Huh - thank you - that worked...
{
"query": {
"regexp": {
"dlog.line.keyword": {
"value": "[0-9][0-9]*\\.\\.\\.\n"
}
}
}
}
successfully matched the lines precisely starting with some digits followed by literal dots.
So .keyword actually means 'the actual data' and the field name is... a set of words?
It's a bit surprising - might be worth adding something to the documentation about this.
How would I go about making that suggestion?
Thanks again.