# Regex Query Syntax Examples in Kibana Using regular expressions (regex) in Kibana can enhance your ability to query and filter logs and data effectively. Kibana supports regex in its query DSL, particularly in the `query_string` and `wildcard` queries. Below are some examples of how to use regex queries in Kibana, including the syntax and explanations. ### Example 1: Simple Regex Query To find documents where the `message` field contains the word "error" followed by any characters: ```json { "query": { "regexp": { "message": ".*error.*" } } } ``` ### Example 2: Match Specific Patterns To match logs that start with "User" and end with a digit: ```json { "query": { "regexp": { "username": "User.*[0-9]$" } } } ``` ### Example 3: Using Query String with Regex Using the `query_string` syntax allows you to combine multiple criteria, including regex. This example retrieves logs where the `status` is either "success" or "error": ```json { "query": { "query_string": { "query": "status:(success OR error) AND message:/.*timeout.*/" } } } ``` ### Example 4: Match Email Addresses To find documents with a valid email format in the `email` field: ```json { "query": { "regexp": { "email": "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\\\.[a-zA-Z]{2,}$" } } } ``` ### Example 5: Using Wildcard Query with Regex-Like Patterns You can also use wildcard queries, though they're not true regex. This example finds logs with `request` field values that start with "GET" and have any characters following: ```json { "query": { "wildcard": { "request": "GET*" } } } ``` ### Example 6: Combine Regex with Other Filters Combining regex with other filters is useful for more complex queries. This example finds logs where the `ip_address` matches a specific pattern and `status` is "failed": ```json { "query": { "bool": { "must": [ { "regexp": { "ip_address": "^(192\\\\.168\\\\.1\\\\.[0-9]{1,3})$" } }, { "term": { "status": "failed" } } ] } } } ``` ### Example 7: Excluding Specific Patterns To find logs where the `message` does not contain the word "debug": ```json { "query": { "bool": { "must_not": { "regexp": { "message": ".*debug.*" } } } } } ``` ### Tips for Using Regex in Kibana 1. **Performance Considerations**: Regex can be resource-intensive, especially on large datasets. Use specific patterns to limit the number of matches. 2. **Escape Special Characters**: When writing regex, remember to escape special characters (e.g., `.` as `\\\\.`). 3. **Test Your Queries**: Use Kibana’s Dev Tools console to test and refine your regex queries before implementing them in visualizations or dashboards. ### Conclusion Using regex in Kibana allows for powerful querying capabilities, enabling you to filter and analyze your log data effectively. By leveraging the examples provided, you can craft regex queries tailored to your specific use cases, improving your data exploration and monitoring efforts.