Kibana KQL cheat sheet
Search logs containing the exact text message: "my search term" Search logs containing the wildcard text message: *search* Search logs with and, or, not ((message: "text 1" OR "text 2") AND (message: *text3*) AND NOT (message: "text 4")) Search logs where message field exists message: * Search logs where message field not exists NOT message: * Search logs by level: (level: "INFO" OR level: "WARN" OR level: "ERROR" OR level: "DEBUG" OR level: "TRACE") Search logs by kubernetes pod name: kubernetes.pod.name: example-service-name-* Search logs by kubernetes container name: kubernetes.container.name: "example-container-name" Common fields: @timestamp message level kubernetes.pod.name kubernetes.container.name