Search issue with double colons

intpdm · April 18, 2024, 9:26pm

Hi.

Are there any restrictions on searching in graylog?
Because i tried to find message with text having double colons ( :: ) and not get any results, but if i look by timestamp i can see it.
There is no errors in graylog or elasticsearch logs.

Environment:

elasticsearch-oss | 7.10.2
graylog-server | 4.3.8-1
mongodb-org-server | 4.4.27
Debian 10

Test message added from GELF:

echo -e ‘{“short_message”:“testing text::WITHDOUBLE.COLONS graylog”}\0’ | nc -w 1 <server_ip> 12201

How i can search word after the :: ?

Joel_Duffield · April 18, 2024, 9:53pm

My guess is that because the message field is an indexed field it ignores the puncuation (the tldr is that it breaks aparts all the words, but punctuation spacing etc is ignored.

If you wanted to search it you would need to copy the message field into another field that was set to the datatype of keyword and then you should be able to find it in that.

intpdm · April 19, 2024, 7:43am

Thanks for answer.
Regex doesn’t work for the same reason, right?

Joel_Duffield · April 19, 2024, 12:13pm

Correct, what you can do on that field though is all the “googly search things” like words not in order etc.

system · May 3, 2024, 12:13pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Search for special character ":" not work Graylog Central (peer support)	5	1408	October 20, 2021
Regex Search in message / Chars like ", ==, <=, etc / Problem Graylog Central (peer support)	5	997	October 14, 2019
Specific field not indexed correctly and search not working Graylog Central (peer support)	8	2885	November 12, 2020
Searching special characters Graylog Central (peer support)	9	8499	June 3, 2020
Regex search in message field Graylog Central (peer support)	4	1313	February 23, 2021

Search issue with double colons

Related topics