searching for 1311-10013* gives me 0 results gonna upgrade to 0.20.2 today :)
Am Dienstag, 8. April 2014 18:43:14 UTC+2 schrieb lennart: > > btw: v0.20.2 has search result highlighting that shows you what was > actually matched and why it was returned as search result. > > On Tue, Apr 8, 2014 at 6:41 PM, Lennart Koopmann <[email protected]> wrote: > > Please try searching for this: 1311-10013* > > > > The other messages that are not found have a _ not a - after the > > 10013. I guess this is not being split automatically by the tokenizer. > > > > On Tue, Apr 8, 2014 at 10:39 AM, Denny Gebel > > <[email protected]<javascript:>> > wrote: > >> Hi all, > >> > >> we have some serious problem with the search - maybe someone can give > me a > >> hint or solution. Currently we see this problem with vsftpd logs. > >> > >> Example: > >> > >> I am searching for a specific client IP ("10.20.1.163"). Result is like > 100+ > >> messages. Resultset looks fine. See the most recent five messages > below. > >> > >> Mon Apr 7 23:00:48 2014 [pid 26077] [username] OK UPLOAD: Client > >> "10.20.1.163", "/somedir/OPC-1311-10013-20140407_230001-system.info", > 26196 > >> bytes, 0.72Kbyte/sec > >> Mon Apr 7 23:00:11 2014 [pid 26077] [username] OK UPLOAD: Client > >> "10.20.1.163", "/somedir/1311-10013_something_20140407_220000.xml", > 1042 > >> bytes, 0.72Kbyte/sec > >> Mon Apr 7 23:00:06 2014 [pid 25919] [username] OK LOGIN: Client > >> "10.20.1.163" > >> Mon Apr 7 23:00:05 2014 [pid 25920] CONNECT: Client "10.20.1.163" > >> Mon Apr 7 22:01:14 2014 [pid 27601] [username] OK UPLOAD: Client > >> "10.20.1.163", "/somedir/1311-10013_something_20140407_210000.xml", > 1047 > >> bytes, 0.02Kbyte/sec > >> > >> > >> Now I want to search for "1311-10013", which should me give at least(!) > the > >> three results from my search above. In fact, I'm getting ONLY one > message as > >> result. > >> > >> Mon Apr 7 23:00:48 2014 [pid 26077] [username] OK UPLOAD: Client > >> "10.20.1.163", "/somedir/OPC-1311-10013-20140407_230001-system.info", > 26196 > >> bytes, 0.72Kbyte/sec > >> > >> > >> Logs are transferred with logstash from the ftp server. input = file, > output > >> = gelf. No filter etc. Graylog/Graylog-Web: 0.20.1 > >> > >> > >> Any suggestions? What am I doing wrong? > >> > >> > >> Thanks, > >> > >> Denny > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "graylog2" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected] <javascript:>. > >> For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
