Regex search not working on not_analyzed field

bikrant · June 30, 2015, 7:24am

Hi,
My error log contains lines like:

exception 'RedisException' with message '127.0.0.1:13635 connection closed'

The log field in not_analyzed and I'm trying to match the IP and the port using a simple regex but I'm not getting any match.
The regex filter is

message:".'127.0.0.1:[0-9]+ ."
message:".'127\.0\.0\.1:[0-9]+ ."

What am I doing wrong here ? I'm using ES 1.6 with Kibana 4.1.1

magnusbaeck · June 30, 2015, 7:52am

According to the query string documentation the regexp must be surrounded by forward slashes. I believe this will work:

message:/.'127.0.0.1:[0-9]+ ./

That said, I think you should use Logstash to parse these strings and extract the information you're interested in to separate fields.

bikrant · June 30, 2015, 6:39pm

Yes that works. Thank you!

Topic		Replies	Views
Regex search not working Kibana	4	2114	July 6, 2017
Issues with Regex in Kibana Kibana	3	1498	February 28, 2019
Regex is not working Elasticsearch	4	4653	July 6, 2017
Kibana Search - Regex Kibana	2	931	August 6, 2018
Issue with Regex in Kibana searchbar/query_string Elasticsearch	1	333	June 12, 2018