Hi Bruno, there are several things that might make the result being different from what you expected.
Graylog is using an index mapping which sets all fields except message, full_message, and source to not_analyzed. For wildcard searches, you'll need to analyze those fields, see http://docs.graylog.org/en/2.0/pages/configuration/elasticsearch.html#custom-index-mappings for details. Additionally, the choice of analyzers (and tokenizers) play a huge role for which queries are possible on those fields, see https://www.elastic.co/guide/en/elasticsearch/guide/2.x/configuring-analyzers.html and https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis-analyzers.html for details. Cheers, Jochen On Monday, 11 July 2016 21:48:34 UTC+2, Bruno Ribeiro wrote: > > Hello, > > I need a help for wildcards. > > I want to find a modification in file server, but i know only the file > name is anual_revenues. > > If I use the query, > > source: servername AND ObjectName:*revenues* - > I have several results > contains revenues in objectname field. > > But I use the query, > > source: servername AND ObjectName:*anual_revenues* - > I found nothing > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/789a74d7-5997-4702-88e2-ed3719a0ec9c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
