Query with Regexp and Filter together

davidS · June 8, 2017, 8:11am

Hi,

I have the following query.

GET /logstash-win*/_search
{
  "query": {
    "bool": {
      "must": [
        { "regexp": { "event_data.CommandLine": ".*Hidden.*" }}
      ],
      "filter": [
        { "range": { "@timestamp": {"from": "now-1d", "to": "now" }}}
      ]
    }
  }
}

There exists a Document in my defined time interval with a field 'event_data.CommandLine' wich includes the word 'Hidden'. The Field is from type 'text'.

There exosts also another Dodument with that field with a File Path included like 'ANY.dll'. It will be find by the following regexp.

.*dll.*"

Whats the problem here?

I am using Elasticsearch 5.4 with XPack

Thanks

David

system · July 6, 2017, 8:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do I filter a regexp query by timestamp? Elasticsearch	2	1561	August 7, 2018
Regexp query Elasticsearch	1	401	October 23, 2018
Regular Expression doesn't work Elasticsearch	2	376	April 25, 2019
Regex search Elasticsearch	2	557	July 5, 2017
Rexexp query with filtering Elasticsearch	3	344	June 2, 2019

Query with Regexp and Filter together

Related topics