I am storing users SID and ACLs in elastic but when I try to search for group Users (SID: S-1-5-31-*) it returns all users that contain S or 1 or 5.
If used SID.keyword you have you put the exact match SID you cant sepecify SID.keyword:S-1-5-31-*
How can I do a search of users that starts with an specific SID string? and not threat - like OR ?
Hey,
you can search in the keyword field using a prefix query. Or using the query string, like this
PUT foo/_doc/1
{
"foo" : "S-1-5-31 whatever here"
}
GET foo/_search
{
"query": {
"query_string": {
"default_field": "any_field",
"query": "foo.keyword:S-1-5*"
}
}
}
the last one returns the document as expected. Is there a difference to your query that I am missing?
If i search in kibana searchbar foo.keyword:S-1-5* it doesnt work
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.