Kibana regex search with range or number

I have a log already indexed in to field like below

cs_uri_stem: /book-music
cs_uri_query: p=119

recently, my website has been crawled with a very deep page number ( ask you can see in the example, page 119), and that stress to my site very much

my question is, how could you define the search, that only filter the query with the page number greater than 100

I follow the instruction on es website but it doesn't work for me unfortunately Regexp query | Elasticsearch Guide [8.11] | Elastic

Interval The interval option enables the use of numeric ranges, enclosed by angle brackets "<>". For string: "foo80":

foo<1-100> # match
foo<01-100> # match
foo<001-100> # no match

here is my query on kibana

cs_uri_stem: /book-music AND cs_uri_query: p=<100-999> => doesn't work

if I specify the page number, it works well

cs_uri_stem: /book-music AND cs_uri_query: p=119 => this works well

thank you in adv

Hi @quangtranhong,

here are two ways to achieve your goal:

1. To get your regular expression working, you have to enclose the string in / for the parser to recognize it as a regexp query string: cs_uri_query:/p=<100-999>/.

2. From your description I take it that cs_uri_query is indexed as text. If it was indexed as a number field, e.g. query_page, you would be able to use a range query to select the documents: query_page:[100 to *]. The recommended way would be to parse the cs_uri_query field at index time in Logstash, an index pipeline or whatever piece of software you are using to ingest the documents into Elasticsearch.

cs_uri_query:/p=<100-999>/

this really does work, many thanks, @weltenwort

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.