Regex + simple word match

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Regex + simple word match

Amit-4
The default analyzer is standard. If I change it to keyword I can get regex working. But I want both to work simultaneously.
For ex, Lets say I push this event to elasticsearch via logstash "this is my new string".
In kibana search, 
 If I look for message:"string", it should return me "this is my new string"
 If I look for message:"this.*string", it should return me "this is my new string"

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/319ff9fa-af2b-481f-8124-824dab9df91b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Regex + simple word match

Radu Gheorghe-2
Hi Amit,

You'll probably need to use a multi field (one with standard analyzer, one with keyword analyzer). This should return the string on:

message:"string"

and

message.raw:"this.*string"

Best regards,
Radu
--
Performance Monitoring * Log Analytics * Search Analytics
Solr & Elasticsearch Support * http://sematext.com/


On Tue, Jan 6, 2015 at 10:44 AM, Amit <[hidden email]> wrote:

> The default analyzer is standard. If I change it to keyword I can get regex
> working. But I want both to work simultaneously.
> For ex, Lets say I push this event to elasticsearch via logstash "this is my
> new string".
> In kibana search,
>  If I look for message:"string", it should return me "this is my new string"
>  If I look for message:"this.*string", it should return me "this is my new
> string"
>
> --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [hidden email].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/319ff9fa-af2b-481f-8124-824dab9df91b%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAHXA0_1qaAWH08Q%2B36FYqmNJp_1A50MG3_-D8hPZMCRyeB08TA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.