Hi, you could probably use the pattern analyzer <https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis-pattern-analyzer.html> to split the message terms but that would of course impact all ingested messages, not just the ones you've mentioned as an example.
If these fields have a specific meaning, you might want to use a Grok or RegEx extractor to copy them into specific message fields, so that you can specifically query for them. See http://docs.graylog.org/en/2.1/pages/extractors.html for details. Cheers, Jochen On Tuesday, 10 January 2017 00:43:40 UTC+1, Zhiyuan Lei wrote: > > I use elasticsearch_analyzer = standard in my graylog,and I have a message > like this > > 2017-01-09 20:02:50,197 [x/x] - > [(x,aa.bb,Y,645810f41483963370181610719839,1ms)] > > Expected Behavior > > expcected all terms like > > Field terms: xxx Y 645810f41483963370181610719839 1ms > > the last comma should spit the last words. > Current Behavior > > Field terms: xxx Y 645810f41483963370181610719839,1ms > > but last words 645810f41483963370181610719839,1ms was not splited. > > > > maybe I can set stopwords to solve this problem, according this > https://www.elastic.co/guide/en/elasticsearch/reference/2.3/analysis.html > > > does anyone have an idea? > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8f3029dd-c95a-417b-ba1b-82371cff6119%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
