According to the docs, it sounds like the only way to use wildcards is with matches and file.path.text ?
So using is with an asterisk at the beginning or end going to interpret that as a literal asterisk?
Bump!
Hi @DefensiveDepth
I changed the categories to the topic, the document you reference, and the topic is related to Elastic Security Solution let's see if anyone responds (unfortunately not my expertise)
@DefensiveDepth your understanding is correct. * is interpreted as a literal asterisk by is.
I've raised this internally, I'm not sure if we'll be able to allow matches on all fields or not but we're looking into it.
1 Like
Thanks @ferullo for responding. I would like to submit some feedback / feature request for this functionally (Would love to see it more flexible, with both Include & Exclude, like what Sysmon supports)
Where would be the best place to submit this?
Can you open a new issue in the Kibana repo describing what you want? If you tag me (@ferullo) I'll make sure it's seen by the right people.
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.