How exactly does one do an OR query?

[GoogleCodeExporter]

What steps will reproduce the problem?
I have a few failed ssh logins and zero failed windows logins
1. (sshd +'authentication failure') in a date range of the last 24 hours will 
provide my four failed ssh logins
2. (eventid:4625) in the last 24 hours returns nothing, but for all time 
returns about 300 results
3. (sshd +'authentication failure') (eventid:4625) over the last 24 hours 
returns nothing, and over all time returns nothing. I'm trying to find a query 
that will return all failed ssh logins and all eventid:4625 events, but it 
seems that ELSA tries to find logs that include both attributes.

How do I do a true OR?

What version of the product are you using? On what operating system?
Latest svn on CentOS 6.4

Original issue reported on code.google.com by i...@pingas.org on 17 Jun 2013 at 4:08

[GoogleCodeExporter]

Sorry, just to clarify, I have many failed sshd and many failed windows logins.

I have only a few failed sshd logins and zero failed windows logins in the last 
24 hours.

I don't know why I specified the difference in result number over time frame -- 
the issue is that I just can't figure out how to do a query like:
(key1 +key2 -key3) OR (key4 -key5 +key6)
And other queries similar to that.

Original comment by i...@pingas.org on 17 Jun 2013 at 4:13

[GoogleCodeExporter]

Your syntax is correct, it appears that there is a bug with OR queries when not 
specifying a field for the term.  Thanks for reporting it, I'll be working on 
fixing it shortly.

Original comment by mchol...@gmail.com on 18 Jun 2013 at 2:19

[GoogleCodeExporter]

Did the commit from 3 days ago officially fix this?

Original comment by i...@pingas.org on 24 Jun 2013 at 7:39

[GoogleCodeExporter]

No, not yet.  I'll make a note here when it's ready.

Original comment by mchol...@gmail.com on 24 Jun 2013 at 9:01