Hi All,
I have this query that I am working on:
GET web-jsp-2017.10.04/_search
{
"query" : {
"regexp": {
"stacktrace":{
"value" : "java.net.socket.+",
"flags": "ALL"
}
}
}
}
This will return this as a result
{
"_index": "web-jsp-2017.10.04",
"_source": {
"container": "px-web-jsp",
"source_host": "bos1px-app1",
"level": "ERROR",
"exception_class": "java.net.SocketTimeoutException",
"message": "Could not obtain raw response from reporting service",
"mdc": {},
"exception_message": "Read timed out",
"path": "/es_data1/prodcburke_data/app1",
"@timestamp": "2017-10-04T14:09:29.861Z",
"stacktrace": """
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
...
This is great, however, I want my queries to be able to find only stacktrace fields that would match a grep such as
grep 'java.net.SocketTimeoutException(.+\n)+.+java:152.+'
If I put that regex into the "value" field in my query above I get no results back. Could someone help me figure out what I am doing wrong? I just want to search through my index using regex.
(For those interested, I will actually be using this query to delete docs that match a blacklist I maintain which is composed of several hundred regexes)