How to Use Regexp Query in Elasticsearch: Syntax and Examples
Use the
regexp query in Elasticsearch to search text fields with regular expressions by specifying the field and the regex pattern inside the query body. The syntax includes the field name and the value which is the regex pattern to match.Syntax
The regexp query in Elasticsearch lets you search for documents where a field matches a regular expression pattern. You specify the field name and the regex pattern as the value. Optional parameters like flags can control regex behavior.
- field: The name of the field to search.
- value: The regular expression pattern to match.
- flags: Optional regex flags like
ALL,INTERVAL, etc. - max_determinized_states: Limits regex complexity to avoid performance issues.
json
{
"query": {
"regexp": {
"field_name": {
"value": "regex_pattern",
"flags": "ALL",
"max_determinized_states": 10000
}
}
}
}Example
This example searches for documents where the username field starts with 'jo' followed by any characters. It uses the regexp query with the pattern jo.*.
json
{
"query": {
"regexp": {
"username": {
"value": "jo.*"
}
}
}
}Output
{
"hits": {
"total": 2,
"hits": [
{"_source": {"username": "john"}},
{"_source": {"username": "joshua"}}
]
}
}
Common Pitfalls
Common mistakes when using regexp query include:
- Using unsupported regex syntax that Elasticsearch does not recognize.
- Not escaping special characters properly in the regex pattern.
- Applying regexp query on analyzed text fields instead of keyword fields, which can cause unexpected results.
- Ignoring performance impact of complex regex patterns.
Always test your regex patterns and prefer keyword fields for regexp queries.
json
{
"query": {
"regexp": {
"description": {
"value": "(unescaped[)"
}
}
}
}
// Corrected version with escaped characters:
{
"query": {
"regexp": {
"description": {
"value": "\(unescaped\[\)"
}
}
}
}Quick Reference
| Parameter | Description | Example |
|---|---|---|
| field_name | The field to search | "username" |
| value | Regex pattern to match | "jo.*" |
| flags | Regex flags to control behavior | "ALL" |
| max_determinized_states | Limits regex complexity | 10000 |
Key Takeaways
Use the regexp query to search fields with regular expression patterns in Elasticsearch.
Always apply regexp queries on keyword or non-analyzed fields for accurate results.
Escape special characters properly in your regex patterns to avoid errors.
Be cautious with complex regex patterns as they can impact query performance.
Use optional flags and max_determinized_states to control regex behavior and resource use.