I am searching for specific text in my logs
text is $2a$10$Ltijvm9V
in KQL search I wrote
message.keyword : "$2a$10$Ltijvm9V2eA"
it returns nothing and says expand your time rang but before search I can see the text.
Second problem: lets say a have a field named as message and I want to search a specific word in it so I wrote
message.keyword : "UserCorrelationFilter"
again it returns nothing
but I know that the text is there and that message is exists what is wrong with my searchs
Hello!
Would you mind sharing the full request you are sending?
Thanks. A couple questions:
75 - could that be filtering out some of the data you are hoping to see?UserCorrelationFilter example you should seeing results with message: UserCorrelationFilter. message.keyword is doing a search on a keyword type, not text.I successfully search and get results.
My mistake was there was $ sign in my search it directly fails and other characters like |(pipe) also may broke your search.
my other mistake was misuseage of " and * signs
let say we have a message like "asd dfetretgdg sfe safefa"
and you want to search for messages that contains sfe word then you should write like message: "sfe". if you want to search for a message that contains specific text then you should write like message:*dfe*
so how can I search a specific text that contains $ sign or | or \ or/ ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.