I have hits for SourceIP:"10.191.33.200" but not for SourceIP:"10.191.33.*" What is the correct syntax assuming field is string type not ip_addr?
Remove the quotes:
SourceIP: 10.191.33.*
I have hits for SourceIP:"10.191.33.200" but not for SourceIP:"10.191.33.*" What is the correct syntax assuming field is string type not ip_addr?
Remove the quotes:
SourceIP: 10.191.33.*
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.