From 5f8022dc7e1566386272027554a5745734945bda Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 23 May 2023 12:56:18 -0400 Subject: [PATCH] [8.5] [docs] [kql] Update KQL docs to include info about errors with multiple field types (#158035) (#158291) # Backport This will backport the following commits from `main` to `8.5`: - [[docs] [kql] Update KQL docs to include info about errors with multiple field types (#158035)](https://github.com/elastic/kibana/pull/158035) ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) Co-authored-by: Lukas Olson --- docs/concepts/kuery.asciidoc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/concepts/kuery.asciidoc b/docs/concepts/kuery.asciidoc index 4eb95fa444058..8c14333b0e1f3 100644 --- a/docs/concepts/kuery.asciidoc +++ b/docs/concepts/kuery.asciidoc @@ -178,13 +178,17 @@ http.request.method: (GET OR POST OR DELETE) === Matching multiple fields Wildcards can also be used to query multiple fields. For example, to search for -documents where any sub-field of `http.response` contains “error”, use the following: +documents where any sub-field of `datastream` contains “logs”, use the following: [source,yaml] ------------------- -http.response.*: error +datastream.*: logs ------------------- +NOTE: When using wildcards to query multiple fields, errors might occur if the fields are of +different types. For example, if `datastream.*` matches both numeric and string fields, the +above query will result in an error because numeric fields cannot be queried for string values. + [discrete] === Querying nested fields