I'm sure that this is a simple question, but I'm certainly a newbie. I can't seem to get the right syntax. I have syslog data in Elastic Search which looks like the following:
message:
<190>date=2020-12-15 time=12:17:09 devname="Firewall-600E-Primary" devid="FG6H0E5819905243" eventtime=1608052630382658600 tz="-0500" logid="1059028704" type="utm" subtype="app-ctrl" eventtype="signature" level="information"
I would like to use Kibana to search for type="utm", but I can't figure out what I need to escape, how to handle the equal sign, etc. Some of attempts show messages like "Lucene syntax warning", "Error loading data - Expected :,<..." and other attempts show all usage of "type" (in this example).
I would certainly appreciate someone pointing me in the right direction.
Thanks!