KQL is used to search documents for values. Kibana also supports Lucene query language when the need to search for "fuzzy" terms is required. | Query/Syntax | Description | Example | | ------------ | --------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | | " " | Values in quotation marks are used for exact searches | "Robots" | | * | The asterisk is a wildcard that searches for similar matches to the value provided. | United * returns United States and United Kingdom. | | OR | A logical operator that shows results that contain one or the other of specified values. | "Arizona" OR "Phoenix" | | AND | A logical operator that shows results that contains both specified values. | "Sudo" AND "Wizard" | | : | Used to search for specifc values for a given field/subject. This is dependant on the available index patterns. | ip.address: 10.10.10.10 |