regex – How to search a regular expression in OpenSearch

admin

My problem is that trying to recreate pattern from Grafana (Loki aggregator). I’m unable to create same query:

`{pod_labels_app="api"} |= `process_time`!~`"process_time": "\[0-9\].\[0-9\]+\`.

I want to get from json value of process time that is bigger than 1 second.
Here is Lucene OpenSearch Query witch I’m trying to use:

pod_labels.app:"api" AND message:/"process_time": "[1-9][0-9]*\..*"/

Here is the example of the logs in JSON:

"_source": {
     ...
    "message": "{\"level\": \"DEBUG\", \"timestamp\": \"2025-07-24T21:46:03.669326Z\", \"message\": \"Process Time Interceptor\", \"process_time\": \"0.005181312561035156\", \"file\": \"/app/./app/middlewares/utilities.py:162\", \"correlation_id\": \"90b9b91f-c86fb-afd6-c37eb4e5d058\", }",
...
}

Could you please help, maybe I’m missing something?

I tried creating numerous queries and scripts but it haven’t helped me

Read more here: Source link

regex – How to search a regular expression in OpenSearch

admin

My problem is that trying to recreate pattern from Grafana (Loki aggregator). I’m unable to create same query:

`{pod_labels_app="api"} |= `process_time`!~`"process_time": "\[0-9\].\[0-9\]+\`.

I want to get from json value of process time that is bigger than 1 second.
Here is Lucene OpenSearch Query witch I’m trying to use:

pod_labels.app:"api" AND message:/"process_time": "[1-9][0-9]*\..*"/

Here is the example of the logs in JSON:

"_source": {
     ...
    "message": "{\"level\": \"DEBUG\", \"timestamp\": \"2025-07-24T21:46:03.669326Z\", \"message\": \"Process Time Interceptor\", \"process_time\": \"0.005181312561035156\", \"file\": \"/app/./app/middlewares/utilities.py:162\", \"correlation_id\": \"90b9b91f-c86fb-afd6-c37eb4e5d058\", }",
...
}

Could you please help, maybe I’m missing something?

I tried creating numerous queries and scripts but it haven’t helped me

Read more here: Source link

regex – How to search a regular expression in OpenSearch

admin

My problem is that trying to recreate pattern from Grafana (Loki aggregator). I’m unable to create same query:

`{pod_labels_app="api"} |= `process_time`!~`"process_time": "\[0-9\].\[0-9\]+\`.

I want to get from json value of process time that is bigger than 1 second.
Here is Lucene OpenSearch Query witch I’m trying to use:

pod_labels.app:"api" AND message:/"process_time": "[1-9][0-9]*\..*"/

Here is the example of the logs in JSON:

"_source": {
     ...
    "message": "{\"level\": \"DEBUG\", \"timestamp\": \"2025-07-24T21:46:03.669326Z\", \"message\": \"Process Time Interceptor\", \"process_time\": \"0.005181312561035156\", \"file\": \"/app/./app/middlewares/utilities.py:162\", \"correlation_id\": \"90b9b91f-c86fb-afd6-c37eb4e5d058\", }",
...
}

Could you please help, maybe I’m missing something?

I tried creating numerous queries and scripts but it haven’t helped me

Read more here: Source link