mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-24 23:27:25 -04:00
bfccd20155
The new `regex` field in `categorize_text` output is created in the same way as the `regex` field that appears in the category definitions created by anomaly detection jobs that do categorization. It consists of the terms that occur in the same order for every message that matches the category, separated with a `.+?` wildcard. It therefore matches the category messages and enforces the order of the terms that occurred in the same order for all messages used to create the category. It is not recommended to use the regex as the primary mechanism for searching for the original documents that were categorized. Search using a regular expression is very slow. Instead the terms of the category should be used to search for matching documents, as a terms search can use the inverted index and hence be much faster. However, there may be situations where it is useful to use the `regex` field to test whether a small set of messages that have not been indexed match the category. |
||
|---|---|---|
| .. | ||
| bucket | ||
| metrics | ||
| pipeline | ||
| bucket.asciidoc | ||
| metrics.asciidoc | ||
| pipeline.asciidoc | ||