Need help to replace regex pattern to a common term in kibana query

keetsraj · November 27, 2019, 10:47am

Hi,

I am new to Kibana log analysis. I have to collect application usage data and I am trying to write a query that does the following work,

Some of the URLs have data embedded in it, thus making it difficult to group the URLs of same functionality together
I have written regex to extract them
Now, I need to replace those matches with a common term
Also, I need to access those values in the query.

How can I achieve this?

Note: I do not have access to logstash or elastic search

markov00 · November 27, 2019, 11:41am

Hi @keetsraj
If you have the right to manage index patterns in kibana you can create an additional scripted field in your index that use the regex to compute a new field with these cleaned URLs.

https://www.elastic.co/guide/en/kibana/current/scripted-fields.html

You will use Lucene or Painless scripting language to accomplish that:
https://www.elastic.co/guide/en/elasticsearch/reference/7.4/modules-scripting-painless.html

You can check also this useful blog post that describe how to use regex in scripted fields:

system · December 25, 2019, 11:55am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.