Hi !
We are using graylog 1.1.6 and we have troubles with some search strings.
We are using a collector to reading files
from a windows system. We can see a field named 'source_file' in these
messages
Sample Value: C:\Program
Files\IBM\WebSphere\AppServer8\profiles\AppSrv01\logs\MyServer\SystemOut.log
If we try to search for all logs from a specific source_file it does not
work.
This is the elastic search query:
{
"from": 0,
"size": 100,
"query": {
"query_string": {
"query": "source_file:\"C:\\Program
Files\\IBM\\WebSphere\\AppServer8\\profiles\\AppSrv01\\logs\\MyServer\\SystemOut.log\"",
"allow_leading_wildcard": false
}
},
"post_filter": {
"bool": {
"must": {
"range": {
"timestamp": {
"from": "2015-09-08 00:28:10.547",
"to": "2015-09-08 08:28:10.547",
"include_lower": true,
"include_upper": true
}
}
}
}
},
"sort": [
{
"timestamp": {
"order": "desc"
}
}
]
}
Maybe the backslashes make the trouble ?
thanks for help !
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/10947277-e234-4456-965b-c2ced6149d9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
