Graylog search "keywords"?

(Nick Geovanis) #1

The page here
uses the following “field names” in its examples: source, http_response_code, _exists_, _missing_,
type, and resource. Some of these are clearly intended to be arbitrary example fields defined
in hypothetical log records. But some of these are actual “builtins”, eg._exists_ and _missing_.
I cannot find online a listing of all of the graylog “builtins” which are usable in search.
Does such a listing exist?

(Jochen) #3

The syntax is explained in the Elasticsearch documentation at Query string syntax.

Please note that the _missing_ keyword has been removed in Elasticsearch 5.0.0:

(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.