Hi
Raised this on Kibana and realised makes more sense here. Running Elastic 6.2.2.
Relatively new to Kibana and queries. I have a string in process.cwd along the lines of
/PTC/merge/code/CodeDrop_2017_12_18/AST-expanded/iCNS-AST/abc.txt
I'm trying to find all the entries that have
/PTC/ at the beginning then any project name (merge above) then /code/
Don't mind getting a few false positives.
In Kibana Dev Tools the following appears to work fine.
{
"query": {
"query_string": {
"fields": [
"process.cwd.keyword"
],
"query": "\\/PTC\\/*\\/code\\/*",
"analyzer": "keyword",
"analyze_wildcard": true
}
}
}
I've tried to convert this into a query and so in the
kibanaSavedObjectMeta.searchSourceJSON field I have
{
"index": "1cf03af0-037a-11e9-beef-5f4114182e77",
"highlightAll": true,
"version": true,
"query": {
"query_string": {
"fields": [
"process.cwd.keyword"
],
"query": "\\/PTC\\/*\\/code\\/*",
"analyzer": "keyword",
"analyze_wildcard": true
},
"language": "lucene"
},
"filter": []
}
columns is set to "_source"
and on running this it just seems to find everything.
Guessing it might be to do with Lucene, but cannot find what else it might be set to.
On the query line in discover
process.cwd:(\/PTC\/ AND \/code\/) finds nothing
process.cwd:(/PTC/ AND /code/) Ignores the /'s and just finds those with both in wherever they are.
Any help gratefully received. N