Regex search not working on not_analyzed field

bikrant · June 30, 2015, 7:24am

Hi,
My error log contains lines like:

exception 'RedisException' with message '127.0.0.1:13635 connection closed'

The log field in not_analyzed and I'm trying to match the IP and the port using a simple regex but I'm not getting any match.
The regex filter is

message:".'127.0.0.1:[0-9]+ ."
message:".'127\.0\.0\.1:[0-9]+ ."

What am I doing wrong here ? I'm using ES 1.6 with Kibana 4.1.1

magnusbaeck · June 30, 2015, 7:52am

According to the query string documentation the regexp must be surrounded by forward slashes. I believe this will work:

message:/.'127.0.0.1:[0-9]+ ./

That said, I think you should use Logstash to parse these strings and extract the information you're interested in to separate fields.

bikrant · June 30, 2015, 6:39pm

Yes that works. Thank you!

Topic		Replies	Views
Regex search not working Kibana	4	2114	July 6, 2017
Issue with regular expressions Kibana	6	392	July 2, 2020
Regex queries don't work in Kibana Kibana	3	745	August 8, 2019
Ad hoc query regex (this time with sample data) Kibana	9	1102	January 13, 2018
How to search Regular expressions in Kibana 7.5 Kibana	3	1078	March 2, 2020