正则表达式：“D_\d+ - \d+”将只捕获您想要捕获的两行。
“D_”与字符“D_”匹配（区分大小写）
“\d”匹配数字（相当于[0-9]）
“+”在一次和无限次之间匹配上一个令牌，尽可能多的次数，根据需要回馈（贪婪）
“-“与字符“-”匹配（区分大小写）
参见：https://regex101.com/r/SJQ6ou/1
并使用此网站学习和测试regex

我建议你使用an ingest pipeline来检查这个条件，并为此创建一个新的字段。下面是你如何做到这一点：

POST _bulk
{ "index" : { "_index" : "my_sample_index", "_id" : "1" } }
{ "data_no": "D_00122 - A - 14" }
{ "index" : { "_index" : "my_sample_index", "_id" : "2" } }
{ "data_no": "D_00133A - 15" }
{ "index" : { "_index" : "my_sample_index", "_id" : "3" } }
{ "data_no": "D_00145 - 18" }
{ "index" : { "_index" : "my_sample_index", "_id" : "4" } }
{ "data_no": "D_00167 - B - 18" }
{ "index" : { "_index" : "my_sample_index", "_id" : "5" } }
{ "data_no": "D_00182A - 19" }
{ "index" : { "_index" : "my_sample_index", "_id" : "6" } }
{ "data_no": "D_00121 - A - 13" }
{ "index" : { "_index" : "my_sample_index", "_id" : "7" } }
{ "data_no": "D_0011 - 18" }

PUT _ingest/pipeline/check_dash
{
  "processors": [
      {
        "grok": {
          "field": "data_no",
          "patterns": [
            "%{NOTSPACE:data1} - %{NOTSPACE:data2} - %{NOTSPACE:data3}",
            "%{NOTSPACE:data1} - %{NOTSPACE:data2}"
          ]
        }
      },
      {
        "set": {
          "if": "ctx.data3 == null",
          "field": "number_after_dash",
          "value": true
        }
      },
      {
        "remove": {
          "field": ["data1", "data2", "data3"],
          "ignore_failure": true
        }
      }
    ]
}

POST my_sample_index/_update_by_query?pipeline=check_dash
GET my_sample_index/_search

的数据

来自Kibana Discover的结果：

的