I'm trying to exclude computer accounts from a query, they are always identified with a $ sign at the end.
SubjectUserName:SERVER01$
works but turning this into a regex search does not,
SubjectUserName:/SERVER01$/
Does not work and neither does when you excape the dollar sign
SubjectUserName:/SERVER01\$/
My ideal solution would be something like this
NOT SubjectUserName:/.*\$/
Lucene patterns are always anchored, so your query needs to match the entire string. For reference, https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-regexp-query.html#_standard_operators.
Something like NOT SubjectUserName:/.*$/ should work if the field is not analyzed.
Ah, of course, I will try it against the .raw field tomorrow
Using the .raw field works 
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.