Regex search in message field

rosaLux161 · January 27, 2021, 8:23am

Hello,

because I couldn’t find any info in the documentation, is it possible to use regex search in the message field?

Let’s assume we have a message field containing:

This is number 8748343 just for testing purposes.

Now I have tried all possible search syntax:
message:/This is number .+ just for testing purposes./
message: /This is number .+ just for testing purposes./
message:/This is number .+ just for testing purposes.+/
/This is number .+ just for testing purposes.+/
/This\sis\snumber.+just\sfor\stesting\spurposes.+/

But nothing works. What are my options?

shoothub · January 27, 2021, 9:21am

Graylog by default uses standard analyzer, so i think, that you can’t use your examples.

https://docs.graylog.org/en/4.0/pages/configuration/index_model.html

rosaLux161 · January 27, 2021, 10:59am

I don’t understand the connection between regex search and index configuration. ElasticSearch should support regex search.

dickinsonzach · February 9, 2021, 12:31pm

This: Search query language — Graylog 4.0.0 documentation

References This: Regexp Query | Elasticsearch Reference [5.6] | Elastic

For help with Elastic Search Regular Expression Syntax

#shrug

system · February 23, 2021, 12:32pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Regex Search in message / Chars like ", ==, <=, etc / Problem Graylog Central (peer support)	5	973	October 14, 2019
Regex in Search Field Graylog Central (peer support)	6	1340	September 20, 2018
How use Regex in Graylog Graylog Central (peer support)	5	3644	August 10, 2023
Search with regex for a numeric field Graylog Central (peer support)	4	2328	September 26, 2018
Exclude search results by regular expression Graylog Central (peer support)	9	198	July 15, 2024

Regex search in message field

Related Topics