Search query fails on long type fields

Samira · April 2, 2020, 4:42pm

Hi folks,
I have an issue with the search query on a long data type field.
My Apache logs are fed to graylog with a GROK pattern like :
%{HOSTNAME} %{NOTSPACE:apache-process} %{COMBINEDAPACHELOG} %{NOTSPACE:cookie} %{INT:tookms;int}

tookms is in millisec. I made sure ES index uses a numeric type :
curl -X GET http://127.0.0.1:9200/apache_4/_mapping?pretty

returns this field amongst others :

      "tookms" : {
        "type" : "long"
      },

So, I would expect to be able to search for requests like :

source:aspxaswebp* and tookms:<1000

EDIT :

Embaracing how I forgot to use capital AND…
Please delete this post.
I appreciate a lot the help you offered Macko003. Thanks.

macko003 · April 2, 2020, 8:13pm

How can we help? Maybe you missed to write your problem.

system · April 16, 2020, 8:14pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Compound(long,string) after setting type hint in graylog extractor Graylog Central (peer support)	5	1696	September 20, 2019
Search field:<value doesn't give the expected results Graylog Central (peer support)	11	2013	January 28, 2019
Graylog 1.3.3 search for range queries not working properly Graylog Central (peer support)	2	2027	June 15, 2017
Search Results with Numeric Extracted are Not Greater than Query Graylog Central (peer support)	6	4469	July 3, 2021
What's the Indexer failures logic? Graylog Central (peer support)	4	398	November 25, 2019

Search query fails on long type fields

Related topics