Graylog Search with Regex

logging graylog2 graylog
Zwen2012 picture Zwen2012 · Feb 19, 2018 · Viewed 7.5k times · Source

In my graylog Server, I want to create a search-value which finds the folowing query: ctxt__Error:"User \"USERNAME\" not found.". But I want to find ANY Error for every USERNAME. My Searchstring dowsnt work when I do this: ctxt__Error:"User \"*\" not found." Is there another way to do this?

Answer

joschi picture joschi · Feb 19, 2018

Only a few message fields are analyzed by default in Graylog, i. e. message, full_message, and source.

You can create a custom Elasticsearch index template, if you want other fields to be analyzed: http://docs.graylog.org/en/2.4/pages/configuration/elasticsearch.html#custom-index-mappings

Other than that, it should be possible to use regular expressions (not simple wildcards) in the query, but the regular expression has to match the complete field: http://docs.graylog.org/en/2.4/pages/queries.html#search-query-language

Example:

ctxt_Error:/User ".*" not found./

Related questions

How to send logs to Graylog (Docker)?

I'm new to both Docker and Graylog. Can anyone show me an example of how to send log data to the Graylog server?

Read More
How to handle multiple heterogeneous inputs with Logstash?

Let's say you have 2 very different types of logs such as technical and business logs and you want: raw technical logs be routed towards a graylog2 server using a gelf output, json business logs be stored into an elasticsearch cluster …

Read More
What are the main differences between Graylog2 and Kibana

What are the main differences between Graylog2 and Kibana? We already use Graylog2 but I must admit I don't really like the UI. Just wonder in case it may be helpful to switch to Kibana.

Read More