Hi All, I configured a couple of Extractors to extract fields from the log message. Some fields can be searched, but others can not be searched.
Example: I have a field called "level" (log level) and it can be searched. I can also see this field listed as a property in search index logstash-yyyy.MM.dd. I have another field called "log_message" and it is not searchable. When I checked the mapping, it is not listed as a property in logstash-yyyy.MM.dd. When I check the mapping in search index graylog-x, both are listed. The failed search example: If I use message field, I can search a record with a string Exception in the message within 2 hours of time frame, but if I use log_message field (remove the timestamp part and contains the string Exception), I can not search the record although the string is in the log_message field. Is there additional configuration that is required to ensure all the extracted fields to be searchable? Thanks, Wayne Note: I access url to check the fields and mapping in each search index: http://localhost:9200/_mappings -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/7ffe7dcd-9a0d-4ee5-a099-9d7d40f20f7b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
