I want to identify urls like this from our elastic index http://example.com/?a=1&c=1&s1=1 where the domain name can change. So, I have to rely on matching using the query pattern.
In a nutshell, something like this */?a=*&c=* would be my desired query
From what I have read, the field should be mapped as a keyword rather than a string because tokenization will ignore some characters.
However, after mapping this field as a keyword, the queries are partially working but I cannot use any search expressions which has / or & sign. Here is my query
GET my_index/_search
{
"query": {
"bool": {
"must": [
{
"nested" : {
"path" : "chain",
"score_mode" : "avg",
"query": {
"query_string" : {
"query" : "*\\?a=*",
"fields": ["chain.query"]
}
}
}
}
]
}
}
}
The above query works but if I try to include slash or ampersand (*\\?a=*\\&c=*) it does not work. I get 0 results despite having such matching content in the elastic doc.