Elasticsearch find "%40" in email text field

christof · October 17, 2019, 1:18pm

Hi,

I have several emails in our es that have %40 instead of the @ in them (e.g. john%40test.com). I'm trying to search directly for them using the regex search function, but am having issues in identifying for these cases. I've tried searching for both %40 and \u0025, but both of these haven't produced any hits. The following is the general search query I've using:

ES.search( "db", body={"query": {"regexp": {"emails": {"value": "\u0025"}}}})

Any help would be much appreciated,
Thanks,
Chris

spinscale · October 22, 2019, 8:38am

Hey,

this question cannot be answered with some more insight into your setup of the mapping of the field that stores the email address. By default it's like the following

GET _analyze
{
  "text": "john%40test.com"
}

# response
{
  "tokens" : [
    {
      "token" : "john",
      "start_offset" : 0,
      "end_offset" : 4,
      "type" : "<ALPHANUM>",
      "position" : 0
    },
    {
      "token" : "40test.com",
      "start_offset" : 5,
      "end_offset" : 15,
      "type" : "<ALPHANUM>",
      "position" : 1
    }
  ]
}

This means the percent sign is removed as part of analysis, making it really hard to impossible to search for it... If speed is not an issue, you could use a script filter or search the keyword field, but you should still fix the mapping.

--Alex

system · November 19, 2019, 8:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ES regexp not working properly Elasticsearch	4	1222	March 15, 2021
Search for specific symbols like % Elasticsearch	9	6373	September 17, 2017
Having some issues with special characters and searches [Solved] Elasticsearch	1	490	April 17, 2017
Find e-mail Elasticsearch	10	5987	July 5, 2017
Cannot search on the field with email format (contains '@' sign) Elasticsearch	5	795	July 6, 2017

Elasticsearch find "%40" in email text field

Related topics