metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Otto Fowler <>
Subject Re: [DISCUSS] Bug maybe: Alert UI can't use two status filter
Date Fri, 31 May 2019 19:22:26 GMT

On May 31, 2019 at 08:53:21, Tibor Meller ( wrote:

Hi all,

tl;dr: Is it a bug if "* -alert_status:RESOLVE OR -alert_status:DISMISS"
not works on Alert UI?

I'm experimenting with filtering from the alert UI. What I found is I can
run the following query directly against the REST API without any problem:
"* -alert_status:RESOLVE OR -alert_status:DISMISS"
But if I try to add the same filter on the Alert UI only the
alert_status:DISMISS applies to the query.
The reason is we identifying filters by filter.field so two filters to the
same filed (alert_status in this case) override each other.

Is this a bug? If it is, I'm happy to fix it.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message