I am storing users SID and ACLs in elastic but when I try to search for group Users (SID: S-1-5-31-*) it returns all users that contain S or 1 or 5.
If used SID.keyword you have you put the exact match SID you cant sepecify SID.keyword:S-1-5-31-*
How can I do a search of users that starts with an specific SID string? and not threat - like OR ?
you can search in the keyword field using a prefix query. Or using the query string, like this
"foo" : "S-1-5-31 whatever here"
the last one returns the document as expected. Is there a difference to your query that I am missing?
If i search in kibana searchbar foo.keyword:S-1-5* it doesnt work
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.