Graylog Search returns strange results

merasil · November 21, 2017, 10:24am

Hi there,

i have a problem with my graylog search:
I have a field which contains the length of a Domain as a Number. If i do the following search over the past 5 minutes i do not get the result i was expecting.

DNS_DomainLength:>40

I want to get only messages where the Domain is longer then 40 Chars (which should be done with this query i guess), but i also get messages where the domain is less than 40. If i do this query: DNS_DomainLength:40 it works like it should.

I also tried it with range {}[] or with AND but it doesnt work. I also tried to convert it to int to see if it does make a difference (which should not cause of elasticsearch)

Greetings Merasil

sachin · November 22, 2017, 4:27pm

Are you sure that the field is saved as Numeric?
Try plotting a line graph also on that field.

Does this return only rows with values between 40 and 50

DNS_DomainLength:[40 TO 50]

If things are not as expected, then most likely the index has that column as string.

system · December 6, 2017, 4:28pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
I can't search numeric on message Graylog Central (peer support)	2	639	December 5, 2018
Graylog search precision Graylog Central (peer support)	1	213	March 2, 2021
Graylog 1.3.3 search for range queries not working properly Graylog Central (peer support)	2	2006	June 15, 2017
Search field:<value doesn't give the expected results Graylog Central (peer support)	11	2002	January 28, 2019
Search with regex for a numeric field Graylog Central (peer support)	4	2332	September 26, 2018

Graylog Search returns strange results

Related topics