Hello everyone, I need some help getting regular expressions to work in Kibana please. I've tried several things that I thought would work, and none did. I must be missing something basic. :)
I have events in ES that contain a field called "event_detail". Here are two examples: Success|I:0,C:true,FPLOS:00000000000000000000000000000000,P:14000.00,RUID:o3YdgA Fail|C:false,MinS:0,MaxS:45,MinSA:0,MaxSA:0,CTA:false,P:0,RUID:+CxQyQ I'd like to pull out records that contain "Fail" and an "RUID" of o3YdgA. First I tried *just* getting "Fail" records by: Adding a Filter of: event_detail:"Fail"* (Success records were still in the results) Adding a Query of: event_detail:"Fail"* (Success records were still in the results) Adding a Filter of: event_detail:/Fail/* (Success records were still in the results) Adding a Filter of: event_detail:/Fail\|+/ (Returned no results at all) Adding a Filter of: event_detail:/(Fail\|)+/ (Return no results at all) Then I ran out of ideas. :S Can someone point me to why this is not working? Then I'd like to add the additional filter of the event_detail containing a particular RUID string match as well. Very much appreciate any help! Thank you for your time. Chris -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAND3DphaQtbZXpGS13AT9MP906xWrGQxwQqyZBrruOerwyi5EQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
