Hi,
I'm pipelining Apache logfiles from logstash to elasticsearch, implemented very close to the example in the logstash docs.
Now when the "request" field just has an / (slash) as value, it appears in the Discover tab
However, when I try to filter out just the / requests, it fails.
When using the "request" field as grouping term, all the / entries are missing.
Is this kinda bug, or do I have to change something?
EDIT: Switched to Elasticsearch forum, hope someone can help
Can at least someone verify this issue?
I'd say that probably with the default analyzer / is not indexed at all.
May be change the default analyzer for this field to something like a path tokenizer or search in request.keyword instead ?
Yes, you're right, when I use "request.keyword" as search term instead of "request", it works. Weird.
Thank you!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
