How to escape field values for elasticsearch filter query?

jdmcalee · March 23, 2018, 3:37pm

I'm using the elasticsearch filter to enrich an event coming from a database. I'm using a fairly simple query:

query => "usernames.keyword:%{[userid]}@%{[domain]}"

It works fine, usually. However, I have instances where the userid field contains a forward slash. In that case, Elasticsearch fails to parse the query, because the slash isn't being escaped. Is there a better way to accomplish that (for all characters that need escaping) than using a mutate filter before the elasticsearch filter to populate a temporary field to be used in the elasticsearch query?

magnusbaeck · March 26, 2018, 1:22pm

query => 'usernames.keyword:"%{[userid]}@%{[domain]}"'

Recent versions of Logstash supports standard escapes in strings if you enable it with a command-line option.

system · April 23, 2018, 1:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to escape field values for elasticsearch filter query? Take 2 Logstash	1	456	June 6, 2018
Backslashes in the query string JSONs not supported? Logstash	1	1515	January 19, 2017
Cannot escape special characters in query using Java API Elasticsearch	5	6550	July 6, 2017
How to escape forward slashes in a query_string query? Elasticsearch	1	1392	February 20, 2019
Elasticsearch-Filter-Plugin Logstash	2	790	July 6, 2017

How to escape field values for elasticsearch filter query?

Related topics