Hi, does anyone know how to make a regex work in Kibana like this?
Thanks,
John
From: logstash-users@googlegroups.com [mailto:logstash-users@googlegroups.com] On Behalf Of Janet Sullivan
Sent: Monday, April 28, 2014 9:27 AM
To: logstash-users@googlegroups.com
Subject: [logstash-users] FW: Regex syntax
Given a message line like this:
PPE-1 : UI CMD_EXECUTED 4751439 : User vipnet_something - Remote_ip 1.1.1.1 - Command "show something" - Status "Success"
Searches of message:/vipnet.Success/ or message:/vipnet."Success"/ don't work. Message:/vipnet.*/ AND message:/Success/ works. Why doesn't the regex seem to work?
From: Naoki Kitajima
Sent: Monday, April 28, 2014 2:40 AM
To: GNS Logstash
Subject: Regex syntax
Hi Logstash users/admins,
I am trying to find the matched lines with two words by regex but Logstash query results seems odd to me. Could you advise me what's wrong here?
For example, I want to find the log that includes both "vipnet" and "Success".
-
Query: message:/vipnet.*Success/
? This query doesn't match with anything. Why?
-
Query: message:/.*vipnet.*/ AND message:/Success/
? This query work.
Thanks,
Naoki
Remember: if a new user has a bad time, it's a bug in logstash.
You received this message because you are subscribed to the Google Groups "logstash-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to logstash-users+unsubscribe@googlegroups.commailto:logstash-users+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/0a99e855b7a149f2a47fcc3a8e2d2b80%40BN1PR03MB022.namprd03.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.