I have a message field with value like below:

{"id":"abc123","duration":120}

I want to filter all logs with duration value greater than 200 using regex. When I use regex below, I am able to filter out logs with duration

{
  "query": {
    "regexp": {
      "message": ""duration""
    }
  }
}

This works perfectly, but if I add the :, somehow I don’t see any logs at all. Same even if I use .

P.S.

I am also exploring using range like below but

{
  "query": {
    "range": {
      "message.duration": {
        "gt": 200
      }
    }
  }
}