Hi,
My error log contains lines like:
exception 'RedisException' with message '127.0.0.1:13635 connection closed'
The log field in not_analyzed and I'm trying to match the IP and the port using a simple regex but I'm not getting any match.
The regex filter is
message:".'127.0.0.1:[0-9]+ ."
message:".'127\.0\.0\.1:[0-9]+ ."
What am I doing wrong here ? I'm using ES 1.6 with Kibana 4.1.1
According to the query string documentation the regexp must be surrounded by forward slashes. I believe this will work:
message:/.'127.0.0.1:[0-9]+ ./
That said, I think you should use Logstash to parse these strings and extract the information you're interested in to separate fields.
Yes that works. Thank you!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.