I have a query where I am performing regex matching on two different fields, field1 and field2. index=proxylogs uri!=aa.*|regex field1=".*abc\..*|.*api\..*"|regex field2!="(?i)abc\\xyz[a-z0-9]{5}|(?i)abc\\kkr[a-z0-9]{6}"|... . Field 1 matches with the regex pattern and provides results that have matching values. However, field 2 doesn't work as I am getting the results that do match the regex of field2 and not discarding them. According to the '!=', the values that match that particular regex shouldn't be present in the result of the query, but they are. So, it isn't working as it supposed to. I have tested the regex elsewhere and it is correct. Any ideas?
... View more