In my graylog Server, I want to create a search-value which finds the folowing query: ctxt__Error:"User \"USERNAME\" not found.". But I want to find ANY Error for every USERNAME. My Searchstring dowsnt work when I do this: ctxt__Error:"User \"*\" not found." Is there another way to do this?

Only a few message fields are analyzed by default in Graylog, i. e. message, full_message, and source.

You can create a custom Elasticsearch index template, if you want other fields to be analyzed: http://docs.graylog.org/en/2.4/pages/configuration/elasticsearch.html#custom-index-mappings

Other than that, it should be possible to use regular expressions (not simple wildcards) in the query, but the regular expression has to match the complete field: http://docs.graylog.org/en/2.4/pages/queries.html#search-query-language

Example:

ctxt_Error:/User ".*" not found./

TLDR;

try following

field_name:/regular expression/

example,

ctxt__Error:\User .* not found.\

The original accepted answer is behind the paywall, which belongs to Graylog Enterprise customers.

Please kindly refer to the answers from the Graylog community post-https://community.graylog.org/t/searching-via-regular-expression-possible/6008