Query_string using special character work and dont work without escaping

eladonline · January 24, 2023, 8:17am

Hey,
what is the diferent that the first works and the others does not?

GET /forensics/_search
{

  "query": {
   "query_string": {
     "fields": ["referer"],
     "query": "http://10.26.30.206*"
     // but these doesnt
    // "http://10.26.30.206:*" or "http://10.26.30.206:31006/"
   }
  }
}

another thing
this works in the devTools but not from the js Api

GET /forensics/_search
{

  "query": {
   "query_string": {
     "fields": ["referer"],
     "query": "http\\:\\/\\/10.26.30.206\\:31006\\/"
   }
  }
}

and here is the api payload

 {
  "query": {
    "query_string": {
      "fields": [
        "referer"
      ],
      "query": "(\"http\\\\:\\\\/\\\\/10.26.30.206\\\\:31006\\\\*\") AND @timestamp:[2023-01-24T08:41:36.198Z TO 2023-01-24T08:56:36.198Z]"
    }
  },
  "sort": [
    {
      "@timestamp": {
        "order": "desc",
        "format": "strict_date_optional_time_nanos"
      }
    }
  ]
}

system · February 21, 2023, 8:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.