Hello, All
first I'm beginner with ES so sorry if my question will sound stupid.
I have problem to search file path with regex in query_string. (unfortunately due to way how app is written that's my only option)
seems that / in string is killing search as I can easily remove one char from my "word" and it will be found but if use string that is starting straight after / I get nothing.
same time if I use regexp query I get my data.
cs_uri_stem field contains:
/some/path/to/file.txt
Doesn't work (similar to Graylog generated search):
curl -XPOST "http://10.0.0.20:9200/_all/_search" -d'
{
"from": 0,
"size": 100,
"query": {
"filtered": {
"query": {
"query_string": {
"query": "gl2_source_input:577281f853325c6c3ee5a3e4 AND cs_uri_stem:/.*file.*/",
"allow_leading_wildcard": true
}
},
"filter": {
"bool": {
"must": {
"range": {
"timestamp": {
"from": "2016-06-30 22:26:03.475",
"to": "2016-06-30 22:31:03.476",
"include_lower": true,
"include_upper": true
}
}
}
}
}
}
},
"sort": [
{
"timestamp": {
"order": "desc"
}
}
]
}'
Works:
curl -XPOST "http://10.0.0.20:9200/_all/_search" -d'
{
"from": 0,
"size": 100,
"query": {
"filtered": {
"query": {
"regexp": {
"cs_uri_stem": {
"value": ".*file.*"
}
}
},
"filter": {
"bool": {
"must": {
"range": {
"timestamp": {
"from": "2016-06-30 22:26:03.475",
"to": "2016-06-30 22:31:03.476",
"include_lower": true,
"include_upper": true
}
}
}
}
}
}
},
"sort": [
{
"timestamp": {
"order": "desc"
}
}
]
}'