Hi Wayne, On Wednesday, 19 October 2016 18:34:20 UTC+2, Wayne wrote: > > What is strange about it is that the "Stream" rules apparently work with > the field "log_message", but a search query does not work. >
What does that mean exactly? Do you have some examples? The custom mapping is useful if the data type is not the default string > type. However, the log_message field is still string type. So it may not > make much difference if I set up custom mapping for this field? > No, you can also make Elasticsearch analyze fields which wouldn't be analyzed otherwise. By default, only the message, full_message, and source fields are being analyzed. See https://www.elastic.co/guide/en/elasticsearch/reference/2.4/analysis-analyzers.html for details. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/ea7ed744-fdfd-4013-8286-b7cae02ce6bc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
