\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{maurermj08} \pdfinfo{ /Title (kibana-search-tips.pdf) /Creator (Cheatography) /Author (maurermj08) /Subject (Kibana Search Tips Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{1F71CF} \definecolor{LightBackground}{HTML}{F1F6FC} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{Kibana Search Tips Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{maurermj08} via \textcolor{DarkBackground}{\uline{cheatography.com/30033/cs/8894/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}maurermj08 \\ \uline{cheatography.com/maurermj08} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Published 20th August, 2016.\\ Updated 20th August, 2016.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{tabularx}{17.67cm}{x{4.0488 cm} x{6.5793 cm} x{6.2419 cm} } \SetRowColor{DarkBackground} \mymulticolumn{3}{x{17.67cm}}{\bf\textcolor{white}{Searching}} \tn % Row 0 \SetRowColor{LightBackground} {\bf{Search Type}} & {\bf{Example 1}} & {\bf{Example 2}} \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} Keyword & usbstor & \tn % Row Count 3 (+ 1) % Row 2 \SetRowColor{LightBackground} OR Keyword & usbstor OR deviceclasses & usbstor deviceclasses \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} AND Keyword & usbstor AND deviceclasses & \tn % Row Count 7 (+ 2) % Row 4 \SetRowColor{LightBackground} NOT Keyword & NOT usbstor & \tn % Row Count 9 (+ 2) % Row 5 \SetRowColor{white} Phrase* & \seqsplit{"/WINDOWS/system32/config/"} & "WINDOWS system32 config" \tn % Row Count 12 (+ 3) % Row 6 \SetRowColor{LightBackground} Field Match & \seqsplit{termname:keywordone} & \seqsplit{source\_short:webhist} \tn % Row Count 14 (+ 2) % Row 7 \SetRowColor{white} Exact Field Match** & \seqsplit{parser.raw:"sqlite/firefox\_cookies"} & \tn % Row Count 17 (+ 3) % Row 8 \SetRowColor{LightBackground} OR Term Search & \seqsplit{source\_short:(reg} evt) & \seqsplit{source\_short:reg} \seqsplit{source\_short:evt} \tn % Row Count 20 (+ 3) % Row 9 \SetRowColor{white} Field Exists & \_exists\_:star & \tn % Row Count 22 (+ 2) % Row 10 \SetRowColor{LightBackground} Field Missing & \_missing\_:star & \tn % Row Count 24 (+ 2) % Row 11 \SetRowColor{white} \seqsplit{Wildcards***} & *.exe & *.ppt? \tn % Row Count 26 (+ 2) % Row 12 \SetRowColor{LightBackground} Regular \seqsplit{Expressions} & /doc({[}mx{]}?)/ & name:/joh?n(ath{[}oa{]}n)/ \tn % Row Count 29 (+ 3) % Row 13 \SetRowColor{white} Fuzzy & svchost\textasciitilde{} & lsass\textasciitilde{}1 \tn % Row Count 30 (+ 1) \hhline{>{\arrayrulecolor{DarkBackground}}---} \SetRowColor{LightBackground} \mymulticolumn{3}{x{17.67cm}}{*Double quotes are required for phrase searching, single quotes do not work \newline **Not analyzed fields are case sensitive \newline ***Allowing a wildcard at the beginning of a word (eg "*ing") is particularly heavy, because all terms in the index need to be examined, just in case they match \newline Reference: \seqsplit{https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html}} \tn \hhline{>{\arrayrulecolor{DarkBackground}}---} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{5.8718 cm} x{11.3982 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{17.67cm}}{\bf\textcolor{white}{Analyzed vs Not Analyzed (.raw)}} \tn % Row 0 \SetRowColor{LightBackground} String (Not Analyzed) & "Set the shape to semi-transparent by calling set\_trans(5)" \tn % Row Count 3 (+ 3) % Row 1 \SetRowColor{white} Standard Analyzed & set, the, shape, to, semi, transparent, by, calling, set\_trans, 5 \tn % Row Count 6 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}--} \SetRowColor{LightBackground} \mymulticolumn{2}{x{17.67cm}}{Above is how Elasticsearch stores analyzed vs not analyzed strings for searching. \newline Not analyzed fields need to be searched as one phrase. \newline Analyzed fields can be searched using one or more of its sections. \newline See: \seqsplit{https://www.elastic.co/guide/en/elasticsearch/guide/current/mapping-intro.html}} \tn \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Analyzed vs Not Analyzed}} \tn \SetRowColor{LightBackground} \mymulticolumn{1}{p{17.67cm}}{\vspace{1px}\centerline{\includegraphics[width=5.1cm]{/web/www.cheatography.com/public/uploads/maurermj08_1471656537_AnalyzedvsNot - Copy.PNG}}} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Filters}} \tn \SetRowColor{LightBackground} \mymulticolumn{1}{p{17.67cm}}{\vspace{1px}\centerline{\includegraphics[width=5.1cm]{/web/www.cheatography.com/public/uploads/maurermj08_1471656778_filters.PNG}}} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \end{document}