Hi Team,
I'm new to ELK stack and i have successfully indexed the server log data to elastic search and able to view the indexed data in kibana.
I have been trying to search for a certain set of strings in the message field which includes special characters like =,#,/,(,),[,],@ and few more.
I have tried multiple ways to fetch the data I need so that I can create a dashboard.
But I failed in obtaining the required result.
Sample log:
message:2019-07-24 06:56:22,626 INFO [LoggingResponseFilter] OPsjn_FVksuDzQ-N4GY0BMzUAG_0GK61L2pncwZ9hiHAJ29H2N9b!-211948433!1563965780309 AEO_US en_US POST /public/v1/currentUser/Login ([ACTIVE] ExecuteThread: '16' for queue: 'weblogic.kernel.Default (self-tuning)') {thread=Thread[[ACTIVE] ExecuteThread: '16' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads], threadId=91, sessionId=OPsjn_FVksuDzQ-N4GY0BMzUAG_0GK61L2pncwZ9hiHAJ29H2N9b!-211948433!1563965780309, userEmail=test3@test.com, customerIPAddress=x.x.x.x, User-Agent=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36, x-forwarded-for=x.x.x.x, 23.220.96.110} Authentication status=400, loginID=test3@test.com CAP Route End: route=/public/v1/currentUser/Login#POST, totalTime=271 ms
The above details are present in the message field. I have been trying to pull the logs which hold the status=400, but I'm receiving the logs which have another status too.
How to query in kibana to fetch the logs which holds the status of 400 alone.
Also, need to know how to search "/public/v1/currentUser/Login" as a single string.
