Kibana-Elastic Search to return only specific fields from the interface

Question

I have a internal portal with Kibana-Elastic search for log management and I have a set of fields. Can anyone tell me how to form a query along with the search phrase to retrieve & show only specified fields as results in it.

Thank you.

You mean to show only the required fields in the response? – Kulasangar Nov 18 '16 at 04:26 — Kulasangar, Nov 18 '16 at 04:26

score 6 · Answer 1 · edited May 23 '17 at 11:53

6

In order to return only the specific fields which you want in your response, you could do something like this within the request body:

    "size" : 10,                 <------ you can have this or leave it out
    "_source": ["chargeamount"], <------ the field you wanted to get 
    "query":{  
      "query_string":{  
         "query":""           <------ your query after the _search in your url goes here
       }
     }

You could have a look at this SO as well for more explanation.

edited May 23 '17 at 11:53

Community

1
1

answered Nov 18 '16 at 06:11

Kulasangar

9,046
5
51
82

I am trying to do the search from the Kibana user interface(i.e from the search box) – Prabhakaran Nov 18 '16 at 06:39
1

@Prabhakaran I'm afraid, it isn't possible to do it using [Apache Lucene](https://www.elastic.co/guide/en/beats/packetbeat/current/kibana-queries-filters.html#kibana-queries-filters) when querying in `Kibana`. – Kulasangar Nov 18 '16 at 06:49
1

Thanks!! I have tried the above by changing the request body in fiddler and it works fine..because of Kibana interface limitation I couldn't achieve it in and the source was not in my hands to modify.. – Prabhakaran Nov 21 '16 at 02:57

Nick · Answer 2 · 2017-09-13T07:18:27.640

2

Create search in Kibana UI
Go to Settings -> Objects -> Searches
Open created search settings
Add "_source": ["myfiled1", "myfield2"] (See screenshot)

Also, if for you the matter is only visible fields in Discover and not the fields returned by the search you can customize search results table in the settings but in columns text aria (See screenshot).

edited Sep 13 '17 at 07:18

answered Aug 31 '17 at 09:51

Nick

144
1
4

score 1 · Answer 3 · answered Jul 02 '20 at 06:02

Slightly on the similar lines, when we try to create a saved search the Discover tab will show a column with time stamp details, if you want to hide that entire field you can go to Stack Management -->Advance Settings and toggle the "Hide 'Time' column" flag from UI, this will hide the time stamp column and helps you to include only selective columns of your choice in saved search by keeping the time stamp column hidden based on what I understood from https://github.com/elastic/kibana/issues/3319

Kibana-Elastic Search to return only specific fields from the interface

3 Answers3