Hello,
I am unable to get what should be a simple filter in place to work. I have been researching the wildcard element in elasticsearch and grasp the concept when running a query. What I am unable to get working is a basic filter to exclude certain dns queries in our logs. See the basic logic below:
NOT query *.google.com
Keep in mind, query in this sense is a field name as part of a dns request.
Can someone please help?
Hi there, please take a look at this thread in which another user asked a similar question. The solution is to use the "Edit Query DSL" option to handcraft a wildcard query.
Hope this helps,
CJ
Thank you for the reply, however this is not working. Please see query and screenshot:
{
"query": {
"match": {
"query.keyword": {
"query": "*98a911aa.cnr.io",
"type": "phrase",
"analyze_wildcard": true
}
}
}
}
Error I am receiving: Visualize: [parsing_exception] [match_phrase] query does not support [analyze_wildcard], with { line=1 & col=709 }
I followed that document to a T, created a query then went to edit DSL. Any suggestions?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
