Hi,
i am sending my postfix log to graylog. Now i’m trying to find some log entries regarding an specific email adress.
the mail adress is for example: john.doe@foo.bar
When i search
Why are there no results if i simply search for “john” or “doe”?
Thanks
Hej @halycon
did you look into this documentation? http://docs.graylog.org/en/2.2/pages/queries.html
regards
Jan
Hi @jan
sure i took a look at it.
I guess i misunderstood the first example ?
Messages that include the term ssh: ssh
So “john” isn’t a term in my case? What’s the definitin of “term”.
The mail adress in the log is john.doe@foo.bar
So the “term” is the whole address?
Why is searching for “@foo.bar” working? It’s only part of the term. Same for “john”. But searching for “john” is not working.
I don’t get it.
you can read on terms in the elasticsearch documentation and within Graylog you can view how the field is split and what terms are identified.
You can change that with your own mapping if you like to.
