I'm trying to filter documents on the last digit of a long number field called file.mode to find world writable files.
I would like to do something like this regex query file.mode:/0..[2367]/
So filter documents where the last digit of file.mode is either 2,3,6 or 7
Any ideas?
The last digit of a long is returned by the modulo 10. You can make use of that fact in a script query:
GET my_index/_search
{
"query": {
"script": {
"script": {
"source": "long modulo = doc['file.mode'].value % 10; for (value in params.values) { if (value == modulo) return true; } return false",
"params": {
"values": [
2,
3,
6,
7
]
}
}
}
}
}
Script queries are not always going to be very performant. If you plan to use this query often, you are better off with indexing the modulo 10 as a separate field in your documents. That will allow you to query that field without the need for any scripting.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.