Kibana Search - Regex

VietCong · July 9, 2018, 6:32am

Hi,

I have this Kibana Search using regex and don't understand why it is not working. The search string is legal according to Query DSL filter but it gives me error "Courier Fetch: 124 of 1830 shards failed." Is there the special characters that I need to escape?

please see my filter syntax below:

{
  "query": {
    "regexp": {
      "message": "(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[#$]).{8,20}"
    }
  }
}

Brandon_Kobel · July 9, 2018, 1:28pm

I believe that you're hitting the too_complex_to_determinize_exception error that Elasticsearch is throwing when you try to use a RegEx that is too complex and would result in too high of memory usage.

If you try to execute a query similar to the following via DevTools:

GET logstash-*/_search
{
  "query": {
    "regexp": {
      "message": "(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[#$]).{8,20}"
    }
  }
}

You'll see the following error response:

{
  "error": {
    "root_cause": [
      {
        "type": "query_shard_exception",
        "reason": "failed to create query: {\n  \"regexp\" : {\n    \"message\" : {\n      \"value\" : \"(?=.*\\\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[#$]).{8,20}\",\n      \"flags_value\" : 65535,\n      \"max_determinized_states\" : 10000,\n      \"boost\" : 1.0\n    }\n  }\n}",
        "index_uuid": "2vspEvQ2Q6m0RmUwN_6_fQ",
        "index": "logstash-0"
      }
    ],
    "type": "search_phase_execution_exception",
    "reason": "all shards failed",
    "phase": "query",
    "grouped": true,
    "failed_shards": [
      {
        "shard": 0,
        "index": "logstash-0",
        "node": "h9_nyEpyTS2H2Xa7_ZF_3w",
        "reason": {
          "type": "query_shard_exception",
          "reason": "failed to create query: {\n  \"regexp\" : {\n    \"message\" : {\n      \"value\" : \"(?=.*\\\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[#$]).{8,20}\",\n      \"flags_value\" : 65535,\n      \"max_determinized_states\" : 10000,\n      \"boost\" : 1.0\n    }\n  }\n}",
          "index_uuid": "2vspEvQ2Q6m0RmUwN_6_fQ",
          "index": "logstash-0",
          "caused_by": {
            "type": "too_complex_to_determinize_exception",
            "reason": "Determinizing (?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[#$]).{8,20} would result in more than 10000 states.",
            "caused_by": {
              "type": "too_complex_to_determinize_exception",
              "reason": "Determinizing automaton with 64 states and 71 transitions would result in more than 10000 states."
            }
          }
        }
      }
    ]
  },
  "status": 400
}

Is there a simpler regex that would satisfy your requirements?

system · August 6, 2018, 1:28pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[Kibana] - Add filter using specific regex Kibana	4	4070	April 12, 2019
Issues with Regex in Kibana Kibana	3	1498	February 28, 2019
Using Regex in Kibana Query DSL Elasticsearch kql-kibana-query-language	5	1163	June 2, 2022
Regex queries don't work in Kibana Kibana	3	750	August 8, 2019
Regex queries don't appear to work at all in kibana Kibana	3	1423	January 27, 2017

Kibana Search - Regex

Related topics