Kibana 中的正则表达式问题 [英] Issues with regex in Kibana

问题描述

我很难在 Kibana/Elasticsearch 6.5.4 版中使用正则表达式模式.我正在搜索的字段具有以下映射:

字段":{"类型": "文本","analyzer": "custom_analyzer"},

当直接向elasticsearch请求时，此字段中的正则表达式搜索会返回多个命中:

GET/my_index/_search{询问": {正则表达式":{字段":abc[0-9]{4}"}}}

另一方面，在 Kibana 的发现/仪表板页面中，以下所有查询都返回空:

原始查询 - field:/abc[0-9]{4}/

转义查询 - field:/abc[0-9]{4}/

绝望的查询 - field:/.*/

检查 kibana 向 elasticsearch 发出的请求显示以下查询:

 "查询": {布尔":{必须": [{请求参数": {"query": "field:/abc[0-9]{4}/",analyze_wildcard":真，默认字段":*"}}

我希望 kibana 理解双正斜杠语法 /my_query/ 并进行regexp query"而不是query_string".我已经尝试过这两种查询语言:lucene"、kuery"和可选的实验查询功能"启用/禁用.

进一步挖掘我发现

以下是在查询 JSON 中放入内容的示例 -

<代码>{正则表达式":{"req.url.keyword": "/question/[0-9]+/answer"}}

我的数据中的示例网址 - /questions/432142/answer

除此之外，您还可以使用 Kibana 搜索(Lucene 语法)编写更多过滤器

它进行适当的搜索，没有逃避问题或任何类似的事情.

希望有帮助.

I am having a hard time using a regex pattern inside Kibana/Elasticsearch version 6.5.4. The field I am searching for has the following mapping:

"field": {
          "type": "text",
          "analyzer": "custom_analyzer"
        },

Regex searches in this field return several hits when requested straight to elasticsearch:

GET /my_index/_search
{
    "query": {
        "regexp":{
            "field": "abc[0-9]{4}"
        }
    }
}

On the other hand, in Kibana's discover/dashboard pages all queries below return empty:

original query - field:/abc[0-9]{4}/

scaped query - field:/abc[0-9]{4}/

desperate query - field:/.*/

Inspecting the request done by kibana to elasticsearch reveals the following query:

  "query": {
    "bool": {
      "must": [
        {
          "query_string": {
            "query": "field:/abc[0-9]{4}/",
            "analyze_wildcard": true,
            "default_field": "*"
          }
        }

I expected kibana to understand the double forward slash syntax /my_query/ and make a ´regexp query´ instead of a ´query_string´. I have tried this with both query languages: "lucene", "kuery" and with the optional "experimental query features" enabled/disabled.

Digging further I found this old issue which says that elastic only runs regex into the now deprecated _all field. If this still holds true I am not sure how regex work in kibana/elastic 6.X.

What am I missing? Any help in clarifying the conditions to use regex in Kibana would be much appreciated

All other stack questions in this subject are either old or were related to syntax issues and/or lack of understanding of how the analyzer deals with whitespaces and did not provide me any help.

解决方案

So I don't exactly have the answer on how to make Lucene work with Regexp search in Kibana. But I figured out a way to do this in Kibana.

Solution is to use Filter with custom DSL

Here is an example of what to put in Query JSON -

{
    "regexp": {
        "req.url.keyword": "/question/[0-9]+/answer"
    }
}

Example Url I have in my data - /questions/432142/answer

Additional to this, you can write more filters using Kibana search (Lucene syntax)

It does the appropriate search, no escaping issue or any such thing.

Hope it helps.

这篇关于Kibana 中的正则表达式问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！