Hi,
I would like to create a regex filter that says
Hide Event_id 1000 IF field targetusername ends with a dollar sign, otherwise.. show the Event 1000.
I have created regexp filters but cant figure out how to do the next step.
Is there any other filter that supports wildcards and regex than regexp?
Thanks
Think i solved it like this, dont know if its the best solution but it seems to work
{
"query": {
"bool": {
"must": {
"match": {
"event_data.SubjectUserName": "Spiderman"
}
},
"filter": {
"regexp": {
"event_data.TargetUserName": {
"value": ".*~$"
}
}
}
}
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.