So we have elasticsearch set up on AWS with KIbana and we are trying to do post requests to the elasticsearch endpoint to retrieve certain errors in logs. However some of the messages in our logs have the word error in but aren't an error. What we want to get is just the main error code which is displayed like [ERROR]. I have tried to escape the special character [ with a post request like this (using JSON):
{
"query": {
"query_string" : {
"query": "@log_stream:testservice AND @message:\"[ERROR]\" AND @timestamp: [now-7d TO now]" }
}
}
And a lot of variations of this but nothing is working.
If anyone could tell me if this is possible and also if we could maybe search for uppercase characters that would be great.