Elasticsearch: EQL: Regex character classes are not supported

Created on 15 Apr 2020  路  4Comments  路  Source: elastic/elasticsearch

In the Python implementation, the EQL match function supports shorthand character classes for regular expressions (e.g., [\s], [\w], [\d]).

In the Elasticsearch implementation, the match function is converted into a SQL RLIKE function. The RLIKE function is then converted into a regexp query that uses Lucene's regular expression engine.

However, Lucene's regular expression syntax does _not_ support these character classes.

Next steps

We should discuss whether it is reasonable to add support for shorthand character classes in Elasticsearch.

At the least, we should update the documentation for the EQL match function and the SQL RLIKE function to note that character classes are not supported and point users to our regexp syntax documentation.

:Query LanguageEQL :SearcSearch QL Search
Source
picture jrodewig

Most helpful comment

I opened a Lucene issue to discuss.

picture markharwood on 21 Apr 2020
3

All 4 comments

Pinging @elastic/es-docs (>docs)

elasticmachine picture elasticmachine on 15 Apr 2020

Pinging @elastic/es-search (:Search/Search)

elasticmachine picture elasticmachine on 15 Apr 2020

Pinging @elastic/es-ql (:Query Languages/EQL)

elasticmachine picture elasticmachine on 15 Apr 2020

I opened a Lucene issue to discuss.

markharwood picture markharwood on 21 Apr 2020
3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ppf2 picture ppf2  路  3Comments
abtpst picture abtpst  路  3Comments
dadoonet picture dadoonet  路  3Comments
jpountz picture jpountz  路  3Comments
clintongormley picture clintongormley  路  3Comments