Regex Query Not Working

Maxwell_Flanders · December 9, 2016, 3:45am

I'm trying to write a regex query for a log that I know exists, and I was wondering if anyone could help me figure out why it is not functioning ( I am 99.999% sure that the regex is correct.)

Normal Query (to prove log exists):
LOG_MESSAGE: "Event type"

Result:

Regex Query:
LOG_MESSAGE: /Event\stype:\s.*\ssize:\s[0-9]{3,}/

Returns no result.

I have checked the string in the lower logs for leading/trailing whitespace and there are none, so as far as I can tell, this regex should match the later logs at least. Am I missing something in the syntax here? I have no idea what could be going on here.

Thanks!

Joe_Fleming · December 9, 2016, 5:36pm

type != Type

You'll need to make the regexp case insensitive by adding an i at the end. Try using:

LOG_MESSAGE: /Event\stype:\s.*\ssize:\s[0-9]{3,}/i

Maxwell_Flanders · December 10, 2016, 4:32pm

It should still match the lower documents though

Joe_Fleming · December 12, 2016, 5:18pm

Hrm, yeah, I missed the case on the later records. You're right, it should match that. I don't see anything wrong with the regexp in that case.

Believe it or not, the problem may actually be the space between the field name and the regexp.

Try LOG_MESSAGE:/Event\stype:\s.*\ssize:\s[0-9]{3,}/i

system · January 9, 2017, 5:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Regex queries don't appear to work at all in kibana Kibana	3	1423	January 27, 2017
Regexp not working in nested query Kibana	4	479	November 9, 2021
Trouble with Kibana Regex querys Kibana	4	315	June 2, 2021
Regex Search in Kibana Kibana	2	53786	September 14, 2017
Regex queries don't work in Kibana Kibana	3	750	August 8, 2019

Regex Query Not Working

Related topics