Empty dataset on time ranged query

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Search for class=none
2. Date Range 2 days ago within one hour (ie 2012-04-25 15:50:20 2012-04-25 
16:50:20

What is the expected output? 
Thousands of Rows

What do you see instead?
0 rows

What version of the product are you using?

SVN checkout of ELSA.
syslog-ng 3.3.5

On what operating system?
Debian Squeeze

Please provide any additional information below.
apache2/error log
Use of uninitialized value in addition (+) at 
/srv/syslogdata/elsa/web/lib/API.pm line 2692.

web.log

* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/Web.pm (102) 
Web::_extract_method 32699 [undef]
uri: 
/Query/query?q=%7B%22query_string%22%3A%22%20class%3Dnone%22%2C%22query_meta_par
ams%22%3A%7B%22end%22%3A1335361820.838%2C%22start%22%3A1335358220.837%7D%7D
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/Web/Query.pm (19) 
Web::Query::call 32699 [undef]
method: query
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (2198) 
API::query 32699 [undef]
Decoded as : $VAR1 = {
          'query_meta_params' => {
                                   'start' => '1335358220.837',
                                   'end' => '1335361820.838'
                                 },
          'query_string' => ' class=none'
        };
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (2266) 
API::query 32699 [undef]
Received query with qid 1015 at 1335532165.89763
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (2831) 
API::_parse_query_string 32699 [undef]
orig_parsed_query: $VAR1 = {
          '' => [
                  {
                    'value' => 'none',
                    'op' => '=',
                    'field' => 'class'
                  } 
                ] 
        };
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (3203) 
API::_parse_query_term 32699 [undef]
terms: $VAR1 = {
          '' => [
                  {
                    'value' => 'none',
                    'field' => 'class',
                    'op' => '='
                  } 
                ]
        };
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (3271) 
API::_parse_query_term 32699 [undef]
Set operator  for given class none
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (2861) 
API::_parse_query_string 32699 [undef]
attr before conversion: $VAR1 = {
          'or' => {},
          'not' => {},
          'and' => {}
        };
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (2952) 
API::_parse_query_string 32699 [undef]
Permissions grant access to any host_id
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (2952) 
API::_parse_query_string 32699 [undef]
Permissions grant access to any program_id
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (2952) 
API::_parse_query_string 32699 [undef]
Permissions grant access to any node_id
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (3093) 
API::_parse_query_string 32699 [undef]
field_terms: $VAR1 = {
          'or' => {},
          'not' => {},
          'and' => {}
        };
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (3094) 
API::_parse_query_string 32699 [undef]
any_field_terms: $VAR1 = {
          'or' => {},
          'not' => {},
          'and' => {}
        };
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (3145) 
API::_parse_query_string 32699 [undef]
query_term_count: 1, num_added_terms: 0
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (3158) 
API::_parse_query_string 32699 [undef]
META_PARAMS: $VAR1 = {
          'start' => '1335358220.837',
          'end' => '1335361820.838'
        };
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (2486) 
API::_sphinx_query 32699 [undef]
sphinx_query: SELECT *, 1 AS positive_qualifier, 0 AS negative_qualifier FROM 
perm_120, perm_121 WHERE MATCH('') AND positive_qualifier=1 AND 
negative_qualifier=0 AND class_id IN (?) AND timestamp BETWEEN ? AND ? LIMIT 
?,? OPTION ranker=none, values: $VAR1 = [
          '1',
          1335358220,
          1335361820
        ];
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (2495) 
API::__ANON__ 32699 [undef]
Sphinx query for node 127.0.0.1 finished in 0.0046238899230957
* DEBUG [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (2723) 
API::_sphinx_query 32699 [undef]
completed query in 0.00582790374755859 with 0 rows
* INFO [2012/04/27 16:09:25] /srv/syslogdata/elsa/web/lib/API.pm (2321) 
API::query 32699 [undef]
Query 1015 returned 0 rows

Original issue reported on code.google.com by thana...@gmail.com on 27 Apr 2012 at 1:14

[GoogleCodeExporter]

Have I done something wrong with the above?

Original comment by thana...@gmail.com on 27 Apr 2012 at 1:17

[GoogleCodeExporter]

You should've gotten a warning at the top of the web page indicating something 
like "requires full-scan" in red letters.  This is because you were not 
searching any keywords, only attributes.  See 
http://code.google.com/p/enterprise-log-search-and-archive/wiki/Documentation#In
dex_Configuration for more info.  Generally speaking, you have to be looking 
for a keyword in the log to search all time, otherwise only temp indexes get 
searched.  Alternatively, you can switch over to an archive search and re-run 
(click the "Index" button to switch to "Archive") and it will find all 
class=none logs from that timeframe, but the search will be backgrounded.  Does 
this help?

Original comment by mchol...@gmail.com on 27 Apr 2012 at 1:59

• Added labels: Type-Other
• Removed labels: Type-Defect

[GoogleCodeExporter]

Yeap...thanx for that.

Original comment by thana...@gmail.com on 14 May 2012 at 12:42

[GoogleCodeExporter]

Fixed via docs.

Original comment by mchol...@gmail.com on 31 May 2012 at 2:44

• Changed state: Done