Hello everyone, I'm new to ELK and I'm eager to learn about searching and regex with Lucene. I want to know how to regex double quotation marks in logs. For example, in the "message" field, I want to filter logs that contain "user":"". I have tried escaping with \ but it removes all logs containing the word "user", or \\\ but it doesn't give me any results. I would greatly appreciate any assistance.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.