Search Graylog2 full_message

Question

Is it possible to search in full Graylog2 messages using Quickfilter?

I can successfully perform a search in short messages, but it seems that complete messages can only be filtered using streams.

I need to filter out old complete messages, and the new stream only applies to new messages. Is there a solution to this problem?

+4

Laurynas Aug 26 '12 at 14:21

2 answers

Found a way to search for full_words:

The analytics tab has an analytics shell in which you can execute custom commands.

Example:

 all.find(full_message="term")

Note from the Graylog Analytics Shell team:

Message and full_message fields are interrupted. This means that a search on them does not mean equal [search query], but contains [search query].

+6

Laurynas Aug 26 '12 at 16:25

sleske · Accepted Answer · 2017-02-02T15:58:31+0000

As in Graylog V2.1.2, the full_message field can be searched like any other field.

You can directly search for full_message :

 full_message: "my full message string"

or search in all fields:

 "my full message string"