Search for special characters inside the message

Anabella_Cristaldi · November 6, 2017, 3:19pm

Hi all,

Is it possible to search for messages that coontains the ">" character or a secuence of two semicolons?
I'm not able to do it in kibana filters.
For example I have a set of docs with tag grokparsefailure _ and want to get all the documents with > in the message

2017-11-03T12:54:05.019+00:00 path:/data/sbc/raw_data/FRAUD_SBC_INT_201710060702_000023790 @timestamp:2017-11-03T12:54:05.019+00:00 @version:1 host:plielk01 message:376721300**>**;33637352955;20171006071132;19;O;STOP;BW071132820061017-904220898@10.11.41.2 ts_start:2017-11-03T12:54:05.019+00:00 tags:_grokparsefailure _id:AV-B8g3-YS2WKg56uHLa _type:logs _index:temp_sbc _score: - Threshold:300

Is it possible?
Thank you
Ana

Badger · November 6, 2017, 6:21pm

In elasticsearch the standard analyzer discards most punctuation, so I do not think you can do such searches, since the punctuation is never indexed. If you need to do it then ask in the elasticsearch forum about which analyzer might produce an index that supports those searches.

Anabella_Cristaldi · November 7, 2017, 7:42am

Thank you @Badger
Regards
Anna

system · December 5, 2017, 7:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to search punctuation in the discover page? Kibana	6	956	March 28, 2018
Search in kibana Discovery ignores some characters Kibana	4	352	April 29, 2019
I can't find occurrences of the character "=" Kibana kql-kibana-query-language	2	645	September 9, 2020
Special Character in query - Kibana Kibana	3	1019	May 14, 2018
Special Character # search on Kibana Search Bar Kibana	5	193	April 15, 2024

Search for special characters inside the message

Related topics