A minimum of three characters, and a maximum of 250 is allowed in the classic index search query field but 5MB of query text is allowed for advanced searches.

When searching for a partial word use an asterisk "*".  The * must follow a character. The * wildcard represents multiple characters. If you want to use a wildcard to represent a single character then use a "?" instead.
Example: 
abc* is proper whereas *abc is incorrect.

Strings or words should be in double quotes like these " ".
Example:
"word1 word2 etc"

Looking for a message with any word that starts with “fail” and without the string of words “server time out”.
Example: 
fail* AND NOT "server time out" is proper, whereas fail* AND NOT server time out is bad.

Further examples of Complex Searches:

Example: 
%glbp-* AND (vlan30* OR vlan400)

Below are the messages the above search found.
GLBP-6-STATECHANGE: Vlan400 Grp 10 state Active -> Speak
GLBP-4-DUPADDR: Duplicate address 203.30.90.21 on Vlan3090, sourced by 0007.b400.0002
GLBP-6-FWDSTATECHANGE: Vlan400 Grp 9 Fwd 2 state Listen -> Active

Example:
%glbp-* AND (vlan30* OR vlan400) AND active

Below are the messages the above search found.
%GLBP-6-STATECHANGE: Vlan3094 Grp 0 state Standby -> Active
%GLBP-6-FWDSTATECHANGE: Vlan400 Grp 0 Fwd 1 state Active -> Listen
%GLBP-6-FWDSTATECHANGE: Vlan400 Grp 0 Fwd 1 state Listen -> Active