Not sure if this is a bug or a configuration error, so I thought I would start here.
The documentation for V3 is unchanged from V2.x
Which states that to enable leading wildcard searches, add the following to the configuration file
allow_leading_wildcard_searches = true
I have added that to /etc/graylog/server/server.conf, but it hasn’t made any difference.
Any time I perform a search, if the query is “*something” I get an error 500
Error Message: Unable to perform search query Failed to parse query [*2523]Failed to parse query [*2523] Details: Failed to parse query [*2523] Failed to parse query [*2523] Search status code: 500 Search response: cannot GET https://my.server.com:9000/api/search/universal/relative?query=%2A2523&range=0&limit=150&sort=timestamp%3Adesc (500)
I get this error regardless if I search just anywhere (as above) or if I search a specific field.
The configuration file does not already have a section for this option in it, unlike all of the other options - I’m wondering if the method of configuring this has changed in V3?
(I am new to Graylog, and have started on V3, all recently downloaded in the last week or so)
Any help or suggestions welcome - In particular, we need to be able to search our “client_user_id” field for *userid* due to the varied way it can be represented.