Hello, I'm having trouble when I try to use some regexp in Kibana filters, to make graphics.
Example : I have a simple filter which is source.keyword : "mylog.log" and message: "\[200\]"
Example of line in LOG : HTTP 1.1/ [200] 5431 33 GET /index.php ....
In this example I try to match the HTTP 200 code, which is written between "[ ... ]" but my backslashes aren't recognized as escape caracters.. Then this filter matchs every "200" in line, and not only "[200]"
@DiiSteR Lucene query syntax supports regex but regex uns on every term, so the indexing style of the field is important. The message property is being probably indexed as full text, so I expect that the only term indexed is "200" which is probably why we are getting those results.
I think it would be possible to get around this by adding a pipeline that extracts the status code from the message and stores it in a new field. Then you can reindex some or all of the data and setup the log ingestion to pass docs through that pipeline. After doing this you will be able to just filter by the new field.
This is really hard to do for just a simple [200] haha, I don't know why this doesn't like mi backslashes, its sad to see... manipulating indexes is not really easy for someone who's beginner.. It seems like I need to do that for every thing I need to filter, so I don't understand why filters exists haha.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.