Regex Query Not Working

Maxwell_Flanders · December 9, 2016, 3:45am

I'm trying to write a regex query for a log that I know exists, and I was wondering if anyone could help me figure out why it is not functioning ( I am 99.999% sure that the regex is correct.)

Normal Query (to prove log exists):
LOG_MESSAGE: "Event type"

Result:

Regex Query:
LOG_MESSAGE: /Event\stype:\s.*\ssize:\s[0-9]{3,}/

Returns no result.

I have checked the string in the lower logs for leading/trailing whitespace and there are none, so as far as I can tell, this regex should match the later logs at least. Am I missing something in the syntax here? I have no idea what could be going on here.

Thanks!

Joe_Fleming · December 9, 2016, 5:36pm

type != Type

You'll need to make the regexp case insensitive by adding an i at the end. Try using:

LOG_MESSAGE: /Event\stype:\s.*\ssize:\s[0-9]{3,}/i

Maxwell_Flanders · December 10, 2016, 4:32pm

It should still match the lower documents though

Joe_Fleming · December 12, 2016, 5:18pm

Hrm, yeah, I missed the case on the later records. You're right, it should match that. I don't see anything wrong with the regexp in that case.

Believe it or not, the problem may actually be the space between the field name and the regexp.

Try LOG_MESSAGE:/Event\stype:\s.*\ssize:\s[0-9]{3,}/i

Topic		Replies	Views
Regex queries don't appear to work at all in kibana Kibana	3	1495	January 27, 2017
Issue with Regex in Kibana searchbar/query_string Elasticsearch	1	360	June 12, 2018
Regex queries don't work in Kibana Kibana	3	860	August 8, 2019
Using Regex in Query via Kibana Elasticsearch	6	1268	July 6, 2017
Regex Search in Kibana Kibana	2	54022	September 14, 2017

Regex Query Not Working

Related topics