This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

New Log View Bug

ChadTurner
DynaMight Legend
DynaMight Legend

‎08 Aug 2024 09:39 PM

Staff has provided feedback reporting a bug in the new Log View. When a user leverages two of the same filter variables with different conditions, the underlying DQL query is showing as OR but the OR logic.... (my logic)... Isn't being followed. 

Overview of the Log filter: 

ChadTurner_0-1723148124450.png

You'll notice we are calling logs for a give host, AND logs sources that DO NOT INCLUDE CO***** -OR- DO NOT INCLUDE Var/Log/Messages. The expected result would be removal of the entries showing in yellow and purple. 

Posting the query to a notebook gives you the DQL: 

ChadTurner_1-1723148313335.png

My logic... which might be flawed.

| filter startsWith(host.name, "<VALUE>")
| filter NOT contains(log.source, "co****") OR NOT contains(log.source, "/var/log/messages")

My understanding is the first line goes to the second line as an AND, meaning that both have to be present. No we get to the second line: OR statement where "co****" OR "/var/log/messages".... but that OR.. seems to have the logic of AND, where the log.source name does not contain co**** AND "Var/log/messages" which would never exist hence the filtering failed. 

It's possible my logic is flawed, because we get the desired result when it formulates the DQL as a AND.... 

A synopsis of this is, then using the new log preview, the selector leverages an "OR" in the statement, when the DQL Query will natively work if "OR" is replaced with "AND"

I hope this helps and I didn't confuse everyone. 

 

-Chad
Labels:
Reply
0 REPLIES 0
Ask a question

Featured Posts