but graylog doesn't have an option to set the pattern. It only can set elasticsearch_analyzer.
I just want split them into words, like a or b or c , so I can query by the simple word quickly. extractors seem not fit with this situation. 在 2017年1月10日星期二 UTC+8下午4:43:13,Jochen Schalanda写道: > > Hi, > > you could probably use the pattern analyzer > <https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis-pattern-analyzer.html> > > to split the message terms but that would of course impact all ingested > messages, not just the ones you've mentioned as an example. > > If these fields have a specific meaning, you might want to use a Grok or > RegEx extractor to copy them into specific message fields, so that you can > specifically query for them. > > See http://docs.graylog.org/en/2.1/pages/extractors.html for details. > > Cheers, > Jochen > > > On Tuesday, 10 January 2017 00:43:40 UTC+1, Zhiyuan Lei wrote: >> >> I use elasticsearch_analyzer = standard in my graylog,and I have a >> message like this >> >> 2017-01-09 20:02:50,197 [x/x] - >> [(x,aa.bb,Y,645810f41483963370181610719839,1ms)] >> >> Expected Behavior >> >> expcected all terms like >> >> Field terms: xxx Y 645810f41483963370181610719839 1ms >> >> the last comma should spit the last words. >> Current Behavior >> >> Field terms: xxx Y 645810f41483963370181610719839,1ms >> >> but last words 645810f41483963370181610719839,1ms was not splited. >> >> >> >> maybe I can set stopwords to solve this problem, according this >> https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html >> >> >> does anyone have an idea? >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/74cf9f33-9120-4402-927f-ceedb67d2da0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
