Kibana正則表達式不工作

Question

我需要從我的日誌中搜索範圍值，但是我的正則表達式在Kibana中不起作用。

/(took":[1-9][0-9][0-9][,])/g 

內容：

{"real_time":"2016-05-03T10:02:13.360Z","content":{"delay":687,"updated":true,"searchItems":{"monitoring_id":"111354","params":{"pass":["111354"],"named":{"d":"2016-04-29|2016-04-30"},"action":"mentions","plugin":null,"controller":"api11","form":[],"url":{"url":"1.1\/mentions\/111354\/","publickey":"yn68FDuQ","time":"1462303544,8356","signature":"102ade1f6749e89be876fdb00a7b9ade","published_date":"2016-04-29|2016-04-30","ipp":"100","page":"14"},"isAjax":false},"source_ids":"","timestamp":"","pagination":"1300, 100","trackerId":"","onlyIds":[],"exceptIds":[],"timezone":"Brazil\/East"},"search":[{"index":"mentions_ro","type":"mention","from":1300,"size":100,"body":{"query":{"bool":{"must":[{"term":{"monitoring.id":"111354"}},{"range":{"published_at":{"gte":"1969-12-31T21:00:00-03:00","lte":"1969-12-31T21:00:00-03:00"}}}]}},"sort":{"published_at":{"order":"desc"}}},"fields":[]}],"response":{"took":500,"timed_out":false,"_shards":{"total":21,"successful":21,"failed":0},"hits":{"total":0,"max_score":null,"hits":[]}}}} 

我的正則表達式然而在這裏工作，：

https://regex101.com/r/pV4mR7/1

觀測數據：

• 我已經試圖逃跑的某些字符
• 如果我期待送到彈性的要求，Kibana使用查詢字符串：

任何提示嗎？

Answer 1

據他們documentation這些字符總是元字符，如果你希望它們當作文字必須進行轉義：

. ? + * | { } [ ] () " \ 

這些字符是在特定模式下的元字符：

@ & < > ~ # 

你不」不需要把逗號放在char類中。

它看起來像你可能無法在搜索框中扔正則表達式。

Kibana僅在_all場相匹配的正則表達式：

嘗試 「檢查」，在你的頁面的元素之一，你會看到_all場硬編碼：

"global": true, 
"facet_filter": { 
    "fquery": { 
    "query": { 
     "filtered": { 
     "query": { 
      "regexp": { 
      "_all": { 
       "value": "category: /pattern/" 

>https://github.com/elastic/kibana/issues/631

試試這個：

(took\":[1-9][0-9][0-9],) 

我不熟悉Elasticsearch或Kibana，但您的查詢可能最終看起來像這樣：

"regexp": { 
"_all": { 
    "value": "category: /(took\":[1-9][0-9][0-9],)/" 
} 
}