Hi, new to Elasticsearch,
is there any way to do a regex search on a field mapped by a standard analyzer.
"message" : {
"type" : "string",
"analyzer" : "standard"
}
This is a graylog index so I cannot change the analyzer.
Can I change the analyzer in the search query somehow?
Here is a full-text response when just querying ossec with match or match_phrase:
"hosts1 ossec: Alert Level: 5; Rule: 31101 - Web server 400 error code"
I want my query response to show messages with any hostname, and any alert level from 5-9. .. so something like the below.
curl -XPOST 'localhost:9200/graylog_0/_search?pretty' -d '
{"query":
{"regexp": {"message": {
"value": ".*ossec: Alert Level: [5-9]"
}
}
}
}'
Thank you.