Hello,
I think i may need some help here. I have a record in EFK as below
orchestrator.resource.name : "akr1r3*" and (log.file.path : /var/log/abc.log) and (message : "Signing with P-Origination Id \\[F92DAEC5-F1C9-4F8B-B913-84B8F46F98EC] using Trunkgroup ID \\[STI_IN_TG\\]")
I am able to get hits when i provide the above query
but the value "F92DAEC5-F1C9-4F8B-B913-84B8F46F98EC" is random and I might not get the same value. So we modified the value to match for any using "*". The modified query is as below
orchestrator.resource.name : "akr1r3*" and (log.file.path : /var/log/abc.log) and (message : "Signing with P-Origination Id \\[.\\*\\] using Trunkgroup ID \\[STI_IN_TG\\]")
The query fails for the above string. What might be wrong here?
I can see below query works but i wanted to use the text "using Trunkgroup ID \[STI_IN_TG\]" also in search
orchestrator.resource.name : "akr1r3*" and (log.file.path : /var/log/abc.log) and (message : "Signing with P-Origination Id \\[.\\*\\]")