I am trying to find the different kinds of syntax I can give in regex type of query through kibana, but I was not able to find any information on this. I am running logstash and elasticsearch in the backend. Any answer or example will be helpful.
我正在尝试通过kibana查找regex类型查询中可以提供的不同类型的语法,但是我找不到任何相关信息。我在后台运行日志隐藏和弹框搜索。任何答案或例子都是有用的。
1 个解决方案
#1
12
so any regular expressions are valid in grok as well. The regular expression library is Oniguruma.
所以任何正则表达式在grok中都是有效的。正则表达式库是Oniguruma。
I took this from the logstash docs online.
我从网上的日志文件里拿了这个。
Also from [a Google Groups post]: Kibana is a web interface which stay in front of ElasticSearch: to understand the query syntax you have to know something more about Apache Lucene, which is the text search engine used by ElasticSearch.
Kibana是一个web界面,它始终站在ElasticSearch的前面:要理解查询语法,您必须了解更多关于Apache Lucene的知识,这是由ElasticSearch使用的文本搜索引擎。
Here's a small tutorial about the query styles you can use with Lucene and by inheritance with your Kibana web interface:
这里有一个关于查询样式的小教程,您可以使用Lucene,通过继承Kibana web界面:
http://www.lucenetutorial.com/lucene-query-syntax.html This link is dead, I'm not sure but this might be an adequate replacement. (I've saved it into wayback machine as it keeps dying...)
这个链接已经死了,我不确定,但这可能是一个适当的替换。(我把它保存在“回程”机器里,因为它一直在死去……)
See also the official Lucene Query Syntax documentation.
请参见官方的Lucene查询语法文档。
#1
12
so any regular expressions are valid in grok as well. The regular expression library is Oniguruma.
所以任何正则表达式在grok中都是有效的。正则表达式库是Oniguruma。
I took this from the logstash docs online.
我从网上的日志文件里拿了这个。
Also from [a Google Groups post]: Kibana is a web interface which stay in front of ElasticSearch: to understand the query syntax you have to know something more about Apache Lucene, which is the text search engine used by ElasticSearch.
Kibana是一个web界面,它始终站在ElasticSearch的前面:要理解查询语法,您必须了解更多关于Apache Lucene的知识,这是由ElasticSearch使用的文本搜索引擎。
Here's a small tutorial about the query styles you can use with Lucene and by inheritance with your Kibana web interface:
这里有一个关于查询样式的小教程,您可以使用Lucene,通过继承Kibana web界面:
http://www.lucenetutorial.com/lucene-query-syntax.html This link is dead, I'm not sure but this might be an adequate replacement. (I've saved it into wayback machine as it keeps dying...)
这个链接已经死了,我不确定,但这可能是一个适当的替换。(我把它保存在“回程”机器里,因为它一直在死去……)
See also the official Lucene Query Syntax documentation.
请参见官方的Lucene查询语法文档。