search

louislam / uptime-kuma

A fancy self-hosted monitoring tool
https://uptime.kuma.pet
MIT License
59.64k stars 5.33k forks source link

Keyword search doesn't work (trucated?) #3163

Closed swiftbird07 closed 1 year ago

swiftbird07 commented 1 year ago

⚠️ Please verify that this bug has NOT been raised before.

🛡️ Security Policy

📝 Describe your problem

I try to search for the keyword "Suricata" when doing a search on my Elasticsearch cluster using Kumas HTTP(S) - Keyword monitor. The expected response is (tested with Postman):

"took": 17,
    "timed_out": false,
    "_shards": {
        "total": 223,
        "successful": 223,
        "skipped": 180,
        "failed": 0
    },
    "hits": {
        "total": {
            "value": 10000,
            "relation": "gte"
        },
        "max_score": 1.0221461,
        "hits": [
            {
                "_index": ".ds-logs-pfelk-suricata-2023.05.14-000034",
                "_id": "bDTSIIgBiyFxAeyd6_Ed",
                "_score": 1.0221461,
                "_source": {
                    "source": {
                        "ip": "10.20.1.1",
                        "port": "40153"
                    },
                    "@timestamp": "2023-05-15T19:11:13.589259067Z",
                    "destination": {
                        "ip": "10.20.0.1",
                        "port": "53"
                    },
                    "suricata": {
                        "eve": {
[...]

as can be seen "suricata" is a keyword in that response, but when setting that keyword in the HTTP(S) - Keyword monitor it doesn't find it. When I search for "took" or "hits" it succeeds. "max_score" also works, but after that it seems to not find any more keyword. I.e. "_index" or "_id" is not found. Also interestingly "10000" is also not found.

I checked the code and Kuma seems to use data.includes to check the keyword and a manual check in the console with the same response payload succeeds. So something seems to be wrong either on my end or on Kumas. Can anybody help?

📝 Error Message(s) or Log

Suricata Interface - vtnet1] [🔴 Down] 200 - OK, but keyword is not in [{"took":880,"timed_out":false,"_shards":{"total...]

🐻 Uptime-Kuma Version

1.21.2

💻 Operating System and Arch

Docker (via Ubuntu Server)

🌐 Browser

Firefox

🐋 Docker Version

Latest

🟩 NodeJS Version

No response

louislam commented 1 year ago

Not quite sure, but i tested with this json (https://raw.githubusercontent.com/louislam/uptime-kuma-website/master/github-public-sponsors.json), it doesn't seem to be truncated.

swiftbird07 commented 1 year ago

Not quite sure, but i tested with this json (https://raw.githubusercontent.com/louislam/uptime-kuma-website/master/github-public-sponsors.json), it doesn't seem to be truncated.

Hm what I see in this example payload is that there is no second level json (or however that's called) in it. In my example the desired string is inside hits.hits._source. Maybe the stringify from json I saw in the code can't handle this?

djmaze commented 1 year ago

Same problem with the output of https://federationtester.matrix.org/api/report?server_name=matrix.org, testing for "FederationOK": true.

EDIT: Fixed! Turns out "FederationOK":true (without space) works.