graylog2-server icon indicating copy to clipboard operation
graylog2-server copied to clipboard
verified publisher icon Graylog2

Table not showing content with Generic Query. Graylog 4.0.1

Open chalfling opened this issue 5 years ago • 0 comments

I'm searching with keyword range "two days ago to past day". I'm querying only by some "source". I had created a table with fields: event, src_ipaddr and dst_ipaddr.

If a query it only by "source" I got no results in table, but if I query it by "source AND _exists_:fields" I see table's content.

This behavior also happen with search ranges: Relative: "Search in the last 1 day", "Search in the last 2 days" Absolute: "2020-11-30 00:00:00.000" to "2020-12-02 00:00:00.000"

But works with: Absolute: "2020-12-01 00:00:00.000" to "2020-12-02 00:00:00.000"

I tested in "Search"s, "Streams"s and "Dashboard"s page.

Expected Behavior

I Expected this result without query needs an "_exists_" restrict_search

Current Behavior

Same query, same table, but without "_exists_" generic_search

Possible Solution

Steps to Reproduce (for bugs)

  1. Go to Search's page
  2. Create a table with 3 fields (that will show only a few data results)
  3. Search a generic query (that will bring more data that not will show in table)

Context

Your Environment

  • Graylog Version: 4.0.1
  • Java Version: 1.8.0_252
  • Elasticsearch Version: 7.9.3
  • MongoDB Version: 4.2.7
  • Operating System: 12.1

chalfling avatar Dec 02 '20 12:12 chalfling