Trouble with Kibana Regex querys

lpnewell · May 3, 2021, 2:49pm

I'm trying to write a regex query to pick up on basic ssn and sin data in a query but any time i add a tiny bit of complexity the query can't pick up any data. I've wrote this query in things like devo and syslog(and online resources like regex101) with the correct results for our data logs but when it comes to kibana it just fails as soon as I use brackets.

Query I have been trying:

    "regexp": {
      "textmsg": {
        "value": "(ssn|sin)(\\s+|:|=)?\\d|(social|Social)(\\s+|_)?(security|Security)",
        "flags": "ALL",
        "case_insensitive": true
      }
    }
  }

lukas · May 4, 2021, 8:33pm

Does this query work when you try it in dev tools / console?

lpnewell · May 5, 2021, 1:30pm

lpnewell:

    "regexp": {
      "textmsg": {
        "value": "(ssn|sin)(\\s+|:|=)?\\d|(social|Social)(\\s+|_)?(security|Security)",
        "flags": "ALL",
        "case_insensitive": true
      }
    }

I tried your suggestion and no it does not work, I also just tried

.*(ssn|sin)(\s+|:|=)?\d|(social|Social)(\s+|_)?(security|Security).*

It returns results, but they're completely incorrect to the search query.

lpnewell · May 5, 2021, 1:31pm

I think i replied to myself. I sent a response above

system · June 2, 2021, 1:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.