Search with wildcard


I read all the previous posts but it still doesn’t work…
my search query is:
facility:"user-level" AND _exists_:switch_lognname AND NOT (message:"General.*logout.*" OR switch_lognname:NTP)
the message looks like this:
General [meta sequenceId=1040] BOMSecurity: SSH logout by admin from src IP from src MAC 609c.xxxx.yyyy from PRIVILEGED EXEC mode using DSA as Server Host Key.
the problem is, that I still see this message, also when I search for AND NOT mesage:General*logout* when I remove the word logout it works, so why I can’t search with wildcard and two words?

Have you tried configuring this?

If so, what happened?

Hi gsmith,
I’ve configured this, but nothing happens, its still the same result, where I see General… logout… so I guess something is wrong with my syntax or it’s a bug :wink:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.