Graylog Search vs curl search dramatically different results

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
developing a batch file to query graylog server

2. Describe your environment:

  • OS Information:

  • Package Version:
    Graylog 5.2.4+ec33db8 on (Eclipse Adoptium 17.0.10 on Linux 5.15.0-94-generic)

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

4. How can the community help?
When I do a basic search in Graylog search, say TargetUserName:FLastname, I get dramatically different results than when I use the same(?) search via curl:

curl -u %CRED%:token -H "Content-Type: application/json" -H "Accept: text/csv" -g -X GET "http://syslog:9000/api/search/universal/relative?query=TargetUserName:%ans%&fields=TargetUserName,LogonType,WorkstationName,IpAddress"

Clearly, I’m trying to get Logon history for a specified user, defined in %ans% variable.

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.