Hi Jason, by default only a few message fields (like message, full_message, and source) are being analyzed so that wildcard searches are possible (see https://github.com/Graylog2/graylog2-server/blob/1.1.5/graylog2-server/src/main/java/org/graylog2/indexer/Mapping.java#L79-86 ).
If you absolutely want to enable wildcard queries for other message fields, you can use Elasticsearch index templates ( https://www.elastic.co/guide/en/elasticsearch/reference/1.7/indices-templates.html) for this. Cheers, Jochen On Saturday, 1 August 2015 10:51:01 UTC+2, Jason Haar wrote: > > Hi there > > I've used extractors to create a bunch of fields to apply over incoming > data to search against. Similarly I have other data coming in via GELF with > extra fields too. Search works when I do "fieldName:full-value", but > doesn't work for "fieldName:full" or "fieldName:full*". > > It's as if they have to always explicitly match? Is there a way to apply > simple wildcard rules to them? > > Thanks > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/f6770e8c-2fd1-4c37-9fce-e90f774d0394%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
