I can't search numeric on message

cherawich · November 21, 2018, 4:11am

I try to search by

(source:10.0.1.*) AND message:"“latency”:"<80000000

but I can’t see latency result less that 80,000,000

This is example message
message

jan · November 21, 2018, 8:35am

how is the latency saved in Elasticsearch? if that is saved as a string such a query is not possible.

Currently the only option to know that is to get the current mapping ( http://docs.graylog.org/en/2.4/pages/configuration/elasticsearch.html#custom-index-mappings ) and see what field type is used for the field. If you only save numbers in the field latency then change the mapping of that field to number.

system · December 5, 2018, 8:35am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Regex search in message field Graylog Central (peer support)	4	1309	February 23, 2021
Search Results with Numeric Extracted are Not Greater than Query Graylog Central (peer support)	6	4360	July 3, 2021
Extractor numeric search is not working as expected Graylog Central (peer support)	2	443	January 11, 2019
Graylog Search returns strange results Graylog Central (peer support)	2	527	December 6, 2017
Elasticsearch Exception & Custom Index Template Graylog Central (peer support) basic-configuration	4	837	June 23, 2022