问题描述

我在Kibana/Elasticsearch 6.5.4版中使用正则表达式模式时遇到了麻烦.我要搜索的字段具有以下映射:

I am having a hard time using a regex pattern inside Kibana/Elasticsearch version 6.5.4. The field I am searching for has the following mapping:

"field": {
          "type": "text",
          "analyzer": "custom_analyzer"
        },

在直接向elasticsearch请求时，此字段中的正则表达式搜索会返回多个匹配项:

Regex searches in this field return several hits when requested straight to elasticsearch:

GET /my_index/_search
{
    "query": {
        "regexp":{
            "field": "abc[0-9]{4}"
        }
    }
}

另一方面，在Kibana的发现/仪表板页面中，以下所有查询均返回空:

On the other hand, in Kibana's discover/dashboard pages all queries below return empty:

原始查询-field:/abc[0-9]{4}/

转义查询-field:/abc\[0\-9\]\{4\}/

绝望查询-field:/.*/

检查kibana对elasticsearch的请求会显示以下查询:

Inspecting the request done by kibana to elasticsearch reveals the following query:

  "query": {
    "bool": {
      "must": [
        {
          "query_string": {
            "query": "field:/abc[0-9]{4}/",
            "analyze_wildcard": true,
            "default_field": "*"
          }
        }

我希望kibana能够理解双斜杠语法/my_query/，并进行"regexp查询"而不是"query_string".我已经尝试使用以下两种查询语言:"lucene"，"kuery"和启用/禁用实验性查询功能"的可选功能.

I expected kibana to understand the double forward slash syntax /my_query/ and make a ´regexp query´ instead of a ´query_string´. I have tried this with both query languages: "lucene", "kuery" and with the optional "experimental query features" enabled/disabled.

进一步挖掘，我发现这个旧问题，它说弹性只在正则表达式中运行现已弃用的_all字段.如果这仍然成立，我不确定正则表达式在kibana/elastic 6.X中如何工作.

Digging further I found this old issue which says that elastic only runs regex into the now deprecated _all field. If this still holds true I am not sure how regex work in kibana/elastic 6.X.

我想念什么?

该主题中的所有其他堆栈问题都已过时，或者与语法问题有关，并且/或者缺乏对分析器如何处理空格的理解，没有提供任何帮助.

All other stack questions in this subject are either old or were related to syntax issues and/or lack of understanding of how the analyzer deals with whitespaces and did not provide me any help.

推荐答案

因此，我对如何使Lucene与Kibana中的Regexp搜索配合使用并没有确切的答案.但是我想出了一种在Kibana中做到这一点的方法.

So I don't exactly have the answer on how to make Lucene work with Regexp search in Kibana. But I figured out a way to do this in Kibana.

解决方案是将过滤器与自定义DSL一起使用

以下是在查询JSON中添加内容的示例-

Here is an example of what to put in Query JSON -

{
    "regexp": {
        "req.url.keyword": "/question/[0-9]+/answer"
    }
}

我的数据中包含示例网址-/questions/432142/answer

Example Url I have in my data - /questions/432142/answer

此外，您可以使用Kibana搜索(Lucene语法)编写更多过滤器

Additional to this, you can write more filters using Kibana search (Lucene syntax)

它会进行适当的搜索，没有转义问题或任何此类事情.

It does the appropriate search, no escaping issue or any such thing.

希望有帮助.