Searching email address

Jack_4 · December 18, 2011, 7:31pm

Hi All,

I was trying to use ES to for syslog searching of mail server logs.
The fields are not split into an address field. just 1 field per
syslog line . Tried several combinations but can't seem to find a way
to search a full email address

{"query" : {"term" : { "line" : "foo@gmail.com" }}' gets no hits

{"query" : {"field" : { "line" : "foo@gmail.com" }}' gets the correct
entries on as top hits but also shows ALL gmail users.

Any suggestions on how to make it only return the exact email address
lines

Kun_Niu · December 18, 2011, 7:35pm

Have you tried to set the mapping to line to not_analyzed?

Kun Niu

-----Original Message-----
From: elasticsearch@googlegroups.com
[mailto:elasticsearch@googlegroups.com] On Behalf Of Jack
Sent: 2011年12月19日 3:32
To: elasticsearch
Subject: searching email address

Hi All,

I was trying to use ES to for syslog searching of mail server logs.
The fields are not split into an address field. just 1 field per syslog
line . Tried
several combinations but can't seem to find a way to search a full email
address

{"query" : {"term" : { "line" : "foo@gmail.com" }}' gets no hits

{"query" : {"field" : { "line" : "foo@gmail.com" }}' gets the correct
entries on
as top hits but also shows ALL gmail users.

Any suggestions on how to make it only return the exact email address
lines

Michael_Sick · December 18, 2011, 9:58pm

Jack,

Have you taken a look at logstash? It performs a number of log analysis
tasks.

http://code.google.com/p/logstash/

--Mike

2011/12/18 Kun Niu haoniukun@gmail.com

Have you tried to set the mapping to line to not_analyzed?

Kun Niu

-----Original Message-----
From: elasticsearch@googlegroups.com
[mailto:elasticsearch@googlegroups.com] On Behalf Of Jack
Sent: 2011年12月19日 3:32
To: elasticsearch
Subject: searching email address

Hi All,

I was trying to use ES to for syslog searching of mail server logs.
The fields are not split into an address field. just 1 field per syslog
line . Tried
several combinations but can't seem to find a way to search a full email
address

{"query" : {"term" : { "line" : "foo@gmail.com" }}' gets no hits

{"query" : {"field" : { "line" : "foo@gmail.com" }}' gets the correct
entries on
as top hits but also shows ALL gmail users.

Any suggestions on how to make it only return the exact email address
lines

Jack_4 · December 18, 2011, 10:11pm

Thanks a lot for the tip. That was it.

On Dec 18, 11:35 am, "Kun Niu" haoniu...@gmail.com wrote:

Have you tried to set the mapping to line to not_analyzed?

Kun Niu

-----Original Message-----
From: elasticsearch@googlegroups.com
[mailto:elasticsearch@googlegroups.com] On Behalf Of Jack
Sent: 2011年12月19日 3:32
To: elasticsearch
Subject: searching email address

Hi All,

I was trying to use ES to for syslog searching of mail server logs.
The fields are not split into an address field. just 1 field per syslog
line . Tried
several combinations but can't seem to find a way to search a full email
address

{"query" : {"term" : { "line" : "f...@gmail.com" }}' gets no hits

{"query" : {"field" : { "line" : "f...@gmail.com" }}' gets the correct
entries on
as top hits but also shows ALL gmail users.

Any suggestions on how to make it only return the exact email address

lines