This repository has been archived by the owner on Jul 22, 2024. It is now read-only.
Unable to regex search syslog messages in elasticsearch #706
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
We cannot currently perform regex searches on the message field in the cast-log-syslog* indices.
I believe that the reason for this is that the CAST-provided cast-log-syslog.json template has this:
By making the message type explicitly "text", we are eliminating the "keyword" version of message. "text" type strings are tokenized, and then searches can only be performed on the individual tokens, it is not possible to perform a regex search on the whole string. (It also apperently limits aggregations, not that I currently have a use for that.)
The text was updated successfully, but these errors were encountered: