42

I have a field that contains numbers. I want a filter that shows all logs that are less than a constant value. When I try to add a new query filter, all I can see is a query string option.

user1742188
  • 4,563
  • 8
  • 35
  • 60

1 Answers1

90

If you are talking about the query field a syntax like this works:

field:<10

Will find just records with a field value less than 10. Found this by experimentation one day -- don't know if it's documented anywhere.

Alcanzar
  • 16,985
  • 6
  • 42
  • 59
  • 5
    There is a link to the appropriate documentation inside Kibana itself, when you click on a query's coloured dot (which allows you to change the colour as well the query type). A real-world example: assume you log the number of microseconds Apache took to service a response, and you ship this out as a JSON integer. I create a few queries that selects events with durations in different ranges. Each query looks a bit like duration_micros:(>=10000 AND <500000) For some queries, I make them a topN query to break down on content-type, which I also log. – Cameron Kerr Oct 29 '14 at 21:28
  • 7
    It's strange that it's important to not have a [space] between the operator and the number. I mean this not works: field:< 10 (but this: field: <10 and this field:<10) – kecso Aug 31 '15 at 20:19
  • 3
    The syntax is documented in the "[Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_ranges_2)" topic of the Elasticsearch Reference. – Graham Hannington Sep 04 '15 at 08:44
  • Note, doesn't appear that this works for post query values. For example, you cant do `Count:>100` – K2xL Dec 30 '16 at 18:15