Page MenuHomePhabricator
Create Task
Maniphest T279112

meta.domain in Logstash seems to usually not like doing term matches
Open, Needs TriagePublic
Actions

Description

Using a filter bubble like "meta.domain is one of (wikipedia.org, wikidata.org, wikimedia.org)" yields no results currently. It's be great if this worked based on e.g. simple term matching so that it includes e.g. www.wikidata.org and ar.m.wikipedia.org.

I thought maybe the issue is that the "one of" operator doesn't do term matching but that "is" does, however, `meta.domain is wikipedia.org" also yielded zero results.

Then I entered "meta.domain is org" and that did yield results from various third-party domains that ended in .org, such as en.wiki2.org.

Event Timeline

Krinkle created this task.Thu, Apr 1, 10:42 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptThu, Apr 1, 10:42 PM
bd808 added a subscriber: bd808.Thu, Apr 1, 10:48 PM

You will need to search against an un-analyzed field to get the kind of matching you are hoping for. I think the meta.domain.keyword might be what you need.

fgiunchedi moved this task from Inbox to Radar on the observability board.Tue, Apr 6, 3:14 PM
Krinkle added a comment.Fri, Apr 9, 8:21 PM

For the record, @bd808 and I tried that, but it didn't work and failed in the same way.

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL