I'm looking at website requests in my log that shows lots of strings in Kibana 7.0. I want to filter out anything that ends in a file extension, so I have the following regex pattern that should work, \.\w{3,4}$. However, if I put it in the search bar, it doesn't seem to work, I still get results that end with a .png, .css, etc.... If I select Add filter and then Edit as Query DSL, I try the following, but it doesn't let me save the filter. What am I doing wrong? The field is stored as both a keyword and a text field, neither field works.
Not a full answer, but here are a couple of things to bear in mind:
From the docs:
Lucene’s patterns are always anchored. The pattern provided must match the entire string
So your anchoring won't work, your pattern must match the entire string.
The next thing is that I'm not sure \w is supported, you'll need to do something like [a-z].
The next thing is escaping, I've tried to match a "." in a regexp query in kibana but sadly I've not been able to - yet. Hopefully someone else knows how to?
I ended up stumbling onto a regex that works through experimentation. Using the search bar and encasing the regex in /, got me what I wanted. The full query I used was NOT ClientRequestURI.keyword: /.*\..{3,5}/
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.