The new indexes set all fields to not-analyzed.
Due to how the queries are parsed, our regex searches for severity:/ERROR/ do not work as the querystring is converted to lowercase, but due to not being analyzed anymore the term in the document is still uppercase.
The new indexes set all fields to not-analyzed. Due to how the queries are parsed, our regex searches for
severity:/ERROR/do not work as the querystring is converted to lowercase, but due to not being analyzed anymore the term in the document is still uppercase.https://github.com/elastic/elasticsearch/issues/9973
Should be easily fixable by adding the
"lowercase_expanded_terms": falseproperty to the query_string query.