Kibana RegEx not working as expected?

Elastic Stack Elasticsearch
1

I'm running ES 1.0.1 and Kibana 3 milestone 5. I'm trying to use regex in my kibana searches, as described at http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-regexp-query.html#regexp-syntax. Some of the regex works, but any regex that uses square brackets [a-c] or curly braces a{3} fails. What am I doing wrong?

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/70f64164605e4fcb965e1cfda0545991%40BY2PR07MB043.namprd07.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

2

Here's what I see in Kibana:

Oops! SearchParseException[[logstash-2014.03.22][5]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"a{3}"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1395519710926,"to":"now"}}}]}}}},"highlight":{"fields":{},"fragment_size":2147483647,"pre_tags":["@start-highlight@"],"post_tags":["@end-highlight@"]},"size":500,"sort":[{"@timestamp":{"order":"desc"}},{"@timestamp":{"order":"desc"}}]}]]]

From: elasticsearch@googlegroups.com [mailto:elasticsearch@googlegroups.com] On Behalf Of Janet Sullivan
Sent: Saturday, March 22, 2014 2:16 PM
To: elasticsearch@googlegroups.com
Subject: Kibana RegEx not working as expected?

I'm running ES 1.0.1 and Kibana 3 milestone 5. I'm trying to use regex in my kibana searches, as described at http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-regexp-query.html#regexp-syntax. Some of the regex works, but any regex that uses square brackets [a-c] or curly braces a{3} fails. What am I doing wrong?

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.commailto:elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/70f64164605e4fcb965e1cfda0545991%40BY2PR07MB043.namprd07.prod.outlook.comhttps://groups.google.com/d/msgid/elasticsearch/70f64164605e4fcb965e1cfda0545991%40BY2PR07MB043.namprd07.prod.outlook.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/11122f6d44384e4b803764eaa42ff742%40BY2PR07MB043.namprd07.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

3

I think you did not set query type to regex as the generated query is a query_string
{"query_string":{"query":"a{3}"}

David :wink:
Twitter : @dadoonet / @elasticsearchfr / @scrutmydocs

Le 22 mars 2014 Ă  22:23, Janet Sullivan janets@nairial.net a Ă©crit :

Here’s what I see in Kibana:

Oops! SearchParseException[[logstash-2014.03.22][5]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"a{3}"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1395519710926,"to":"now"}}}]}}}},"highlight":{"fields":{},"fragment_size":2147483647,"pre_tags":["@start-highlight@"],"post_tags":["@end-highlight@"]},"size":500,"sort":[{"@timestamp":{"order":"desc"}},{"@timestamp":{"order":"desc"}}]}]]]

From: elasticsearch@googlegroups.com [mailto:elasticsearch@googlegroups.com] On Behalf Of Janet Sullivan
Sent: Saturday, March 22, 2014 2:16 PM
To: elasticsearch@googlegroups.com
Subject: Kibana RegEx not working as expected?

I’m running ES 1.0.1 and Kibana 3 milestone 5. I’m trying to use regex in my kibana searches, as described at http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-regexp-query.html#regexp-syntax. Some of the regex works, but any regex that uses square brackets [a-c] or curly braces a{3} fails. What am I doing wrong?

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/70f64164605e4fcb965e1cfda0545991%40BY2PR07MB043.namprd07.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/11122f6d44384e4b803764eaa42ff742%40BY2PR07MB043.namprd07.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CF4A55CD-7725-4592-A294-8803053A521D%40pilato.fr.
For more options, visit https://groups.google.com/d/optout.

4

http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-regexp-query.html#regexp-syntax states “Regular expression queries are supported by the regexp and the query_string queries.” So why isn’t it working with a query_string?

From: elasticsearch@googlegroups.com [mailto:elasticsearch@googlegroups.com] On Behalf Of David Pilato
Sent: Sunday, March 23, 2014 12:15 AM
To: elasticsearch@googlegroups.com
Subject: Re: Kibana RegEx not working as expected?

I think you did not set query type to regex as the generated query is a query_string
{"query_string":{"query":"a{3}"}

David :wink:
Twitter : @dadoonet / @elasticsearchfr / @scrutmydocs

Le 22 mars 2014 Ă  22:23, Janet Sullivan <janets@nairial.netmailto:janets@nairial.net> a Ă©crit :
Here’s what I see in Kibana:

Oops! SearchParseException[[logstash-2014.03.22][5]: from[-1],size[-1]: Parse Failure [Failed to parse source [{"query":{"filtered":{"query":{"bool":{"should":[{"query_string":{"query":"a{3}"}}]}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1395519710926,"to":"now"}}}]}}}},"highlight":{"fields":{},"fragment_size":2147483647,"pre_tags":["@start-highlight@"],"post_tags":["@end-highlight@"]},"size":500,"sort":[{"@timestamp":{"order":"desc"}},{"@timestamp":{"order":"desc"}}]}]]]

From: elasticsearch@googlegroups.commailto:elasticsearch@googlegroups.com [mailto:elasticsearch@googlegroups.com] On Behalf Of Janet Sullivan
Sent: Saturday, March 22, 2014 2:16 PM
To: elasticsearch@googlegroups.commailto:elasticsearch@googlegroups.com
Subject: Kibana RegEx not working as expected?

I’m running ES 1.0.1 and Kibana 3 milestone 5. I’m trying to use regex in my kibana searches, as described at http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-regexp-query.html#regexp-syntax. Some of the regex works, but any regex that uses square brackets [a-c] or curly braces a{3} fails. What am I doing wrong?

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.commailto:elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/70f64164605e4fcb965e1cfda0545991%40BY2PR07MB043.namprd07.prod.outlook.comhttps://groups.google.com/d/msgid/elasticsearch/70f64164605e4fcb965e1cfda0545991%40BY2PR07MB043.namprd07.prod.outlook.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.commailto:elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/11122f6d44384e4b803764eaa42ff742%40BY2PR07MB043.namprd07.prod.outlook.comhttps://groups.google.com/d/msgid/elasticsearch/11122f6d44384e4b803764eaa42ff742%40BY2PR07MB043.namprd07.prod.outlook.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.commailto:elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CF4A55CD-7725-4592-A294-8803053A521D%40pilato.frhttps://groups.google.com/d/msgid/elasticsearch/CF4A55CD-7725-4592-A294-8803053A521D%40pilato.fr?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/eaffb90d86d2485c85ddfc6705695031%40BY2PR07MB043.namprd07.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

5

I wonder if you've tried escaping the query_string query, like for example:

/a{3}/

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/599cbc96-3ebf-4b39-a711-0cbb1772f51b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

1 Like
6

Thank you, that works!

From: elasticsearch@googlegroups.com [mailto:elasticsearch@googlegroups.com] On Behalf Of Binh Ly
Sent: Monday, March 24, 2014 9:11 AM
To: elasticsearch@googlegroups.com
Subject: Re: Kibana RegEx not working as expected?

I wonder if you've tried escaping the query_string query, like for example:

/a{3}/

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.commailto:elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/599cbc96-3ebf-4b39-a711-0cbb1772f51b%40googlegroups.comhttps://groups.google.com/d/msgid/elasticsearch/599cbc96-3ebf-4b39-a711-0cbb1772f51b%40googlegroups.com?utm_medium=email&utm_source=footer.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/6e8bcb9437c04b74bf6933aa284f576e%40BY2PR07MB043.namprd07.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.