I am trying to write a regex query but it is not working accordingly am i doing something wrong
I need to get back all values that ends in SVC in the field winlog.event_data.TargetUserName
{
"query": {
"regexp": {
"winlog.event_data.TargetUserName": {
"value": "*SVC"
}
}
}
}
Everythig comes back
Hi Brian
Are you missing the full stop e.g. ".SVC" ?
ive tried .SCV and .*SVC but it still isnt parsing out right
Sorry, I missed the asterisk after the dot.
Try lowercase the characters too.
If that doesn’t work please share the appropriate part of your index mappings and an example doc you’d hope to match with this pattern.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.