I'm using the elasticsearch filter to enrich an event coming from a database. I'm using a fairly simple query:
query => "usernames.keyword:%{[userid]}@%{[domain]}"
It works fine, usually. However, I have instances where the userid field contains a forward slash. In that case, Elasticsearch fails to parse the query, because the slash isn't being escaped. Is there a better way to accomplish that (for all characters that need escaping) than using a mutate filter before the elasticsearch filter to populate a temporary field to be used in the elasticsearch query?