Wildcard query is not working for long value in cmdline parameter

I am have tried writing following DSL to filter my data, but query is not giving any proper results. Any ideas?

{
"query": {
"wildcard": {
"system.process.cmdline": "cfx_connector_router"
}
}
}

Hey @sandiagee, is system.process.cmdline an analyzed text field, if it is you'll likely want to switch to using an unanalayzed text field, do you have a system.process.cmdline.keyword field?

Also, there are no wildcards in cfx_connector_router , would you mind elaborating what you're trying to filter on?

Hi,

Thanks for your response. Ask is to find system resource utilization details for job_name which is deep buried in system.process.cmdline.

I tried it further and looks like the wild query is working when cmdline field is having "x" number of characters in it, but not working if number of characters exceeds that "x" number of characters.

Is there any limitation for DSL?

This is resolved. system.process.cmdline is keyword field. We have created a new index to use the field as text which is allowing to run any wildcard queries.

Thanks for information and support.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.