I tried to fetch some word using regexp in the filter but does not work:
{
"query": {
"regexp": {
"message": {
"value": "*.word1.word2.word3.*"
}
}
}
}
I want to fetch messages that contains this bloc "word1.word2.word3". I don't know if I wrote something wrong or kibana does not accept this format.
How can I fix it?
If you want to find documents containing a certain substring, the wildcard query is probably the best choice: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-wildcard-query.html
Just switch regexp with wildcard and you should be good to go. However it will match everything containing .word1.word2.word3. (note the leading and trailing dots)
Thanks for your answer, I'll try it.
I tried it but does not work, I have to mention the whole phrase to get the result, otherwise it is not able to filter the lines where the message contains the block of words I use to filter.
Can you share the mapping of your index and the filter you are testing with right now?
Can you please copy-paste the filter JSON you are using which should work but doesn't?
{
"query": {
"wildcard": {
"message": {
"value": "*.PSEGP.PSETP.*"
}
}
}
}There is no . in front of "PSEGP" in your example - try
{
"query": {
"wildcard": {
"message": {
"value": "*PSEGP.PSETP.*"
}
}
}
}
even like that does not work 
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.