For Example, how should my query be, if i want to look for specific values of X-Forwarded-For ? Below is teh value of log.Headers field and i have to parse till X-Forwarded-For field.
Tried the below query, but was not successful:
{
"match_phrase_prefix": {
"log.requestHeaders.X-Forwarded-For": "52*"
}
}
log.Headers value:
X-Amzn-Trace-Id: [XXXX],Accept: [application/x-protobuf],Tracecontext: [273f0626b40a74bc35hgh45],X-B3-Traceid: [273f0626b4gye4620a7464jbc],X-Forwarded-Proto: [https],X-Client-Id: [traffic-generator],X-B3-Parentspanid: [23714f926ee86435hfhdg5f1],X-Forwarded-Port: [443],X-Request-Id: [273f0626b40a325r43drgd74bdf6c],X-Span-Id: [52ac273e53605fdjhfgcj465465350],Applicationid: [ETASK],Content-Type: [application/x-protobuf],X-B3-Spanid: [33ac37593e8dfhgfj56756749da15],X-Forwarded-For: [882.2457.36761.245678, 57680.116782.16731.19696],X-B3-Sampled: [0],User-Agent: [Apache-HttpClient/4.5.6 (Java/1.8.0_181)],Accept-Encoding: [gzip,deflate]