Graylog 正则匹配搜索 message 的方式

用法：field_name: /regular expression/
测试1：message: /.*Exception*/

message: /.*Exception*/结果
一看结果为空，这是怎么回事呢？
因为 graylog 的 elasticsearch analyzer 把字段（message、full_message、source）的值都转换为小写了，所以搜索时字段值全部使用小写匹配即可。

The “standard” analyzer of Elasticsearch preprocesses the message fields before indexing them. Among other things, it converts the messages to lowercase.
See https://www.elastic.co/guide/en/elasticsearch/reference/5.6/analysis-standard-analyzer.html for details about the “standard” analyzer.
By default, Graylog creates an index mapping which will instruct Elasticsearch to analyze the “message”, “full_message”, and “source” fields. Other fields are not automatically analyzed.
You can change the analyzer which Elasticsearch is applying to a message field by creating your own custom index mapping:
http://docs.graylog.org/en/2.4/pages/configuration/elasticsearch.html#custom-index-mappings

测试2：message: /.*exception*/ （字段值全部使用小写匹配）

message: /.*exception*/结果
可以看到出现匹配结果了。

参考：https://community.graylog.org/t/wildcard-search-question/167/9