[[DAM - fscrawler, tesseract-ocr, es, kibana]]
http://localhost:5601/app/discover
None of these were clear / obvious to me.
Different enough from SQL to warrant recipes …
All of them are dependent on the es index being searched.
This works for path.virtual STARTING with:
file.extension: "png" and path.virtual : /Takeout/Drive/Hearst-MBP-Screenshots*
This works in KQL for partial / wildcard name match
file.filename : EUI*
this works (in *-lacie)
file.content_type : image* AND file.filename : IMG_2*
it is case-sensitive
This works in Kibana – finds substring in path:
file.content_type : video* AND path.real.fulltext : *Dad*
this works excluding path substring:
file.content_type : video* AND NOT path.real.fulltext : "/gcortho/"
this works for path.virtual STARTING with:
this works for “contains” (KQL / Kibana)
path.real: */Code/*
This works in the new indexes: KQL
NOT file.content_type : image/*
finding a string within content:
NOT file.content_type : image/* AND content: DXP AND NOT file.filename : *ToDo*
#ELK #es #elasticsearch #kibana #KQL