Kibana UI search text for specific pattern

dvanwesh · July 31, 2020, 3:30pm

I have log messages with below pattern

user status for userId 1 change previous state x1 new state x2 where previous and new state are different

user status for userId 2 change previous state x1 new state x1 where previous and new state are same

I'm new to kibana and using UI to search for logs. When I type user status for userId for text search I get logs of above scenarios together.

How to search with regex to fetch logs for above mentioned two different scenarios.

search 1 should only return user status for userId 1 change previous state x1 new state x2

search 2 should only return user status for userId 2 change previous state x1 new state x1

mattkime · August 4, 2020, 9:41pm

How are the docs structured? How are they being ingested into elasticsearch?

Thanks,
Matt

dvanwesh · August 10, 2020, 2:37pm

@mattkime they are just app server logs. I'm not aware of how elasticsearch is set up to ingest these logs.

mattkime · August 10, 2020, 3:23pm

generally speaking, it would be good to break up a string of text into multiple fields.

You need to use Lucene Query syntax to support regex - elastic.co/guide/en/kibana/current/lucene-query.html

Topic		Replies	Views
Regex pattern to search in kibana Kibana	3	1586	May 6, 2020
Search for the logs till specific pattern in Kibana 5.x Kibana	2	444	May 3, 2017
Regex queries don't work in Kibana Kibana	3	861	August 8, 2019
Elastic Search cant find the results from Regex pattern Kibana	2	435	January 4, 2022
Looking for a regex kind of search from kibana dashboard to ES Elasticsearch	2	730	July 6, 2017