Trouble with Kibana Regex querys

I'm trying to write a regex query to pick up on basic ssn and sin data in a query but any time i add a tiny bit of complexity the query can't pick up any data. I've wrote this query in things like devo and syslog(and online resources like regex101) with the correct results for our data logs but when it comes to kibana it just fails as soon as I use brackets.

Query I have been trying:

    "regexp": {
      "textmsg": {
        "value": "(ssn|sin)(\\s+|:|=)?\\d|(social|Social)(\\s+|_)?(security|Security)",
        "flags": "ALL",
        "case_insensitive": true

Does this query work when you try it in dev tools / console?

I tried your suggestion and no it does not work, I also just tried


It returns results, but they're completely incorrect to the search query.

I think i replied to myself. I sent a response above

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.