Regex queries don't work in Kibana

kechem · July 10, 2019, 10:33am

I have tried several combinations but cannot get regex queries to match the desired search string(s).

Sample extract:
[market-feed-render-4][user=xx.Xxxxx.Xxxx] [OUT] {"payload":{"id":"1562500842791.7273668","timestamp":"2019-07-09T15:25:39.303Z","messages": [guiapi-msg-processors-4][user=XX.XXXX] [ IN] {"payload":{"command":{"requestContext":"clob2","commandName":"metrics","commandSubType":"UIResourceUsage","commandParams":{"metrics":

Query:
index: et-ustlog* AND logMessage:/\[\s*[A-Z]+\]\ \{\"payload\"\:/

Expectation is to match below strings:
[OUT] {"payload":
[ IN] {"payload":

Note: Relevant field "logMessage" is not analyzed, and i have also attempted escaping the square brackets but no luck

Somebody help please.

Nathan_Reese · July 10, 2019, 8:59pm

I like to use https://regex101.com/ when building regex. You can test your regex against some sample messages to ensure it works as expected.

Another suggestion is to break the message into fields at ingest. This will give you fields to query against and avoid regex altogether.

kechem · July 11, 2019, 7:40am

Thanks Nathan. My Regex is absolutely fine, see here too: https://regex101.com/r/EvWd3Q/1

If it turns out one cannot query data in ElasticSearch via Kibana using regex, it would be a fundamental flaw for such a search and analysis tool.

I know as a workaround I can break up my search but that's just not efficient.

Topic		Replies	Views
Regex queries don't appear to work at all in kibana Kibana	3	1497	January 27, 2017
Using Regex in Query via Kibana Elasticsearch	6	1274	July 6, 2017
Kibana Discovery Regex Kibana	4	12956	October 25, 2019
Issue with Regex in Kibana searchbar/query_string Elasticsearch	1	361	June 12, 2018
Regex pattern to search in kibana Kibana	3	1582	May 6, 2020

Regex queries don't work in Kibana

Related topics