I have had a lot of trouble getting Lucene Text Queries to work in DTM Monitors. I have referenced the below pages and still have issues finding the info I need.
I discovered you can search for individual Monitor Topic entity types (ex. “domain” entity type instead of entire Network Information), but this was from trial and error, the documentation does not write out this capability or the syntax it needs to be in. Also sections like “doc_type” values are not documented (ex. Shop Listings must be “shop_list”). There is also the Conditionals like “must contain” and many more, I cannot find how to add these values into Lucene Text Queries.
Your Adoption Guide uses examples like:
- __type:"shop_listing" AND item_type:"CC"
- messenger.name:telegram AND sender.telegram.user_id:6273******
- email.headers.value:"@os-kh.de"
I cannot find where these syntax requirements come from or the key values (why __type and where does item_type come from) or where does the JSON type keys (sender.telegram.user_id) come from. Is there a Schema type reference that lays out the possible queryable keys and syntax expected for Lucene to work?
I have also used the Lucene Tips section in the page linked and copied exact queries, specifically for Regex and get no results or syntax issues when testing in monitor.
