Not able to escape special characters

liammcc · February 20, 2018, 11:13am

So we have elasticsearch set up on AWS with KIbana and we are trying to do post requests to the elasticsearch endpoint to retrieve certain errors in logs. However some of the messages in our logs have the word error in but aren't an error. What we want to get is just the main error code which is displayed like [ERROR]. I have tried to escape the special character [ with a post request like this (using JSON):

{
"query": {
"query_string" : {

	"query": "@log_stream:testservice AND @message:\"[ERROR]\" AND @timestamp: [now-7d TO now]"      }

}
}

And a lot of variations of this but nothing is working.

If anyone could tell me if this is possible and also if we could maybe search for uppercase characters that would be great.

dadoonet · February 20, 2018, 11:29am

I'd say that it's a bad practice to just keep the message field as is without any parsing prior to indexing (using Grok for example).

Anyway, I guess this is not working because of the way your text as been analyzed.

Could you provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.

system · March 20, 2018, 11:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Escaping special characters is not working Elasticsearch	5	2126	July 6, 2017
Unable to escape special character "" Logstash	10	1915	June 19, 2021
Search eith string_query for special charcters in not_analyzed fields Elasticsearch	1	346	July 6, 2017
Elasticsearch Logstash Error Logstash	2	570	June 13, 2017
Escaping special character not working for not_analyzed field Elasticsearch	1	336	July 6, 2017

Not able to escape special characters

Related topics