Searching for string with hyphen at end
Re: Searching for string with hyphen at end
Hopefully it gives you something useful
Former Nagios Employee.
me.
me.
Re: Searching for string with hyphen at end
Not yet. I'm actually at a customer's site in Philly this week, installing NLS and NNA and NXI for them. I thought I could try it out on their system real quick but I just have the syslog and eventlog input filters right now. Might have to wait until I get home.
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: Searching for string with hyphen at end
Sorry, but my requirement is do do a global query. The username CarlS could be in different fields ranging from WIndows eventlogs to F5 Load Balancer logs, to SHarePoint IIS logs. If sudddenly we notice there is a user 'CarlS-' doing some things it is not supposed to do, we need to search all logs for 'CarlS-' and only get logs for 'CarlS-'.... Is this a global ELK issue or specific to NLS?I assume if you're using Windows event logs, you should have a field for username, see if there is a username.raw field, and try your search on that.
Nagios XI 5.8.1
https://outsideit.net
https://outsideit.net
-
bheden
- Product Development Manager
- Posts: 179
- Joined: Thu Feb 13, 2014 9:50 am
- Location: Nagios Enterprises
Re: Searching for string with hyphen at end
This is a global ELK problem.
You can duplicate as many fields as you want using the raw solution that hsmith posted, and then you'd be able to search using regex across all fields.
If I can come up with a better solution, I'll reach out and let you know.
You can duplicate as many fields as you want using the raw solution that hsmith posted, and then you'd be able to search using regex across all fields.
If I can come up with a better solution, I'll reach out and let you know.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Nagios Enterprises
Senior Developer
Nagios Enterprises
Senior Developer
Re: Searching for string with hyphen at end
Looking forward to that better solution. Teaching clients that typing "field_name.raw:thing_to_look_for" is required, rather than just "thing_to_look_for" is not a long-term viable solution for us.
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: Searching for string with hyphen at end
As am I. It's something that I'm researching. Switching to the WhiteSpace analyzer might be a possibility, but I can't promise it is going to not break current installations. I will need to test this.eloyd wrote:Looking forward to that better solution. Teaching clients that typing "field_name.raw:thing_to_look_for" is required, rather than just "thing_to_look_for" is not a long-term viable solution for us.
Former Nagios Employee.
me.
me.
Re: Searching for string with hyphen at end
Agreed. It's not a big deal (now) but as our base of users that just want to search for stuff for their helpdesk people to find missing emails, busted logons, etc, limitations of the parser will become increasingly awkward to work around.
One option would be to allow multiple parsers to be used, but to make it an advanced configuration option so people who know what they're doing inside elasticsearch can take advantage of the different analyzers.
One option would be to allow multiple parsers to be used, but to make it an advanced configuration option so people who know what they're doing inside elasticsearch can take advantage of the different analyzers.
Eric Loyd • http://everwatch.global • 844.240.EVER • @EricLoyd
I'm a Nagios Fanatic! • Join our public Nagios Discord Server!
Re: Searching for string with hyphen at end
I'll have to sit down with Jake and Scott and figure out what the best route to take is.
Former Nagios Employee.
me.
me.