Check for presence of email address in query string?

Hi everyone. Apologies if this is a n00b question, I just can't find the answer anywhere, and my Kibana / RegEx knowledge is failing me. Say my logs' msg field contains a value like this:

host.com/path/resource?foo=0123456&bar=mickey@disney.com&true=0&etc=1

I need to find all log entries where etc=1 and bar contains an email address. I can do the etc part - that's easy - and I'd even settle for entries where bar contains the @ symbol, but I just can't find the right syntax, be it RegEx, escaping, or whatever.

Ideas gratefully received!

hi @muppix,

would this work for you?

bar=([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})

Matching email addresses with regex is notoriously hard, but I got this simple approximation from here: http://regexlib.com/Search.aspx?k=email&AspxAutoDetectCookieSupport=1

Hi Thomas,

Apologies for the slow reply - that'll teach me to check my Junk folder more often! I got to the bottom of the issue, and it turns out that we don't index the @ symbol in our implementation, so I'll never be able to find it, regardless of how I search. Bummer.

Thanks,
Mark.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.