[solved] Problems with "/" as value / apache logs in logstash


I'm pipelining Apache logfiles from logstash to elasticsearch, implemented very close to the example in the logstash docs.

Now when the "request" field just has an / (slash) as value, it appears in the Discover tab

However, when I try to filter out just the / requests, it fails.

When using the "request" field as grouping term, all the / entries are missing.

Is this kinda bug, or do I have to change something?

EDIT: Switched to Elasticsearch forum, hope someone can help

Can at least someone verify this issue?

I'd say that probably with the default analyzer / is not indexed at all.
May be change the default analyzer for this field to something like a path tokenizer or search in request.keyword instead ?

Yes, you're right, when I use "request.keyword" as search term instead of "request", it works. Weird.
Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.