Search with wildcard

colttt · August 10, 2021, 12:52pm

Hello,

I read all the previous posts but it still doesn’t work…
my search query is:
facility:"user-level" AND _exists_:switch_lognname AND NOT (message:"General.*logout.*" OR switch_lognname:NTP)
the message looks like this:
General [meta sequenceId=1040] BOMSecurity: SSH logout by admin from src IP 172.16.100.1 from src MAC 609c.xxxx.yyyy from PRIVILEGED EXEC mode using DSA as Server Host Key.
the problem is, that I still see this message, also when I search for AND NOT mesage:General*logout* when I remove the word logout it works, so why I can’t search with wildcard and two words?

gsmith · August 11, 2021, 12:36am

Have you tried configuring this?

https://docs.graylog.org/en/4.1/pages/configuration/server.conf.html#:~:text=allow_leading_wildcard_searches%20%3D%20false

If so, what happened?

colttt · August 11, 2021, 7:26am

Hi gsmith,
I’ve configured this, but nothing happens, its still the same result, where I see General… logout… so I guess something is wrong with my syntax or it’s a bug

system · August 25, 2021, 7:26am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Wildcard regex searching isn't working Graylog Central (peer support)	2	25	October 24, 2024
Graylog wildcard exclude search Graylog Central (peer support)	2	8513	September 25, 2018
Searching specific word in message Graylog Central (peer support)	2	1265	October 16, 2018
Filter Stream with wildcard Graylog Central (peer support)	2	472	December 16, 2023
Help with search syntax Graylog Central (peer support)	3	2750	December 10, 2018

Search with wildcard

Related topics