metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tibor Meller <>
Subject [DISCUSS] Bug maybe: Alert UI can't use two status filter
Date Fri, 31 May 2019 12:53:04 GMT
Hi all,

tl;dr: Is it a bug if "* -alert_status:RESOLVE OR -alert_status:DISMISS"
not works on Alert UI?

I'm experimenting with filtering from the alert UI. What I found is I can
run the following query directly against the REST API without any problem:
"* -alert_status:RESOLVE OR -alert_status:DISMISS"
But if I try to add the same filter on the Alert UI only the
alert_status:DISMISS applies to the query.
The reason is we identifying filters by filter.field so two filters to the
same filed (alert_status in this case) override each other.

Is this a bug? If it is, I'm happy to fix it.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message