Query with Regexp and Filter together

davidS · June 8, 2017, 8:11am

Hi,

I have the following query.

GET /logstash-win*/_search
{
  "query": {
    "bool": {
      "must": [
        { "regexp": { "event_data.CommandLine": ".*Hidden.*" }}
      ],
      "filter": [
        { "range": { "@timestamp": {"from": "now-1d", "to": "now" }}}
      ]
    }
  }
}

There exists a Document in my defined time interval with a field 'event_data.CommandLine' wich includes the word 'Hidden'. The Field is from type 'text'.

There exosts also another Dodument with that field with a File Path included like 'ANY.dll'. It will be find by the following regexp.

.*dll.*"

Whats the problem here?

I am using Elasticsearch 5.4 with XPack

Thanks

David

system · July 6, 2017, 8:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do I filter a regexp query by timestamp? Elasticsearch	2	1611	August 7, 2018
Rexexp query with filtering Elasticsearch	3	351	June 2, 2019
Filtering by date and time as different fields Elasticsearch	10	13294	July 5, 2017
Regex queries possible? Elasticsearch	3	328	July 6, 2017
Regexp filter elasticsearch 1.7 not working as expected Elasticsearch	2	645	July 5, 2017

Query with Regexp and Filter together

Related topics