Regex 如何在elasticsearch查询中匹配忽略日期和特殊字符的子字符串？_Regex_<img Src="//i.stack.imgur.com/RUiNP.png" Height="16" Width="18" Alt="" Class="sponsor Tag Img">elasticsearch_Escaping_Elastic Stack

Regex 如何在elasticsearch查询中匹配忽略日期和特殊字符的子字符串？

regex

Regex 如何在elasticsearch查询中匹配忽略日期和特殊字符的子字符串？,regex,elasticsearch,escaping,elastic-stack,Regex,elasticsearch,Escaping,Elastic Stack,我有多个这样的日志 message: [2021-04-19T20:32:19,044][ERROR][logstash.pipeline ] Exception in pipelineworker, the pipeline stopped processing new events, please check your filter configuration and restart Logstash. {:pipeline_id=>"my_pipeline_id"

我有多个这样的日志

message: [2021-04-19T20:32:19,044][ERROR][logstash.pipeline ] Exception in pipelineworker, the pipeline stopped processing new events, please check your filter configuration and restart Logstash. {:pipeline_id=>"my_pipeline_id", "exception"=>"undefined method `upcase' for nil:NilClass"

我需要运行一个elasticsearch查询，在我的所有日志中搜索子字符串

未定义的方法“upcase”

目前，我的查询是这样设置的：

"input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",
        "indices": [
          "my-index-name-*"
        ],
        "rest_total_hits_as_int": true,
        "body": {
          "query": {
            "bool": {
              "must": [
                {
                  "regexp": {
                    "message": ".*undefined method.*"
                  }
                },
                {
                  "range": {
                    "@timestamp": {
                      "gte": "now-1w"
                    }
                  }
                }
              ]
            }
          }
        }
      }
    }
  }

如果我搜索其他术语，我会得到想要的结果。但是，我很难匹配通配符或提供regexp