I have a field extraction that gets the message number from the raw message string
**.{22}\s[0-9](?\d{2})**
The message string is in the format of
2017-11-15T13:32:53,915 4790018 299939553102122275000175000000000022 6834527000103_0_007500002610100_100850055_00045010000010000_1___________________
The field is available and has values of 01, 02, 09, 11, 12, 19, 51, 52, 79, 90, 91 etc. but I cannot search for all values.
If I search for message number 51 I get results
**index=main msg_number=51**
If I search for message number 52 no results are returned.
**index=main msg_number=52**
If I use the following search **index=main | eval msg_number=msg_number*1 |search msg_number=52**, I get results
I have no idea why search for some numbers does not work.
↧
