Currently, journalctl does not support patterns or wildcards in field matches. grep is your best option.
I had the same problem, and I think that journalctl only searches for an exact match for VALUE when NAME=VALUE is passed as arguments.
My investigations:
-
man page
From
journalctl(1)The pattern is not mentioned in the description of the matches:
[...] A match is in the format "FIELD=VALUE", e.g. "_SYSTEMD_UNIT=httpd.service", referring to the components of a structured journal entry. [...]The man page refers to a pattern when describing
-uoption only.-u, --unit=UNIT|PATTERN Show messages for the specified systemd unit UNIT (such as a service unit), or for any of the units matched by PATTERN. -
Source code
The function
fnmatchinsrc/journalis used when searching for units only. -
debug journalctl
Enabling debug output you can see that the pattern is expanded only when using
-u.$ SYSTEMD_LOG_LEVEL=debug journalctl -n1 -u gdm* ... Matched gdm.service with pattern _SYSTEMD_UNIT=gdm* Matched gdm.service with pattern UNIT=gdm* Journal filter: ((OBJECT_SYSTEMD_UNIT=gdm.service AND _UID=0) OR (UNIT=gdm.service AND _PID=1) OR (COREDUMP_UNIT=gdm.service AND _UID=0 AND MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1) OR _SYSTEMD_UNIT=gdm.service) ...All the matches are treated as exact, including
UNIT:$ SYSTEMD_LOG_LEVEL=debug journalctl -n1 UNIT=gdm.* ... Journal filter: UNIT=gdm* ...