Searching question

Mantil · October 25, 2017, 9:00pm

Have a quick search question. Having trouble matching anything with a wildcard after a specific string in a field. Here is an example that works.

cs-host:nmvtis.ssy.local AND cs-uri-stem:\/api\/vin\/VHR\/99999999\/2D4GP43LX5R341187

I haven’t been able to get a trailing wildcard to work at all in this context. Is this not allowed?

cs-host:nmvtis.ssy.local AND cs-uri-stem:\/api\/vin\/VHR\/99999999\/2D4GP43LX5R34118*

I feel like I’m missing something terribly simple here as I feel I have had successful widcard searches previously against other fields.

jochen · October 26, 2017, 6:53am

The way you can query fields depends on how which tokenizer and which analyzer have been used when indexing the message.

https://www.elastic.co/guide/en/elasticsearch/reference/5.6/analysis-analyzers.html
https://www.elastic.co/guide/en/elasticsearch/guide/current/analysis-intro.html
https://www.elastic.co/guide/en/elasticsearch/guide/current/configuring-analyzers.html

Mantil · October 26, 2017, 6:49pm

Thank you for the Reply Jochen. I’ll take a look at these. I’m guilty of looking first at Graylog documentation and forget too quickly that elasticsearch documentation may have my answers.

system · November 9, 2017, 6:50pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Strange search beaviour Graylog Central (peer support)	3	596	May 9, 2017
Specific field not indexed correctly and search not working Graylog Central (peer support)	8	2577	November 12, 2020
Wildcard Search Issue Graylog Central (peer support)	5	3066	June 11, 2018
What are analyzed fields? Graylog Central (peer support)	9	5151	May 16, 2018
Unable to create filters using * wildcard with filebeat_log_file_path: Graylog Central (peer support)	5	4788	June 20, 2019

Searching question

Related Topics