Hello everyone,
I am using ElastAlert Kibana Plugin in Kibana, I want to set up an alert that invokes email if I get 500+ http error from any container. e.g.
217.114.212.180 - - [18/Jun/2019:12:09:21 +0000] "GET /status HTTP/1.1" 500 235 "-" "kube-probe/1.11"
To achieve this, I am using
query_string:
query: "kubernetes.container_name: gateway AND log: /.*\"\\s5[0-9]{2}\\s.*/"
my intention is to capture " 500+ " error followed by a upper quote and space. So I used \\s regex pattern which is not able to capture the log containing 500+ error.
Does elastic search allow regex involving white space ?
Thanks.