Ulysses
Reputation: 6025
ElasticSearch: How to apply regular expression on indices
I am trying to restrict the return of a search query to only those indices that start with abc-* pattern.
I tried the following regex but it didn't work.
{
"sort": [
{
"timestamp": {
"order": "desc",
"unmapped_type": "boolean"
}
}
],
"query": {
"filtered": {
"query": {
"query_string": {
"regexp": {
"index": "abc-*"
}
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"timestamp": {
"gte": "now-24h"
}
}
}
]
}
}
}
}
}
Is it possible to use the indices query and apply regex on it? even the following doesn't filter appropriately:
{
"sort": [
{
"timestamp": {
"order": "desc",
"unmapped_type": "boolean"
}
}
],
"query": {
"filtered": {
"query": {
"indices" : {
"query" : { "regexp" : { "index" : "abc-.*" } }
}
},
"filter": {
"bool": {
"must": [
{
"range": {
"timestamp": {
"gte": "now-24h"
}
}
}
]
}
}
}
}
}
Upvotes: 5
Views: 5162
Answers (3)
user3168890
Reputation: 1
The index pattern in the URL only supports native expressions, not regex expressions. It does solve the problem though.
Upvotes: 0
Vijay
Reputation: 5040
Not sure but faced same problem in different case . I think problem with - in "abc-*" .
just replace - with space , it will work
"index": "abc *"
Upvotes: 1
Val
Reputation: 217514
There's a much easier solution simply by means of specifying your index pattern in the URL directly:
POST /abc-*/_search
{
"sort": [
{
"timestamp": {
"order": "desc",
"unmapped_type": "boolean"
}
}
],
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
{
"range": {
"timestamp": {
"gte": "now-24h"
}
}
}
]
}
}
}
}
}
Upvotes: 5
Related Questions
- ElasticSearch and Regex queries
- elasticsearch index template pattern with regex
- Regular expression in elasticsearch
- How do I index regular expressions in Elastic Stack?
- ElasticSearch Regexp in array
- Regular Expressions and Elastic Search
- Using regular expressions in elasticsearch term queries
- searching with regex in elasticsearch
- Elasticsearch Regex Query
- ElasticSearch Regular Expression