Closed amallais-transit closed 1 year ago
jasonish
commented
1 year ago Are you able to try the development builds? I've done away with the ';' separators so this is likely fixed.
If not that's ok. I'll be able to try soon but likely not this week.
amallais-transit
commented
1 year ago I could, but do I need to update the agent too ? If I can just replace the server, I can try later today
jasonish
commented
1 year ago I could, but do I need to update the agent too ? If I can just replace the server, I can try later today
You can just update the server. Are you using Elasticsearch or SQLite? If elastic you can downgrade without issue. If SQLite, well I haven't tested that scenario yet as a lot of work has gone into sqlite.
amallais-transit
commented
1 year ago Ok, so I tried updating to the unstable branch.
Now I cannot click on any IP in the reports -> alerts so I cannot test here
In the main inbox, there is now only a archive button. Filter on is gone, Escalate is gone. so I'm not sure how I can test if the issue is resolved :/
jasonish
commented
1 year ago Oh. Sorry to have guided you here. The 0.16.0 had a lot of nits in the UI. Some I fixed by disabling to get back to and this is one. Noted.
amallais-transit
commented
1 year ago well, for what it matters, clicking on IP details or SID "inside" an alert, does add the filter the correct way. So I think yes the unstable version works correctly regarding filters.
jasonish
commented
1 year ago Re-added, and fixed in master branch.
example of bad query string : /inbox;q=alert.signature_id:10002317
If I modify it in the url bar directly and replace the ; with a ? it works
same happens if I open reports -> alerts, then select an IP the query string looks like this : /#/events;q=%2B"10.10.100.11"
Entering the filter in the filter box works as normal.
I can provide more details about my setup if needed.