Regex Search in Kibana

Kevin_Wiegand · August 17, 2017, 2:13pm

Hey there,
i want to do a Regex based Search on Kibana, i've read the Regex Instruction for Kibana an Lucene but i can't get my Search or Query to work.

I want to find each entry which begins with "Login 123456"(<-6 Digits vom 0-9)in the logmsg field.

So i tried this but there are no Search results.

logmsg:/Login [0-9]{6}/

I also tried Searching by a Custom Query but same result:

{
    "query": {
        "regexp":{
            "logmsg":"/Login [0-9]{6}/"
            }
        }
    }
}

Thanks for your Help!

BigFunger · August 17, 2017, 3:23pm

I assume that the problem is that the logmsg field is an analyzed text field. So the space doesn't actually exist in the indexed data. The regex you write needs to match a single token that was generated by the tokenizer for your field.

You could accomplish something similar by checking for both terms, but I'm not sure that accomplishes exactly what you want: (note the lower-case L which is how the token gets formatted)

  "query": {
    "bool": {
      "must": [
        {
          "regexp":{
            "logmsg":"[0-9]{6}"
            }
        },
        {
          "regexp":{
            "logmsg":"login"
            }
        }
      ]
    }
  }

If you instead index your field as a keyword instead of a text field, then you can write your regular expression as you would expect:

system · September 14, 2017, 3:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to search Regular expressions in Kibana 7.5 Kibana	3	1081	March 2, 2020
Regex pattern to search in kibana Kibana	3	1045	May 6, 2020
Issues with Regex in Kibana Kibana	3	1495	February 28, 2019
KIbana Query: regexp of 10 numbers Kibana	5	5536	March 4, 2020
Regex queries don't work in Kibana Kibana	3	747	August 8, 2019

Regex Search in Kibana

Related topics