Hi,
How can i parse a message field wich contain slashes ?
I'm trying with query regexp, but without result.
Thanks all
can you please add sample document and sample query you are trying ?
hi,
the field is something like file.path:"use/share/domain/log/monappli/results.log"
in fact, i'm trying to select all enregistrements whith file.path beginning with "use/share/"
My sample query put in a filter of a search :
{
"query": {
"regex": {
"file.path": "\\/use\\/share\\/*)(?:[a-z0-9_-]"
}
}
}
Kibana version = 7.8.1
You can use match_phrase_prefix query of Elasticsearch.
{
"query": {
"match_phrase_prefix": {
"file.path": "use/share"
}
}
}
thanks, but it doesn't work with the keyword's type ! 
Another idea ?...
You can use prefix query like below:
{
"query": {
"prefix": {
"file.path.keyword": {
"value": "use/share"
}
}
}
}
Yep !
in my case, i had to encode the field "file.path" (and not "file.path.keyword"). Strange !...
{
"query": {
"prefix": {
"file.path": {
"value": "/use/share"
}
}
}
}
Another solution, for fun, to just search for a part of text in a value :
{
"query": {
"wildcard": {
"file.path": {
"value": "*/share/*"
}
}
}
}
The 2 solutions are goods 
Thanks a lot Sagar !
Because when i was trying on my system, i have created multi-field means file.path as text and keyword both. so when need to access as keyword i need to use file.path.keyword. as per my understanding in your implementation it is define as keyword only so you can directly access as file.path.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.