Hi Claus,
certain characters have to be escaped in the Lucene query syntax (which is
being used by Graylog and Elasticsearch), see
http://docs.graylog.org/en/1.1/pages/queries.html#escaping for details.
Cheers,
Jochen
On Tuesday, 8 September 2015 10:31:14 UTC+2, Claus Koell wrote:
>
> Hi !
>
> We are using graylog 1.1.6 and we have troubles with some search strings.
> We are using a collector to reading files
> from a windows system. We can see a field named 'source_file' in these
> messages
>
> Sample Value: C:\Program
> Files\IBM\WebSphere\AppServer8\profiles\AppSrv01\logs\MyServer\SystemOut.log
>
> If we try to search for all logs from a specific source_file it does not
> work.
>
> This is the elastic search query:
>
> {
> "from": 0,
> "size": 100,
> "query": {
> "query_string": {
> "query": "source_file:\"C:\\Program
> Files\\IBM\\WebSphere\\AppServer8\\profiles\\AppSrv01\\logs\\MyServer\\SystemOut.log\"",
> "allow_leading_wildcard": false
> }
> },
> "post_filter": {
> "bool": {
> "must": {
> "range": {
> "timestamp": {
> "from": "2015-09-08 00:28:10.547",
> "to": "2015-09-08 08:28:10.547",
> "include_lower": true,
> "include_upper": true
> }
> }
> }
> }
> },
> "sort": [
> {
> "timestamp": {
> "order": "desc"
> }
> }
> ]
> }
>
> Maybe the backslashes make the trouble ?
>
> thanks for help !
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/5437d888-0c91-4726-8101-3f3f3ef0feaf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
