Regexp on Standard Analyzer Field

mbrosnan · July 31, 2017, 11:29am

Hi, new to Elasticsearch,

is there any way to do a regex search on a field mapped by a standard analyzer.

 "message" : {
            "type" : "string",
            "analyzer" : "standard"
}

This is a graylog index so I cannot change the analyzer.
Can I change the analyzer in the search query somehow?

Here is a full-text response when just querying ossec with match or match_phrase:

"hosts1 ossec: Alert Level: 5; Rule: 31101 - Web server 400 error code"

I want my query response to show messages with any hostname, and any alert level from 5-9. .. so something like the below.

curl -XPOST 'localhost:9200/graylog_0/_search?pretty' -d '
{"query":
  {"regexp": {"message": {
            "value": ".*ossec: Alert Level: [5-9]"
                        }
            }
  }
}'

Thank you.

system · August 28, 2017, 11:29am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Analyzing URLs for regexp queries Elasticsearch	4	5513	July 6, 2017
Use standard analyzer for specific field in template Elasticsearch	1	322	July 6, 2018
Regex + simple word match Elasticsearch	2	667	July 6, 2017
Indexing and searching for string '?' Elasticsearch	2	320	July 6, 2017
Regex + fixed string match needed Elasticsearch	2	974	July 6, 2017

Regexp on Standard Analyzer Field

Related topics