Hi all,
I am using ElasticStack to monitor various process including Java processes. In this particular case, I am searching for Kafka process.
Using online regex tester, I am able to get a match, but my regex never gets hit when querying data in Kibana. Document with full path is already present in ES.
Is such behavior specific to Kibana or Elasticsearch (Lucene query syntax)?
Thanks,
Sorry. It looks like that I have posted my question in wrong topic. Can some one please move it to Kibana?
As per the documentation they are not Perl-compatible.
Hello Christian. That was quick, I have spent at least one hour going through the exact documentation. So, basically, I should stick with Lucene documentation regarding the regular expressions.
I believe so. Be aware however that using regular expression searches can be very slow and scale badly. It would be a lot faster if you could parse out parts you know are going to be interested in at index time.
Yes, I was afraid of that. Both parts, Lucene and slow queries.
To be honest, I am not sure what do you mean under, "parse out parts". I am already filtering the documents in following way:
beat.hostname: "some.hostname" AND system.process.name: java AND system.process.cmdline: myregex_query_that_doesnt_work.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.