Searching in Graylog2 full_message

graylog2
Laurynas picture Laurynas · Aug 26, 2012 · Viewed 13.7k times · Source

Is it possible to search in Graylog2 full messages using Quickfilter?

I can successfully search in short messages, but it seems like full messages can be filtered only using streams.

I need to filter old full messages and new stream is applied only to new messages. Is there any solution to this problem?

Answer

Laurynas picture Laurynas · Aug 26, 2012

Found a way to search full_message terms:

In "analytics" tab there is analytics shell where you can execute custom commands.

Example:

all.find(full_message="term")

Note from Graylog Analytics Shell instructions:

The fields message and full_message are broken to terms. This means that searches on them do not mean equals [search term] but contains [search term].

Related questions

How to handle multiple heterogeneous inputs with Logstash?

Let's say you have 2 very different types of logs such as technical and business logs and you want: raw technical logs be routed towards a graylog2 server using a gelf output, json business logs be stored into an elasticsearch cluster …

Read More
What are the main differences between Graylog2 and Kibana

What are the main differences between Graylog2 and Kibana? We already use Graylog2 but I must admit I don't really like the UI. Just wonder in case it may be helpful to switch to Kibana.

Read More
How to manually purge data from Graylog 2.1

I have a Graylog 2.1 server that has been running for some time. I hadn't paid attention to my retention rate recently and came in this morning to find Graylog partially crashed because the disk was out of space. Nearly 100% of …

Read More