The field could also contain information other than the ip address
I wrote the regex (https?://([0-9]{1,3}\.){3}[0-9]{1,3}) and tested it via regex101.
I created a test index to verify the search, inserted in the DSL query returns no results (via Kibana) :
Could you provide a full recreation script as described in About the Elasticsearch category. It will help to better understand what you are doing. Please, try to keep the example as simple as possible.
A full reproduction script is something anyone can copy and paste in Kibana dev console, click on the run button to reproduce your use case. It will help readers to understand, reproduce and if needed fix your problem. It will also most likely help to get a faster answer.
I only changed the regex in ".https?://([0-9]{1,3}\.){3}[0-9]{1,3}.".
And now the mapping of the message field must be updated (from text to wildcard/keyword).
Thank you again.
Have a nice day
Final Solution:
# Create index
DELETE /regex-test
PUT /regex-test
{
"mappings": {
"properties": {
"message": {
"type": "wildcard"
}
}
}
}
# Populate index with some test cases
POST /regex-test/_doc
{
"message": "Correct case https://192.168.1.1/"
}
POST /regex-test/_doc
{
"message": "Correct https://192.168.1.1/second/third"
}
POST /regex-test/_doc
{
"message": "Correct case: http://192.168.1.1"
}
POST /regex-test/_doc
{
"message": "No correct case: 192.168.1.1/"
}
POST /regex-test/_doc
{
"message": "No correct https://www.google.it"
}
# Query
GET /regex-test/_search
{
"query": {
"regexp": {
"message": {
"case_insensitive": true,
"value": ".*https?://([0-9]{1,3}\\.){3}[0-9]{1,3}.*"
}
}
}
}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.