Perl regex search support in elastic search

subbu.nv · August 17, 2016, 4:26pm

Do we have perl regex support in elastic search?

example:
perl regex: [a-z]{3}#\s([x,0-9,H,N,L,^,-]){1,}^\d{2}:\d{2}:\d{2}^\d*((^\d+){1,})((^\d.\d+){1,})
equivalent java regex: [a-z]{1,3}\# {1,}\^[0-9]{1,2}\:[0-9]{1,2}\:[0-9]{1,2}\^[0-9]((\^[0-9]+){1,})((\^[0-9].[0-9]+){1,}).

please suggest if there is any configuration change required.

Christian_Dahlqvist · August 17, 2016, 4:33pm

What are you looking to use regular expressions for? While there is support for running regexp queries in Elasticsearch, these can be very slow and resource intensive.

subbu.nv · August 17, 2016, 5:09pm

i have bunch of log files , using logstash to index those into elastic search.
the java regex is working fine when i do a search, but the perl is not.

warkolm · August 17, 2016, 9:10pm

Maybe you could find a better solution by indexing the documents a different way.

subbu.nv · August 17, 2016, 11:41pm

warkolm, can you please suggest some ways?
my search should basically cover perl as well as java regex

warkolm · August 17, 2016, 11:42pm

What is the actual problem you are trying to solve?

subbu.nv · August 17, 2016, 11:45pm

i indexed the data to elastic search via logstash.

when i construct a regex query with the string, "[a-z]{1,3}# {1,}^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}^0-9((^[0-9].[0-9]+){1,})." i am getting back results. this is the java regular expression.

but when i try to do the similar perl expression, i am not getting results. ex: [a-z]{3}#\s([x,0-9,H,N,L,^,-]){1,}^\d{2}:\d{2}:\d{2}^\d*((^\d+){1,})((^\d.\d+){1,})

is there a way , elastic search accepts both type of regex strings for search.

warkolm · August 18, 2016, 1:29am

But why are you even running a regexp query at all? What problem does that solve?

subbu.nv · August 19, 2016, 5:49am

Hi,

i am not sure if i understand your question. but in the list of documents, the requirement is to support regular expression / full / wildcard searches.
The regular expression are perfectly working fine, if we construct like this. [a-z]{1,3}# {1,}^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}^0-9((^[0-9].[0-9]+){1,}).

But i realized, users are currently having perl based regular expression. so the equivalent perl regex for the above java regex is below. which is not working
[a-z]{3}#\s([x,0-9,H,N,L,^,-]){1,}^\d{2}:\d{2}:\d{2}^\d*((^\d+){1,})((^\d.\d+){1,})

From users perspective, both the regex (Java/perl) are same and they are expecting results for both.

[a-z]{1,3}# {1,}^[0-9]{1,2}:[0-9]{1,2}:[0-9]{1,2}^0-9((^[0-9].[0-9]+){1,}). (java regex)
[a-z]{3}#\s([x,0-9,H,N,L,^,-]){1,}^\d{2}:\d{2}:\d{2}^\d*((^\d+){1,})((^\d.\d+){1,}) (equivalent perl)

warkolm · August 19, 2016, 6:18am

But why does that requirement exist? What search problem is it solving?

subbu.nv · August 19, 2016, 6:48pm

it is not solving other any problem. but it just using another functionality provided by Elasticsearch.

if the user construct a regex like.. .*Diag.Version. it will show the results below.

Diagnostic Version^ v123.0.0_PST_MFG123
Diag Turn-in Blog Version 1.0.3
etc..

if the regex is having some digits added, it will still bring back results that contains digits between the document.

Topic		Replies	Views
Search by Perl regular expression (pcre) Elasticsearch	2	954	July 5, 2017
From Elasticsearch Regex to Java Pattern Elasticsearch	2	1242	March 23, 2017
Support for Anchoring in Elasticsearch Regex Elasticsearch	2	1642	July 6, 2017
Regexp in searching for aliases Elasticsearch	6	1653	February 27, 2018
Regexp for Mac Addresses Elasticsearch	4	1435	July 11, 2019

Perl regex search support in elastic search

Related topics