Searching in Graylog2 full_message

Question

Is it possible to search in Graylog2 full messages using Quickfilter?

I can successfully search in short messages, but it seems like full messages can be filtered only using streams.

I need to filter old full messages and new stream is applied only to new messages. Is there any solution to this problem?

Answer 1

Found a way to search full_message terms:

In "analytics" tab there is analytics shell where you can execute custom commands.

Example:

all.find(full_message="term")

Note from Graylog Analytics Shell instructions:

The fields message and full_message are broken to terms. This means that searches on them do not mean equals [search term] but contains [search term].

Answer 2

As of Graylog V2.1.2, the the field full_message can be searched like any other field.

You can directly search full_message:

full_message: "my full message string"

or search across all fields:

"my full message string"