I'm trying to write a regex query to pick up on basic ssn and sin data in a query but any time i add a tiny bit of complexity the query can't pick up any data. I've wrote this query in things like devo and syslog(and online resources like regex101) with the correct results for our data logs but when it comes to kibana it just fails as soon as I use brackets.
Query I have been trying:
"regexp": {
"textmsg": {
"value": "(ssn|sin)(\\s+|:|=)?\\d|(social|Social)(\\s+|_)?(security|Security)",
"flags": "ALL",
"case_insensitive": true
}
}
}