I have a field message in _raw that looks something like this: "message":"test::hardware_controller: Unit state update from cook client target: Elements(temp: -, [F: 255, F: 255, F: 255, F: 255,...
See more...
I have a field message in _raw that looks something like this: "message":"test::hardware_controller: Unit state update from cook client target: Elements(temp: -, [F: 255, F: 255, F: 255, F: 255, F: 255, F: 255]), hw_state: Elements(temp: -, [F: 255, F: 255, F: 255, F: 255, F: 255, F: 255])" I am looking to search for messages containing the bold section. , but when i search: index="sample_idx" $serialnumber$ log_level=info message=*Unit state update from cook client target*| this returns no results, even though I know events containing the wildcard phrase are present within the query index and timeframe