I am facing an issue with Elastisearch Query DSL while using a prefix filter for the "log_message" field. The goal is to display logs where the "log_message" field has a prefix of "Started". However, the filter is also includes lines where "Started" appears in the middle of the message, not just at the beginning. Here's my query:
{
"prefix": {
"log_message": "started"
}
}
- Here's my log message: 2023-11-20 10:49:34.445 | INFO | [restartedMain] --- 14348 | o.a.c.impl.engine.AbstractCamelContext | | Started xxxxxxxxxxx.
Her's my logstash Pattern:
%{TIMESTAMP_ISO8601:timestamp} |%{SPACE}%{LOGLEVEL:log_level}%{SPACE}|%{SPACE}[%{DATA:thread}]%{SPACE}---%{SPACE}%{NUMBER:process_id}%{SPACE}|%{SPACE}%{DATA:class}%{SPACE}| |%{SPACE}%{GREEDYDATA:log_message}(\r|\n)?
i try to restart elastisearch ang logstash but the problem is still present