Issue with Regex in Kibana searchbar/query_string


(Tao Liu) #1

Hi,

I am using ES 2.3.3 and Kibana 4.5.1 and trying to match a pattern in the log entry with regex, but it doesn't work as expected. The field I am using is message.raw and below is the mapping and an example:

Mapping:

"message" : {
        "type" : "string",
        "norms" : {
          "enabled" : false
        },
        "fielddata" : {
          "format" : "disabled"
        },
        "fields" : {
          "raw" : {
            "type" : "string",
            "index" : "not_analyzed",
            "ignore_above" : 256
          }
        }
      }

Example (from the json format of the entry):

"message": "2018-05-15 16:55:32.095 ERROR [Default Executor-thread-000000] com.xxx.xxx.xxx -\n\t\t\t\t\tsomeFunction() :: var = some messages"

The pattern I am using is:

message.raw:/[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}"."[0-9]{3} ERROR.*/

which returns nothing, but without the ERROR it works:

message.raw:/[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}"."[0-9]{3} .*/

This really confuses me. Could anyone give me some ideas what is going on? Thank you so much!


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.