So, Graylog fails for a query of latest 1 hr log for quick values
– Search in the last 1 hour
– source:ordering_svc_dev2* AND message:ERROR
Please find attached API failure end-point and log stack trace!
dear @pubaayaam
welcome to the community - and seasonal greetings.
You tried to query a full analyzed field - as you did not share your Graylog or Elasticsearch version I guess that you have either enabled that function yourself or you have such an old version that this is possible.
This is knowingly not possible and will not be changed. That is mainly the reason you normalize logfiles and separate information into different fields on ingest.
Our Graylog version is Graylog 2.4.3+2c41897 on graylog (Oracle Corporation 1.8.0_161 on Linux 4.4.0-97-generic) and Elasticsearch version is 5.6.3. Are these versions outdated @jan?
he @pubaayaam
yes Graylog is currently at version 3.1 and for Elasticsearch it would be 6.8 that is supported by Graylog.
Dear @jan,
Thanks for your valuable input. I shall assist my team in recommending an update to the said versions of Graylog version 3.1 and Elasticsearch 6.8.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.