Hi, I need to find logs whit specific text inside the "message" field. For example, I need to do something like:
.es(q='event_id=XXXX AND message:"/WORD1|WORD2|WORD3|WORD4/")
I only find examples for doing thins like: message:"WORD*" but that's not what I want.
It looks close, does your query work if you remove the double quotes and close the single quote?
.es(q='event_id=XXXX AND message:/WORD1|WORD2|WORD3|WORD4/')
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.