Query with Regexp and Filter together

davidS · June 8, 2017, 8:11am

Hi,

I have the following query.

GET /logstash-win*/_search
{
  "query": {
    "bool": {
      "must": [
        { "regexp": { "event_data.CommandLine": ".*Hidden.*" }}
      ],
      "filter": [
        { "range": { "@timestamp": {"from": "now-1d", "to": "now" }}}
      ]
    }
  }
}

There exists a Document in my defined time interval with a field 'event_data.CommandLine' wich includes the word 'Hidden'. The Field is from type 'text'.

There exosts also another Dodument with that field with a File Path included like 'ANY.dll'. It will be find by the following regexp.

.*dll.*"

Whats the problem here?

I am using Elasticsearch 5.4 with XPack

Thanks

David

system · July 6, 2017, 8:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to use regexp query filter in ElasticSearch Source Filtering? Elasticsearch	8	3134	April 9, 2018
[Kibana] - Add filter using specific regex Kibana	4	4062	April 12, 2019
Regexp is not working Kibana	2	14	November 4, 2024
Filter logs with only DEBUG in them Kibana	3	1154	July 24, 2018
Elastic Search Regex are not working as expected Elasticsearch	5	57	August 12, 2024

Query with Regexp and Filter together

Related Topics