I was curious about working with DSL queries, so I made some tests and I found something strange.
I have a winlogbeat-security index which contains windows security events and I am searching logs with the following term "Échec de l’audit" in a specific range.
However, when I am using DSL query I didn't have the same result as the KQL.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.