I have some message like
"
2018-05-16 13:58:27.75720095 [1.78653002] [info] [PageInfo] [] [] [] [74f53nt6k71fkkrdcd31793791.1526450305.97067094] memory : 25671456
"
“74f53nt6k71fkkrdcd31793791” is my token string. My aim is to search all message with the same token string.
I tried to search message:%74f53nt6k71fkkrdcd31793791% . BUT No result.
Any idea to search it in this case?? Thanks.
personal I would extract the token string into a single field and then it is far more easy to work with that.
That would mean, one extract during ingest and later you can just search in the new created field and you are even able to group everything together with much lower load on your Elasticsearch.
Do you have any idea to use regular expression to extract this field? [74f53nt6k71fkkrdcd31793791.
I use online reglarx test tool by this pattern [[a-zA-Z0-9]{26}. it works. But graylog warms me no regEx match.
Square brackets ("[" and “]”) are reserved characters in regular expressions and have to be escaped.
The following regular expression would work:
\[([A-Za-z0-9]{26})\.
It works!! Thanks!!!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
