kechem
July 10, 2019, 10:33am
1
I have tried several combinations but cannot get regex queries to match the desired search string(s).
Sample extract:[market-feed-render-4][user=xx.Xxxxx.Xxxx] [OUT] {"payload":{"id":"1562500842791.7273668","timestamp":"2019-07-09T15:25:39.303Z","messages": [guiapi-msg-processors-4][user=XX.XXXX] [ IN] {"payload":{"command":{"requestContext":"clob2","commandName":"metrics","commandSubType":"UIResourceUsage","commandParams":{"metrics":
Query:index: et-ustlog* AND logMessage:/\[\s*[A-Z]+\]\ \{\"payload\"\:/
Expectation is to match below strings:
Note: Relevant field "logMessage" is not analyzed, and i have also attempted escaping the square brackets but no luck
Somebody help please.
I like to use https://regex101.com/ when building regex. You can test your regex against some sample messages to ensure it works as expected.
Another suggestion is to break the message into fields at ingest. This will give you fields to query against and avoid regex altogether.
kechem
July 11, 2019, 7:40am
3
Thanks Nathan. My Regex is absolutely fine, see here too: https://regex101.com/r/EvWd3Q/1
If it turns out one cannot query data in ElasticSearch via Kibana using regex, it would be a fundamental flaw for such a search and analysis tool.
I know as a workaround I can break up my search but that's just not efficient.
system
August 8, 2019, 7:40am
4
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.