ES regex match failure

Hey guys,
I wanna match some data about form-data in ES like

------WebKitFormBoundary9fB75AOSG0bMs1I4\x0D\x0AContent-Disposition: form-data; name=\x22upload\x22; filename=\x22shell.php\x22\x0D\x0AContent-Type: application/octet-stream\x0D\x0A\x0D\x0A<?php\x0D\x0Aerror_reporting(7);\x0D\x0A@set_magic_quotes_runtime(0);

And the data type is keyword, so I'm using regexp like this

{
  "query": {
      "regexp": {
         "data": ".*\\<\\?php.*"
      }
   }
}

But nothing return
The ES version is 7.8.1, Is there something wrong about this pattern?

Nothing wrong with the pattern - likely the content wasn't indexed because it is a long string.
By default keyword fields drop strings greater than 256 chars in length. This ignore_above setting can be increased but there's a hard limit of 32k.

A potentially better way of searching long strings is the new wildcard field in 7.9.
Check out the blog

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.