irregular or regular and so forth.- reg* matches when reg are the first three characters in a value.- *reg matches when reg are the last three characters of a value.By default, OpenSearch Dashboards does not support leading wildcards for performance reasons, but ChaosSearch supports them. |
| Wildcard (?) | The question mark wildcard character replaces (represents) one valid character, number, or symbol. For example: - "*si?e*" matches on side, aside, sitewide, and others where ? could be any one value and the matching item could be any length.- "*?ide" matches on values that end a string in ide with any (or no) preceding characters.- "side?*" matches on values that begin a string with side and any number of characters like sides, siding, sitewide, or sideways.- "si?e *" (with a space before *) matches on strings that begin with the four-character value si-e, where the third character could vary.- "? *" will match results if a string begins with any one-character value.When using the single-character wildcard, enclose the wildcard string in double quotation marks. |
| Ranges | In a DQL search, you can specify ranges using the range operators >, >=, <, and <= on numeric and date types using the format:field operator value [and field operator value]For example: error >= 400 and error <=500o_totalprice > 130000In a Lucene search, the range format is different. For example: error:[400 TO 500]o_totalprice:[130000 to 140000] |
| Regular expressions | In a Lucene search, the forward slash / / characters can be used to start and end a regular expression search string as a free search or for a field search. For example, searching for /[aA]venue/ will return results that contain either avenue or Avenue. Regular expressions are based on the Lucene library for expressions, and might be different from other general regex libraries and format. |
More information
Search Analytics is an embedded version of OpenSearch Dashboards. See the OpenSearch Dashboards documentation for more information about exploring data using Discover.
Updated 3 months ago