Hi Elastic Community,
Im trying to use regex in Kibana Discovery search bar but i think im to stupid
I Found some Threads and Blog Post but it doesnt work for me.
Example:
Event 1:
Some Message: C:\ProgramData\Package Cache{A50FA50F-A50F-A50F-A50F-A50FA50FA50F}Other\Path. Clientprozess-ID: 8888.
Event 2:
Some Message: {A50FA50F-A50F-A50F-A50F-A50FA50FA50F}. Clientprozess-ID: 8888.
I want to filter out Event 2. A Working Regex is to find Event 2 is:
Some Message:\ {.}. Clientprozess.
I tried the following ways to search in Kabana but no one of them worked:
message:Some Message:\ {.}. Clientprozess.
message:/Some Message:\ {.}. Clientprozess./
message:"/Some Message:\ {.}. Clientprozess./"
message:/"Some Message:\ {.}. Clientprozess."/
message:'/Some Message:\ {.}. Clientprozess./'
message:/'Some Message:\ {.}. Clientprozess.'/
This is likely because message is a text field and is using the standard analyzer, so a space is not going to exist in the indexed data. You can check your mapping using the mapping API.
Hi @alisongoryachev,
Thanks for this Information.
But it doesnt work as i would expect.
Message: The Software Protection service has stopped.
Searching:
message:/Protection/ -> works
message:/Prot[eE]ction/ -> doesnt work
message:/Prot[A-z]ction/ -> doesnt work
I also get every time entering a search with / the message:
It looks like you may be trying to use Lucene query syntax, although you have Kibana Query Language (KQL) selected. Please review the KQL docs.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
