regex – Kibana Regular expression search

regex – Kibana Regular expression search

Im not sure offhand why that regex query wouldnt be working but I believe Kibana is using Elasticsearchs query string query documented here so for instance you could do a phrase query (documented in the link) by putting your search in double quotes and it would look for the word foo followed by bar. This would perform better too since you would do this on your analyzed field (my_field) where it has tokenized each word to perform fast lookups. So you search in Kibana would be:

my_field: FOO BAR


Looks like this is an annoying quirk of Kibana (probably for backwards compatability reasons). Anyway, this isnt matching for you because youre searching against a non-analyzed field and apparently Kibana by default is lowercasing the search therefore it wont match the the non-analyzed uppercase FOO. You can configure this in Kibana advanced settings mentioned here, specifically by setting the configuration option lowercase_expanded_terms to false.

Kibana’s standard query language is based on Lucene query syntax.

And the default analyzer will tokenize the text to different words: [MY, FOO, WORD, BAR, EXAMPLE]

Instead of using regex match, you can try the following search string in Kibana:

my_field: FOO AND my_field: BAR

And if your my_field data looks like MYFOOWORDBAREXAMPLE,which can not be tokenized, you should use the query string:

my_field: *FOO*BAR*

regex – Kibana Regular expression search

GET /_search
    query: {
        regexp: {
            user: {
                value: k.*y,
                flags : ALL,
                max_determinized_states: 10000,
                rewrite: constant_score

More details on here

Leave a Reply

Your email address will not be published.