Is it possible to create highlight that contains certain word or character?

1. Describe your incident:
I’m trying to use highlight feature on my custom dashboard. I can highlight based on field that exactly match what the field contains. But when I try to only highlight message that contain a word or character such as “failed” or “invalid”, it won’t be highlighted. Is currently not supported ?

2. Describe your environment:

• OS Information:
  Ubuntu 20.04
• Package Version:
  5.0.7
• Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?
The only available conditions are == and !=. I tried to use regex such as below, but doesn’t highlighted.
“(?i)\bfailed\b”

4. How can the community help?
Provide information about is it supported yet or not, and if it supported, how can I make it works.

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Greetings! This feature works by highlighting a specific field with a specific color. For example, error levels, ERROR=red, WARN=yellow, INFO=green, etc.

As you noted, it is a literal match and does not match based on contained text.

My recommendation is to have graylog parse out whatever text you need to match into its own specific field, that way you can have the highlighting match the text exactly.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.