Count by regex pattern

Alexkl · April 24, 2017, 10:03am

I am struggling with a pie chart visualisation in kibana (5.2.2) I have a field url wich contains things like :

https://fhfhf.jffjr.com/ping?toto=tata
https://fhfhf.jffjr.com/user=tu
https://fhfhf.jffjr.com/ping?tutu=tata
I want to get in a pie chart the count of url fields containing the pattern .ping. vs others.

I didn't find a way to do it. It's sliced by the full keyword. Is there a way to do it without scripting ?

Thanks !

spalger · April 24, 2017, 11:00pm

If you are trying to avoid scripting then I imagine you are worried about the performance of this query. If so, then regular expressions probably aren't going to be the best, but you can do this with a regex in the "filters" aggregation.

See https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-query-string-query.html#_regular_expressions

If regexp is still too slow, I suggest pre-processing the logs with something like logstash to extract the bit of data you are trying to understand (maybe the path of the url?)

Alexkl · April 26, 2017, 8:16am

Hello,

You are right i was afraid of the performance of the query with a script and i wished to avoid adding a logstash filter.
I will try with the filter and if it didn't work i will make some tests with scripting.

Thanks !
Alex

system · May 24, 2017, 8:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Aggregate/visualize based on substring or regex query Kibana	2	5127	February 17, 2020
Count string field in Kibana Kibana	2	1863	July 6, 2017
Use regex in Kibana SearchBox properly Kibana	3	883	July 6, 2017
Kibana keyword aggregation for visualisation Kibana	3	1077	October 15, 2019
Aggregating (count) by regex Kibana	2	781	July 22, 2020

Count by regex pattern

Related topics