Issue with regular expressions

Hello, I'm having trouble when I try to use some regexp in Kibana filters, to make graphics.

Example : I have a simple filter which is
source.keyword : "mylog.log" and message: "\[200\]"

Example of line in LOG :
HTTP 1.1/ [200] 5431 33 GET /index.php ....

In this example I try to match the HTTP 200 code, which is written between "[ ... ]" but my backslashes aren't recognized as escape caracters.. Then this filter matchs every "200" in line, and not only "[200]"

Have you any solution for me ? Thanks a lot.

@DiiSteR could you try to use '\\[200\\]' ?

Thanks for your answer, I'll try it soon

@tiagocosta this is doing the same with '\\[200\\]' :frowning:

@DiiSteR Lucene query syntax supports regex but regex uns on every term, so the indexing style of the field is important. The message property is being probably indexed as full text, so I expect that the only term indexed is "200" which is probably why we are getting those results.

I think it would be possible to get around this by adding a pipeline that extracts the status code from the message and stores it in a new field. Then you can reindex some or all of the data and setup the log ingestion to pass docs through that pipeline. After doing this you will be able to just filter by the new field.

This is really hard to do for just a simple [200] haha, I don't know why this doesn't like mi backslashes, its sad to see... manipulating indexes is not really easy for someone who's beginner.. It seems like I need to do that for every thing I need to filter, so I don't understand why filters exists haha.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.