I have been trying to do a search for patterns such as "id.php?u=https". In this case, I want to find "?u". The emphasis on finding the actual question mark character.
I have tried regex, term, and query_string with no luck. I keep getting a
Unexpected character ('?' (code 63)): was expecting comma to separate OBJECT entries\n at [Source: [B@480f43aa; line: 6, column: 32]
In a perfect world, it would have been awesome to have a Perl regex plugin for Elasticsearch.
Any advice would be appreciated.