This is because ngnix_useragent is apparently a non-analysed field ( https://www.elastic.co/guide/en/elasticsearch/guide/current/mapping-intro.html ). Try ngnix_useragent:*google* instead.
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/87ddafdb-c521-4faa-9541-101bd793c152%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
