Access log, requested_uri pattern matching


(Tonymurphy) #1

Hi

I'm trying to find all access log entries matching a specfic pattern - rest url. But I'm struggling

Say for example I had the following regex

\/api\/savedsearches\/[0-9a-z]{24}\/on

The following uri path would match

/api/savedsearches/5a6f390be4b01fbf020780c6/on

https://regex101.com/r/KyMX0u/1

How do I implement this as a filter in Kibana?

{
  "query": 
    "regexp": {
      "requested_uri": ".*savedsearches.*"
    }
  }
}

(Joe Fleming) #2

As you note, you can use the regexp query as a filter in Kibana. Looking at the Standar Operators sections, the regexp you posted seems to be valid, and indeed, running it doesn't produce an error. I don't have the same data as you, so when I run this on the extension field in my data set, I get no results, but also no errors. Have you tried creating a filter with the following DSL?

 {
  "query": 
    "regexp": {
      "requested_uri": "\/api\/savedsearches\/[0-9a-z]{24}\/on"
    }
  }
}

43


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.