Problem for using regexp in DSL

Mrzhuang007 · August 13, 2020, 7:00am

ES version: 6.8.6
use something like this

GET _search
{
  "query": {
    "regexp": {
      "message": ".*error.*"
    }
  }
}

I can get some result, for example

 {
        "_index" : "filebeat-6.8.6-2020.08.13",
        "_type" : "doc",
        "_id" : "kiZ45nMBmMXSaaD4Zncy",
        "_score" : 1.0,
        "_source" : {
          "@timestamp" : "2020-08-13T06:18:35.468Z",
          "offset" : 19074,
          "message" : "[22:44:03] [ERROR] COMPILATION ERROR : ",
          "projectName" : "test-job-name",
          "buildNumber" : "1"
        }
      }

when I add the '[' charactor in regexp, it doen't return anything.

GET _search
{
  "query": {
    "regexp": {
      "message": ".*\\[error.*"
    }
  }
}

spinscale · August 13, 2020, 8:07am

One of the tricks here is, that you do not need to use a regular expression query at all. The reason is that a term like error or compilation will be stored in the index and thus made searchable. You can use a regular match query instead and still find your document.

In order to understand how a field is indexed and stored and searched I highly recommend you to read Elasticsearch - The definitive guide, especially the Search in Depth

Despite its age this is still one of the best introductions into this topic.

system · September 10, 2020, 8:07am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to do regex search in ES Elasticsearch	1	341	July 6, 2017
ES regexp not working properly Elasticsearch	4	1219	March 15, 2021
Regexp query for url matching Elasticsearch	4	2242	February 23, 2018
Help: Elasticsearch Regexp query Elasticsearch	7	1285	December 3, 2020
Regexp character '!' doesnt work in ES dsl query even on type set as 'keyword' in mappings Elasticsearch	12	717	September 11, 2018

Problem for using regexp in DSL

Related topics