When writing search queries in IdentityNow, the * wildcard operator is very useful to match partial strings, but sometimes there is a need to search on a specific pattern. This is where regex, short for regular expressions, comes in. We will go over a few simple examples of regex syntax to see how you can leverage this functionality in the IdentityNow search interface as well as search via REST API.
Let's say you want to find identities whose first name starts with the letter "a". You can easily do that with the * wildcard in search:
attributes.firstname:a*
But what if you wanted to find all identities whose first name starts with the letters "a - c"? That can't be done with the * wildcard in search, but you can use regex to do that. You can specify a range of characters for the first character in the regex search pattern as shown below. Within search, all regex patterns must be set off with the "/" character. The "." represents any character, and the "*" represents the preceding character zero to many times.
attributes.firstname:/[a-c].*/
Thus, the search query above will return all identities with a first name that starts with "a - c", regardless of what other or how many other characters are in the first name.
Now, let's search for identities who have a first name that starts with "a - c" and a last name that starts with "n - s":
attributes.firstname:/[a-c].*/ AND attributes.lastname:/[n-s].*/
As you can see, Andy.Davis, Angela.Bell and Carl.Foster are now excluded from these results because their last names do not start with a letter between "n - s".
Let's do a more complex example. What if we wanted to find identities who have an account id on a specific source that follows a specific pattern? We can easily look for accounts on a specific source with basic search syntax, but we must use regex to find account ids that follow a specific pattern.
We are looking for identities who have accounts on the Employees source with an account id that matches the pattern number-letter-number-letter. We specify our pattern with the character range notation:
[0-9][a-z][0-9][a-z]
Then we construct the entire search query:
@accounts(source.name:Employees AND accountId:/[0-9][a-z][0-9][a-z]/)
Let's run this search query via the REST API this time. We will be running a POST /v3/search API endpoint call in Postman. We build our JSON request body by indicating that we are searching the identities index and adding the above query in the query attribute:
{
"indices": [
"identities"
],
"query": {
"query": "@accounts(source.name:Employees AND accountId:/[0-9][a-z][0-9][a-z]/)"
}
}
We see that the identities in our result set have an account on the Employees source with an account id that follows the number-letter-number-letter pattern:
For more information about about regular expressions in Elasticsearch and more complex examples of regex syntax, refer to Elasticsearch Regex Syntax.