Hi Bruno, there are several things that might make the result being different from what you expected.
Graylog is using an index mapping which sets all fields except message, full_message, and source to not_analyzed. For wildcard searches, you'll need to analyze those fields, see http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#custom-index-mappings for details. Additionally, the choice of analyzers (and tokenizers) play a huge role for which queries are possible on those fields, see https://www.elastic.co/guide/en/elasticsearch/guide/2.x/configuring-analyzers.html and https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis-analyzers.html for details. Cheers, Jochen On Monday, 11 July 2016 21:48:34 UTC+2, Bruno Ribeiro wrote: > > Hello, > > I need a help for wildcards. > > I want to find a modification in file server, but i know only the file > name is anual_revenues. > > If I use the query, > > source: servername AND ObjectName:*revenues* - > I have several results > contains revenues in objectname field. > > But I use the query, > > source: servername AND ObjectName:*anual_revenues* - > I found nothing > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/789a74d7-5997-4702-88e2-ed3719a0ec9c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
