Nagios Support Forum

In trying to get specific data I am not sure but it seems that the field name is ignored.

For example, a query such as this: Seems to return the same results as: Also, using Field:value seems to be the same as Field=value.

Is this the normal behavior I should expect? The match for sharepoint has me concerned as I have other data with sharepoint in the name and may not want that field to match a query.

I guess I expected a field value pair to do matching.

Please help me get a better idea of what to expect. Should I use fields in a query.

Thanks

Steve B

Code: Select all

NLStags=sharepoint AND type=eventlog AND EventID=4672 AND NOT (SubjectUserName:xxxa1 OR SubjectUserName:xxxa2 OR SubjectUserName:SYSTEM OR SubjectUserName:audit001 OR SubjectUserName:es_002_maint)

Did you mean to do this? Also, if you don't add the field: before the searchterm, it should search across ALL fields to find a match

https://lucene.apache.org/core/2_9_4/qu ... x.html#NOT

Good stuff in that Log Server tool. Seeing so many interesting actionable things.

I have a better handle on the lucene syntax now, thanks.

Now I'm gonna figure out how to add other panel types.

Please close this. I'm good for now.

Steve B

SteveBeauchemin wrote:Good stuff in that Log Server tool. Seeing so many interesting actionable things.

I have a better handle on the lucene syntax now, thanks.

Now I'm gonna figure out how to add other panel types.

Please close this. I'm good for now.

Steve B

Sounds good!

Locking