Elasticsearch Plugin for JetBrains IDEs

Searching Data

To search data in Elasticsearch index or alias double-click the index or alias in the Elasticsearch tool window or open the console and write search request manually.

To execute the request click or press ⌃ ⏎. If the request succeeds the search response panel is shown.

Searching data

Synchronizing request body

When you paginate, sort, filter data, show/hide fields using the actions toolbar your search request is correspondingly changed.

For example, when we sort by column author_id the block "sort": [{"author_id": {"order": "asc"} }] is added to request.

Synchronizing request

You can enable/disable updating the request in the editor with a toggle on the search response toolbar.

Filtering with Kibana Query Language

The Kibana Query Language (KQL) is a simple syntax for filtering Elasticsearch data using free text search or field-based search. KQL is only used for filtering data, and has no role in sorting or aggregating the data. KQL filter is able to suggest field names and operators as you type.

Kibana query language filter completion

KQL filter adds additional filter to your initial request. It also adds highlight block to highlight the matched words in the response.

Kibana query language filter

Term query

To query using exact search terms, enter the field name followed by : and then the values separated by spaces:

message:why do you

To query for an exact phrase, use quotation marks around the values:

message:"why do you"

Field names are not required. Without field name, terms will be matched by the default fields in your index settings. To search across fields enter:

"why do you"

Boolean queries

KQL supports or, and, and not. By default, and has a higher precedence than or. To override the default precedence, group operators in parentheses. These operators can be upper or lower case.

To match documents where author_id is 77 but message is not why or what enter:

author_id:77 and not (message:why or message:what)

Range queries

KQL supports >, >=, <, and <= on numeric and date types.

author_id >= 100 and author_id < 200

Date range queries

KQL supports date range queries

created_at < "2021-01-02T21:55:59"

Exist queries

An exist query matches documents that contain any value for a field:

message:*

Wildcard queries

Wildcard queries can be used to search by a term prefix or to search multiple fields.

To match documents where machine.os starts with win, such as windows 7 and windows 10:

machine.os:win*

To match multiple fields:

machine.os*:windows 10

This syntax is handy when you have text and keyword versions of a field. The query checks machine.os and machine.os.keyword for the term windows 10.

Nested field queries

A main consideration for querying nested fields is how to match parts of the nested query to the individual nested documents. You can:

  • Match parts of the query to a single nested document only. This is what most users want when querying on a nested field.
  • Match parts of the query to different nested documents. This is how a regular object field works. This query is generally less useful than matching to a single document.

To match stores that have more than 10 bananas in stock:

items:{ name:banana and stock > 10 }

items is the nested path. Everything inside the curly braces (the nested group) must match a single nested document.

The following subqueries are in separate nested groups and can match different nested documents:

items:{ name:banana } and items:{ stock:9 }

KQL documentation

For more details see the official KQL documentation.

← Response View
Editing Data →