How to escape field values for elasticsearch filter query? Take 2


(Justin McAleer) #1

Continuing the discussion from How to escape field values for elasticsearch filter query?:

Sorry for disappearing on my previous question, I had to drop my work for a while. I do not understand the reply @magnusbaeck gave. What command line option is being referred to there? I don't see anything in the documentation or --help output that looks relevant.

To recap the important stuff here, I'm using this query:

query => "usernames.keyword:%{[userid]}@%{[domain]}"

and sometimes the userid field value is something like "n/a", and I get a lexical error because of the / character. The event is coming from the jdbc_input plugin.


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.