Hi team,
My message being parsed as follows
rest_message
1 method=GET url=http://192.168.44.44/Invoice.doc sent=/var/lib/inetsim/http/fakefiles/sample.doc postdata
I need to set up a query where if rest_message field contains “url=” but dang I am unable to match those out. Can someone please help?
Ah …got the answer
Also note that message , full_message , and source are the only fields that are being analyzed by default. While wildcard searches (using * and ? ) work on all indexed fields, analyzed fields will behave a little bit different. See wildcard and regexp queries for details.
Care to share that answer with the rest? 
Somebody else could learn from it 
That is been shared!! see my response
You need to enable wildcard searches in server.conf file.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.