Kibana query for sentence (words with specific order) with 4 digit number

Question

I am pretty new to Elasticsearch and want to find below sentence in message field

completed in ???? ms

where ???? are numbers

I have this at the moment

{
  "query": {
    "query_string": {
      "analyze_wildcard": true,
      "default_field": "*",
      "query": "(message:completed) AND (message:in) AND (message:/[0-9]{4}/) AND (message:ms)"
    }
  }
}

But the problem is result also contains messages like this which I am not interested in

How can I specify order of matching words?

Thanks in advance

I've also tried this with no luck:

{
  "query": {
    "regexp": {
      "message": {
        "value": "completed in [0-9]{4} ms"
      }
    }
  }
}

Answer 1

regex works on analyzed terms, regex as a phrase will not work You can use span query to achieve same. in terms to performance better option is to handle this at index time, probably create a structured log where subtext to query is a seperate field

{
  "query": {
    "span_near": {
      "clauses": [
        {
          "span_term": {
            "message": {
              "value": "job"
            }
          }
        },
        {
          "span_term": {
            "message": {
              "value": "completed"
            }
          }
        },
        {
          "span_term": {
            "message": {
              "value": "in"
            }
          }
        },
        {
          "span_multi": {
            "match": {
              "regexp": {
                "message": "[0-9]{4}"
              }
            }
          }
        },
        {
          "span_term": {
            "message": {
              "value": "ms"
            }
          }
        }
      ],
      "slop": 0,
      "in_order": true
    }
  }
}