Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wildcard search failed while the search string contains Uppercase for searching fields #3845

Open
ken013194 opened this issue May 18, 2017 · 3 comments
Open

Wildcard search failed while the search string contains Uppercase for searching fields #3845

ken013194 opened this issue May 18, 2017 · 3 comments
Labels
documentation

Comments

@ken013194
Copy link

ken013194 commented May 18, 2017
edited

The searching function of Graylog2 should be able to search string using wildcard search
But in my case (Graylog2.2), for the field called "Event" contains "UserLogoutSessionEvent"
I am not able to search by using the Syntax:
Event:User*
Event:Logout

While the following query seems work:
Event:?ser?ogout*
Event:*
Event:UserLogoutSessionEvent

Expected Behavior

Searching should return matched result whatever the search criteria contain Uppercase or Lowercase Character, or Both with the use of wildcard search
For example, for the field called "Event" contains "UserLogoutSessionEvent" should be able to search by using the following query:
Event:User*
Event:Logout
Event:User?ogout*
Event:userlogout*

(Whatever the query contains Uppercase)

Current Behavior

Will return nothing if the query String contains Uppercase character, for example:
Event:User?ogout*

**Update

  1. This behavior will not happen if the field are stored with only lowercase letter, for example:
    Search Event:UserLogin* on the "Event" field that contains userloginsessionevent will not trigger this behavior

Possible Solution

The cause of this behavior is currently unknown so we need attention here

Steps to Reproduce (for bugs)

  1. Create a record with one of the field contains Uppercase Character
  2. Search the field that contain Uppercase Character together with wildcard search
  3. Nothing return from the result

Context

Unable to search if any of the field contains Uppercase within the query string

Your Environment

  • Graylog Version:Graylog v2.2.3+7adc951
  • Elasticsearch Version: v2.2.4
  • MongoDB Version: v2.6.10
  • Operating System: Ubuntu 16.04.2 LTS
  • Browser version: Chrome Version 58.0.3029.110
@ghost
Copy link

ghost commented May 19, 2017

See #706.

@jalogisch
Copy link
Contributor

The Lucene Query Language should be documented better - this is not a bug, but need to be described better.

@vnyshva
Copy link

vnyshva commented Apr 10, 2019

I have some similar issue.
If i try to search logs starting with ERROR [date] using message:/^ERROR/
This gives no result.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jalogisch @ken013194 @vnyshva