Regex queries don't appear to work at all in kibana

Maxwell_Flanders · December 29, 2016, 3:51pm

I have been having a lot of problems getting any regex queries to work at all from kibana.

We have a field with an exact string value of "Expected group query to return a single result but instead got 1261". The field is non-analyzed.

Our query is:

MICROSERVICE_NAME: directory-push* AND NOT LOG_MESSAGE: "Attempted to poll" AND NOT LOG_MESSAGE: "Unable to connect to:" AND EX_MSG: /Expected.*/

The first 3 pieces are regular string queries, and the last piece is a regex query. I believe my syntax is correct, encapsulating the regex in forward slashes but the query fails to return results, and when i remove the regex piece, I can clearly see the rows it should match.

Any thoughts on what could be wrong here?? The only thing that I can think of is that there is some syntax error somewhere when i am joining the clauses together in the search bar, as the regex itself should be working...

I've also tested the regex with an anchor (i.e. /^Expected.*/) with no luck. Also, I was originally using a much more complicated regex, this is a much simplified one in the interests of getting a regex query to work at all.

Thanks!

Stacey_Gammon · December 29, 2016, 4:27pm

Very strange, regular expressions like that should work, and it works when I test it on my local version. Which version are you running? Does it work if all you do is query EX_MSG:/Expected.*/ ? What if you try /.*/ which should match everything, are any results shown? Do any other fields match if you try a regexp like /.*/ ?

Maxwell_Flanders · December 30, 2016, 5:25pm

I'm using kibana 4.4, and even /.*/ returns nothing. When I go to check the actual request json body, it does not show itself as interpreting the slashes as a regex query - it is still match, query_string.

system · January 27, 2017, 5:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.