Search for special characters inside the message

Anabella_Cristaldi · November 6, 2017, 3:19pm

Hi all,

Is it possible to search for messages that coontains the ">" character or a secuence of two semicolons?
I'm not able to do it in kibana filters.
For example I have a set of docs with tag grokparsefailure _ and want to get all the documents with > in the message

2017-11-03T12:54:05.019+00:00 path:/data/sbc/raw_data/FRAUD_SBC_INT_201710060702_000023790 @timestamp:2017-11-03T12:54:05.019+00:00 @version:1 host:plielk01 message:376721300**>**;33637352955;20171006071132;19;O;STOP;BW071132820061017-904220898@10.11.41.2 ts_start:2017-11-03T12:54:05.019+00:00 tags:_grokparsefailure _id:AV-B8g3-YS2WKg56uHLa _type:logs _index:temp_sbc _score: - Threshold:300

Is it possible?
Thank you
Ana

Badger · November 6, 2017, 6:21pm

In elasticsearch the standard analyzer discards most punctuation, so I do not think you can do such searches, since the punctuation is never indexed. If you need to do it then ask in the elasticsearch forum about which analyzer might produce an index that supports those searches.

Anabella_Cristaldi · November 7, 2017, 7:42am

Thank you @Badger
Regards
Anna

system · December 5, 2017, 7:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.