Though the index is based on words, it is possible to use wildcards when needed, although some care must be taken.
bob* will find events containing
Bobby efficiently, but
*ob* will not. The latter cases will scan all events in the time frame specified.
Wildcards are tested after all other terms. Given the search:
authclass *ob* hello world, all other terms besides
*ob* will be searched first. The more you can limit the results using full words and fields, the better your search will perform.
Given the following events, a search for
world would return both events:
2012-02-07T01:04:31.102-0600 INFO AuthClass ...