@sowdenraymond - Thanks for your reply. We’ve tried this website but this query is working only in the regex website and not in grafana. Grafana doesnt extract any data using this regex. when I was reading on this, found below response in one of the thread.
“@yosiasz - Go, hence Grafana uses RE2 regexp which does not support a lot of things. Check it out here: Syntax · google/re2 Wiki · GitHub .
I had the same issue, tested on regex101, then the pattern did not work in Grafana, then learned that RE2 and PCRE2 are two different things.”
@joachimschiewek - Thanks for the reply. using ‘Golang’ gives the result. But not able to use that extracted value to form a Graph / TimeSeries board. Since I cant find an option to use the extracted value. If i select count, then the value is getting changed, instead of showing the actual extracted value, its being counted.
do we need to use Transformation? pls help with this.
You are not using filebeat datasource, but you are using elasticsearch datasource.
An Elasticsearch datasource supports only Lucene query, it doesn’t support regex query. I don’t believe there is some Lucene function which will provide parsing functionality as you need, so I would recommend to configure the filebeat (or that process which ingest data into Elasticsearch) to parse and save that number directly in some field that you can then query with Lucene query from Grafana.
Use the Golang flavor in regex testers like regex101 to ensure compatibility with Grafana’s RE2 regex engine.
Consider preprocessing logs with Filebeat to extract and store necessary values in separate fields before ingesting them into Elasticsearch.
Use transformations in Grafana to manipulate and visualize extracted data if direct extraction isn’t possible.
Explore Grafana’s documentation on transformations and correlations for additional guidance on handling extracted data.
Summary:
This thread revolves around extracting a specific value from a log line using Grafana with Elasticsearch as the data source. @joachimschiewek suggested using the Golang flavor in regex101, which aligns with Grafana’s RE2 engine. @jangaraj clarified that Elasticsearch supports only Lucene queries, not regex, and recommended preprocessing logs with Filebeat to parse and store values in separate fields for easier querying in Grafana. This approach would allow the use of Lucene queries to access the extracted data.