Perl regex search support in elastic search

Do we have perl regex support in elastic search?

example:
perl regex: [a-z]{3}#\s([x,0-9,H,N,L,^,-]){1,}^\d{2}:\d{2}:\d{2}^\d*((^\d+){1,})((^\d.\d+){1,})
equivalent java regex: [a-z]{1,3}\# {1,}\^[0-9]{1,2}\:[0-9]{1,2}\:[0-9]{1,2}\^[0-9]((\^[0-9]+){1,})((\^[0-9].[0-9]+){1,}).

please suggest if there is any configuration change required.

What are you looking to use regular expressions for? While there is support for running regexp queries in Elasticsearch, these can be very slow and resource intensive.

i have bunch of log files , using logstash to index those into elastic search.
the java regex is working fine when i do a search, but the perl is not.

Maybe you could find a better solution by indexing the documents a different way.

warkolm, can you please suggest some ways?
my search should basically cover perl as well as java regex

What is the actual problem you are trying to solve?

i indexed the data to elastic search via logstash.

when i construct a regex query with the string, "[a-z]{1,3}# {1,}^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}^0-9((^[0-9].[0-9]+){1,})." i am getting back results. this is the java regular expression.

but when i try to do the similar perl expression, i am not getting results. ex: [a-z]{3}#\s([x,0-9,H,N,L,^,-]){1,}^\d{2}:\d{2}:\d{2}^\d*((^\d+){1,})((^\d.\d+){1,})

is there a way , elastic search accepts both type of regex strings for search.

But why are you even running a regexp query at all? What problem does that solve?

Hi,

i am not sure if i understand your question. but in the list of documents, the requirement is to support regular expression / full / wildcard searches.
The regular expression are perfectly working fine, if we construct like this. [a-z]{1,3}# {1,}^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}^0-9((^[0-9].[0-9]+){1,}).

But i realized, users are currently having perl based regular expression. so the equivalent perl regex for the above java regex is below. which is not working
[a-z]{3}#\s([x,0-9,H,N,L,^,-]){1,}^\d{2}:\d{2}:\d{2}^\d*((^\d+){1,})((^\d.\d+){1,})

From users perspective, both the regex (Java/perl) are same and they are expecting results for both.

[a-z]{1,3}# {1,}^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}^0-9((^[0-9].[0-9]+){1,}). (java regex)
[a-z]{3}#\s([x,0-9,H,N,L,^,-]){1,}^\d{2}:\d{2}:\d{2}^\d*((^\d+){1,})((^\d.\d+){1,}) (equivalent perl)

But why does that requirement exist? What search problem is it solving?

it is not solving other any problem. but it just using another functionality provided by Elasticsearch.

if the user construct a regex like.. .*Diag.Version. it will show the results below.

Diagnostic Version^ v123.0.0_PST_MFG123
Diag Turn-in Blog Version 1.0.3
etc..

if the regex is having some digits added, it will still bring back results that contains digits between the document.