Hi All,
I am new to ES. And I have a requirement where a user can create a search
pattern using regex, and use the pattern to do search on documents within
ES.
Adding documents to ES and creating search patterns are completely
different processes. When adding documents, what pattern is gonna to be
used for search is unknown. So pre-processing is not possible.
I wonder whether this can be done in ES. For instance, I have a regular
expression"\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}" and I want it to match
fields like "blah blah 100.100.100.100 blah blah".
I am using standard analyzer. Assuming the field I am using is "message",
(a) I got no matched documents for the following
{
"query":
{
"regexp":{
"message": "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"
}
}
}
(b) And I got matched documents for the following (assuming I have a row
literally contains "blah")
{
"query":
{
"regexp":{
"message": "bl.{1}.{1}"
}
}
}
My questions are as follows:
(a) Is regex query in ES working only at term level? In case (a),
100.100.100.100 is separated into 4 terms. And a single pattern cannot
match it?
(b) Is there a trick that I can use in my case to satisfy my requirement?
If I have a custom tokenizer which treat the whole field as single token,
will cross token regex matching work? This is probably way to slow for a
decent data set though.
Thanks in advance
Z
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.