I have a dataset containing windows event logs, I am trying to filter out values in a field TargetUserName that contain a specific character of say #.
basically, if TargetUserName contains # do not aggregate it. Below is my current code.
es = Elasticsearch([localhostmines], timeout=30)
s = Search(using=es, index="logindex-*").filter('term', EventID="4624").filter('term', TargetUserName="*#")
users = set([])
for hit in s.scan():
users.add(hit.TargetUserName)
print(users)
Any help would be greatly appreciated. Thank you.