Wildcard filter doesn't seem to be working for one value, but works for the other #1442
-
Here is the filter:
It seems to be working for the Any idea what the solution is? |
Beta Was this translation helpful? Give feedback.
Answered by
jertel
May 24, 2024
Replies: 1 comment 2 replies
-
This is more of an Elasticsearch question, since all ElastAlert 2 is doing to sending that exact filter, as written, to Elasticsearch. I suggest comparing the field mapping types for |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
That makes sense. Keyword is wildcard searchable, while Text is not.
https://www.elastic.co/guide/en/elasticsearch/reference/current/keyword.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/text.html