Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
I have a long field in which I want to search if an event was created by zoom. Basically the field looks like this:
vendor_event_description
start_time: [632258010202], event_id: [xxxxx], organizer_calendar_id: [email@example.com], calendar_id: [email2@example.com], target_calendar_id: [email2example.com], event_title: [testing / testing event], user_agent: [zoom], app_name: [zoom]
I am trying to search within this field if the user agent or the app name is zoom. I tried the f
2. Describe your environment:
-
OS Information:
Debian 10 -
Package Version:
Graylog 4.2.4+b643d2 -
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
I have tried searching with:
/zoom/
/(?i)zoom/
(?i)(zoom)
zoom
vendor_event_description:zoom
vendor_event_description:/zoom/
vendor_event_description:/(?i)zoom/
vendor_event_description:(?i)zoom
None of these produce any results. Can I not search a whole field with regular expressions? Or am I missing something?
4. How can the community help?
Help me understand how I can find whether a field contains a specific phrase when searching.
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]
