So here's the filter:
type:connlog AND NOT (history:.*D.*)
I'm attempting to filter out anything that contains a "D" or "d". Why does Kibana actually give me contents with a D?
Thank you.
I've also tried regext with /.D./ to no avail.
Hi DidiAngel
If want to " filter out anything that contains a "D" or "d" "
your query could simply look like
type:connlog AND NOT (history: *d*)
The reason your query does not work is that Kibana search expression is not a standard regular expression, it is a Lucene query expression.
There is a support for some wildcards like * ? and [] but not .
There is also support for special features (fuzzy, proximity, ranges etc).
See the list of special characters given there
-
- && || ! ( ) { } [ ] ^ " ~ * ? : \ /
. is not a lucene query special character but it is a word breaker, see here
I think it is not escapable
HTH
Alain
First off thank you for the info. I tested out my Sense line..here's what I got:
{
"tokens": [
{
"token": "d",
"start_offset": 1,
"end_offset": 2,
"type": "<ALPHANUM>",
"position": 0
}
]
}
However I still see the same results:
Interestingly, if I try and match instead of negate, it works fine:
But in your last example, when it works fine, the field contains some 'D' and 'd' ?
I thought you wanted to remove them from the output (as you said 'filter out') ??
...
BTW, I'm glad you found the link interesting and it finally works for you
I do want to filter out anything that contains "d" or "D". I'm showing that the inverse, match anything that DOES contain "d" or "D" does work. But, when I add the "NOT", I still get history items with "d" or "D", even with type:connlog AND NOT (history: *d*). Maybe this is a beta issue?
ah ok,
For me it works fine with match and NOT match, except with the pattern with '.'
which does not works.
But I'm not using a beta version (yet)
As you said, may be a problem in beta?
Cool...I'll file a bug report on github...thank you.