Graylog search "keywords"?


(Nick Geovanis) #1

The page here http://docs.graylog.org/en/2.1/pages/queries.html#syntax
uses the following “field names” in its examples: source, http_response_code, _exists_, _missing_,
type, and resource. Some of these are clearly intended to be arbitrary example fields defined
in hypothetical log records. But some of these are actual “builtins”, eg._exists_ and _missing_.
I cannot find online a listing of all of the graylog “builtins” which are usable in search.
Does such a listing exist?


(Jochen) #3

The syntax is explained in the Elasticsearch documentation at Query string syntax.

Please note that the _missing_ keyword has been removed in Elasticsearch 5.0.0: https://www.elastic.co/guide/en/elasticsearch/reference/5.5/breaking_50_search_changes.html#_deprecated_queries_removed


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.