Filter Stream with wildcard

dsgry · November 30, 2023, 12:54pm

Hi

I am running graylog 5.2 in a docker environment and I am logging Windows Fileserver Access to it. I have configured the ENV “GRAYLOG_ALLOW_LEADING_WILDCARD_SEARCHES=true”

Now I want to filter the search with a filter of “AccessList” for example:
Show me all messages which has AccessList 4416 in it.

In older Versions I could just search for “AccessList: %%4416” and the messages where filtered. In the new Version I only get the message " Query parsing error : Cannot parse query, cause: ‘*’ or ‘?’ not allowed as first character in WildcardQuery."

Example AccessList entry: “%%1538 %%1541 %%4416 %%4417 %%4418 %%4419 %%4420 %%4423 %%4424”

I have tried different things but nothing works. How can I filter the messages?

What I have tried:
AccessList:“%%4416”
“AccessList:.\%\%4416.”
AccessList:.\%\%4416.
AccessList:.%%4416.
^.%%4416.$
^.%%4416.$
.%%4416.
^%%4416.*$

Regards
dsgry

gsmith · December 2, 2023, 5:47am

Hey @dsgry

If that the field called " AccessList" then In the Search box something like this…

AccessList: "%%4416"

I know in the Graylog config file its.

allow_leading_wildcard_searches = true

Double check the ENV it may have changed

system · December 16, 2023, 5:48am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Excluding Character when Searching Graylog Central (peer support)	2	771	February 25, 2019
Graylog wildcard exclude search Graylog Central (peer support)	2	8689	September 25, 2018
Wildcard Search Graylog Central (peer support)	3	4023	January 14, 2022
Wildcard regex searching isn't working Graylog Central (peer support)	2	45	October 24, 2024
Stream Rule - is wildcard possible Graylog Central (peer support)	6	1550	December 11, 2017

Filter Stream with wildcard

Related topics