General confusion with Kibna's search bar

So here's the filter:

type:connlog AND NOT (history:.*D.*)

I'm attempting to filter out anything that contains a "D" or "d". Why does Kibana actually give me contents with a D?

Thank you.

I've also tried regext with /.D./ to no avail.

Hi DidiAngel

If want to " filter out anything that contains a "D" or "d" "
your query could simply look like

type:connlog AND NOT (history: *d*)

The reason your query does not work is that Kibana search expression is not a standard regular expression, it is a Lucene query expression.
There is a support for some wildcards like * ? and [] but not .
There is also support for special features (fuzzy, proximity, ranges etc).
See the list of special characters given there

    • && || ! ( ) { } [ ] ^ " ~ * ? : \ /

. is not a lucene query special character but it is a word breaker, see here
I think it is not escapable



First off thank you for the info. I tested out my Sense's what I got:

  "tokens": [
      "token": "d",
      "start_offset": 1,
      "end_offset": 2,
      "type": "<ALPHANUM>",
      "position": 0

However I still see the same results:

Interestingly, if I try and match instead of negate, it works fine:

But in your last example, when it works fine, the field contains some 'D' and 'd' ?
I thought you wanted to remove them from the output (as you said 'filter out') ??
BTW, I'm glad you found the link interesting and it finally works for you

I do want to filter out anything that contains "d" or "D". I'm showing that the inverse, match anything that DOES contain "d" or "D" does work. But, when I add the "NOT", I still get history items with "d" or "D", even with type:connlog AND NOT (history: *d*). Maybe this is a beta issue?

ah ok,
For me it works fine with match and NOT match, except with the pattern with '.'
which does not works.
But I'm not using a beta version (yet)
As you said, may be a problem in beta?

Cool...I'll file a bug report on github...thank you.