Hello,
some people in our company would like to search in message field like in in (e)grep utility. Exact match.
Example:
STRING="[userID=[W192ADM-x/AM41], LC=4557-A/IL, T=78, DATE=2019-07-02 14:15:16.0]"
echo "$STRING" | egrep "=\[W192ADM-x\/A"
It matches this string:
=[W192ADM-x/A
Elasticsearch uses standard analyzer and with this analyzer they cannot find some events exactly.
POST _analyze
{
"tokenizer": "standard",
"text": "[userID=[W192ADM-x/AM41], LC=4557-A/IL, T=78, DATE=2019-07-02 14:15:16.0]"
}
- Should I use keyword data type?
- Could you please help me which analyzer or data type should I choose for exact match (searching must be possible on all characters in message)?
- Is it good way to store message as message.for-exact-match too and apply different analyzer to this field? I don't want lose possibility of standard analyzer.