[solved] Problems with "/" as value / apache logs in logstash

Hi,

I'm pipelining Apache logfiles from logstash to elasticsearch, implemented very close to the example in the logstash docs.

Now when the "request" field just has an / (slash) as value, it appears in the Discover tab

However, when I try to filter out just the / requests, it fails.

When using the "request" field as grouping term, all the / entries are missing.

Is this kinda bug, or do I have to change something?

EDIT: Switched to Elasticsearch forum, hope someone can help

Can at least someone verify this issue?

I'd say that probably with the default analyzer / is not indexed at all.
May be change the default analyzer for this field to something like a path tokenizer or search in request.keyword instead ?

Yes, you're right, when I use "request.keyword" as search term instead of "request", it works. Weird.
Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.