There are several issues related to scripted fields including this one which is fixed in 5.1.0 (NOT RELEASED YET);
The larger search result;
But there may also be another way to get your desired scripted field result that doesn't have the error. Instead of using a regular expression you could use some other string methods.
In my example I have some URLs in a field named referer and if I want to just get the http or https part off the front of the URL I can use this scripted field;
doc['referer'].value.substring(0, doc['referer'].value.indexOf(":"))
This gets the substring starting at 0 and up to the ":". You could try this in your case and see if it works for you.
I'm not sure how it handles the case where the ":" isn't found as all my data has it.
Sorry, after re-reading your post and thinking about it a bit, I don't think you can ever use scripted fields in the query bar in Kibana as that goes directly to Elasticsearch which doesn't know about them. But you should be able to filter on them and use them in aggregations in Visualizations.
Make sure you are using Kibana 5.1.1, since prior to that version there were issues with filtering and sorting on some of the more advanced scripted fields. Also make sure that every execution path in your script has a well-defined return statement, otherwise some sorts will still fail. Here is the part of the blog that explains that:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.