Searching email address

Jack_4 · December 18, 2011, 7:31pm

Hi All,

I was trying to use ES to for syslog searching of mail server logs.
The fields are not split into an address field. just 1 field per
syslog line . Tried several combinations but can't seem to find a way
to search a full email address

{"query" : {"term" : { "line" : "foo@gmail.com" }}' gets no hits

{"query" : {"field" : { "line" : "foo@gmail.com" }}' gets the correct
entries on as top hits but also shows ALL gmail users.

Any suggestions on how to make it only return the exact email address
lines

Kun_Niu · December 18, 2011, 7:35pm

Have you tried to set the mapping to line to not_analyzed?

Kun Niu

-----Original Message-----
From: elasticsearch@googlegroups.com
[mailto:elasticsearch@googlegroups.com] On Behalf Of Jack
Sent: 2011年12月19日 3:32
To: elasticsearch
Subject: searching email address

Hi All,

I was trying to use ES to for syslog searching of mail server logs.
The fields are not split into an address field. just 1 field per syslog
line . Tried
several combinations but can't seem to find a way to search a full email
address

{"query" : {"term" : { "line" : "foo@gmail.com" }}' gets no hits

{"query" : {"field" : { "line" : "foo@gmail.com" }}' gets the correct
entries on
as top hits but also shows ALL gmail users.

Any suggestions on how to make it only return the exact email address
lines

Michael_Sick · December 18, 2011, 9:58pm

Jack,

Have you taken a look at logstash? It performs a number of log analysis
tasks.

http://code.google.com/p/logstash/

--Mike

2011/12/18 Kun Niu haoniukun@gmail.com

Have you tried to set the mapping to line to not_analyzed?

Kun Niu

-----Original Message-----
From: elasticsearch@googlegroups.com
[mailto:elasticsearch@googlegroups.com] On Behalf Of Jack
Sent: 2011年12月19日 3:32
To: elasticsearch
Subject: searching email address

Hi All,

I was trying to use ES to for syslog searching of mail server logs.
The fields are not split into an address field. just 1 field per syslog
line . Tried
several combinations but can't seem to find a way to search a full email
address

{"query" : {"term" : { "line" : "foo@gmail.com" }}' gets no hits

{"query" : {"field" : { "line" : "foo@gmail.com" }}' gets the correct
entries on
as top hits but also shows ALL gmail users.

Any suggestions on how to make it only return the exact email address
lines

Jack_4 · December 18, 2011, 10:11pm

Thanks a lot for the tip. That was it.

On Dec 18, 11:35 am, "Kun Niu" haoniu...@gmail.com wrote:

Have you tried to set the mapping to line to not_analyzed?

Kun Niu

-----Original Message-----
From: elasticsearch@googlegroups.com
[mailto:elasticsearch@googlegroups.com] On Behalf Of Jack
Sent: 2011年12月19日 3:32
To: elasticsearch
Subject: searching email address

Hi All,

I was trying to use ES to for syslog searching of mail server logs.
The fields are not split into an address field. just 1 field per syslog
line . Tried
several combinations but can't seem to find a way to search a full email
address

{"query" : {"term" : { "line" : "f...@gmail.com" }}' gets no hits

{"query" : {"field" : { "line" : "f...@gmail.com" }}' gets the correct
entries on
as top hits but also shows ALL gmail users.

Any suggestions on how to make it only return the exact email address

lines

Topic		Replies	Views
Need to analyse email addresses Elasticsearch	5	967	July 5, 2017
Query for email address within a text field Elasticsearch	1	676	June 30, 2021
Searching indexed fields without analysing Elasticsearch	9	1134	July 6, 2017
Query Results not correct? Elasticsearch	3	337	July 6, 2017
How to search email column in elastic search? Elasticsearch	2	327	July 4, 2019

Searching email address

Related topics