Graylog Community

Search for number with timestamp in message

Graylog Central (peer support)

beepmeep March 12, 2021, 1:43pm 1

Hi there

I’m trying to search trough my logs for the number 53.
my messages look like this:
Mar 12 2021 14:12:53: %6-302016: Teardown UDP connection 863583 for xxxxxxxx/58255 to 8.8.8.8/53 duration 0:00:00 bytes 0

My current search string is similar to this:
“1.6.1.1” OR “10.6.3.2” AND NOT “208.67.222.222” AND NOT “208.67.220.220” AND “/53”

The problem is that when i search for “/53”, for some reason the “/” is ignored, and a ton of results that have 53 in the timestamp in the beginning of the message is found.

Any ideas on how I cant prevent this?

dickinsonzach March 12, 2021, 4:48pm 2

Does this help?

From Search query language — Graylog 4.0.0 documentation

1 Like

beepmeep March 14, 2021, 1:57pm 3

Thanks, but unfortunately not. It’s still like the “/” is ignored

system (system) Closed March 29, 2021, 9:43am 5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Search timestamp range is complete wrong Graylog Central (peer support)	1	318	January 2, 2021
No results on search page Graylog Central (peer support)	4	3332	July 24, 2019
New user - Time question Graylog Central (peer support)	3	428	February 11, 2019
How to see timestamp with milliseconds in search results Graylog Central (peer support)	2	1110	August 3, 2020
Show message later Graylog Central (peer support)	4	354	May 24, 2021