Hey all,
I'm trying to search for a logline within the Logtailing tab(part of the Observer features):
read 24FPS, detection 24FPS, track 24FPS (0)
I can find this logline by using the query: message: track however, if I use the search: message: *FPS or any other combination of wildcards it does not work.
If I do the same within Discover which I think also uses KQL the wildcard search is working.
Funnily enough (within Logs) the following wildcard search seems to work somewhat: message:track* since it also yields the log line:
(Tracker - lsp_tracker.on_finished_lsp)
I'm really confused if wildcard search is working in the Logtailing tab or not. To me the behavior is extremely fuzzy. Does anyone have an idea on when and how it works?
I have already read through this: Wildcard query not working as expected - #2 by Joe_Fleming
all the best,
Glenn