dvanwesh
July 31, 2020, 3:30pm
1
I have log messages with below pattern
user status for userId 1 change previous state x1 new state x2 where previous and new state are different
user status for userId 2 change previous state x1 new state x1 where previous and new state are same
I'm new to kibana and using UI to search for logs. When I type user status for userId for text search I get logs of above scenarios together.
How to search with regex to fetch logs for above mentioned two different scenarios.
search 1 should only return user status for userId 1 change previous state x1 new state x2
search 2 should only return user status for userId 2 change previous state x1 new state x1
mattkime
August 4, 2020, 9:41pm
2
Hello @dvanwesh
How are the docs structured? How are they being ingested into elasticsearch?
Thanks,
dvanwesh
August 10, 2020, 2:37pm
3
@mattkime they are just app server logs. I'm not aware of how elasticsearch is set up to ingest these logs.
mattkime
August 10, 2020, 3:23pm
4
generally speaking, it would be good to break up a string of text into multiple fields.
You need to use Lucene Query syntax to support regex - elastic.co/guide/en/kibana/current/lucene-query.html
system
September 7, 2020, 3:23pm
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.