You will observe that sometimes filters that are added to a search contain a newline (\n) character to the filter and due to this no results are found.
In this screenshot, you can see that from an event, clicking the Magnifying Glass icon will add a filter which matches the value in the field:
This screenshot shows the filter that was added. You can see that \n was added to the filter, and you can see below this causes 0 hits to be returned:
You can edit the filter to remove \n which will result in search results being correctly returned.
What is causing this is that the original server that sent the syslog message had \n as part of the message. When you are seeing the value in the event in Nagios Log Server, \n is not being displayed, but it is there in the data.
It has been observed that:
When syslogs are sent via TCP, \n is also sent
When syslogs are sent via UDP, \n is NOT sent
For more information about TCP and UDP with syslog, please refer to this KB article under the section "Remote Server - Check Rsyslog Config":
Documentation - Logs Not Searchable or Not Coming In
For any support related questions please visit the Nagios Support Forums at:
Article ID: 498
Created On: Wed, Apr 27, 2016 at 10:01 PM
Last Updated On: Thu, Dec 13, 2018 at 7:03 PM
Authored by: tlea
Online URL: https://support.nagios.com/kb/article/nagios-log-server-newline-character-added-when-adding-a-filter-to-a-search-498.html