negbie
commented
4 years ago @runelucica yes this is possible. Use || as prefix in both fields which should be or combined.
Closed runelucica closed 4 years ago
negbie
commented
4 years ago @runelucica yes this is possible. Use || as prefix in both fields which should be or combined.
negbie
commented
4 years ago so in Source IP field ||10.10.10.10 and in Destination IP field ||10.10.10.10
runelucica
commented
4 years ago Great. Many thanks for the hint! For more complex rules (Param1 AND (PARAM2 OR PARAM3)) the enhancement still applies? If that is also possible I can close the issue.
negbie
commented
4 years ago @runelucica yes. You can check out whats possible here https://github.com/sipcapture/homer-app/blob/master/data/service/search.go#L70
negbie
commented
4 years ago @runelucica for your example mby you only need to prefix PARAM2 or PARAM3 with ||. Play a bit with that. Maybe there are some cornercases. If so turn on debug logs and paste your query here.
runelucica
commented
4 years ago Awesome. In that case I will close the issue.
runelucica
commented
4 years ago I am re-opening this to provide more info to others on how I was able to get it working and ask for guidance for some other issues I found along the way.
This is how I was able to get it working:
This works as expected until you refresh the page or move away from the dashboard and return.
This takes me to the issues:
Issue 1 - After a refresh of the page, it seems that the last search button pressed applies to all Display results widgets. You have to click Search again on each Proto Search widget to apply the correct filters to each Display Results widget. Is this normal? Do you recommend I open a separate issue for this?
This is what the dashboard look like after pressing the Search button on the second Proto Search and refreshing the page:
Issue 2 - I initially tried using the search option built directly into Display Results widget. I added 2 Display Results widgets to the same dashboard. I tried configuring different search filters for the 2 Display Results widgets. It seems that the widget built in search option references the same Search widget regardless of how many dashboards and Display Result widgets I have. If you configure a search in one of the widgets, after you refresh the page or switch between the dashboard it applies the search on all Display Results dashboards. I have 2 questions here:
runelucica
commented
4 years ago Along the same lines, so that I don't open a different issue:
I would like to configure dashboards with pre-configured Search filters either in Proto Search SIP call widget or directly in the search bar of a Display Results widget. Is there anyway you can save dashboard search filter settings?
Ideally I would like to save these search settings so other users can view the same calls without having to define the search query again. This would also help in cases where the users would have read/view only access rights (not sure if this is even possible at the moment, but I have it on my "to test" list).
lmangani
commented
4 years ago @runelucica Thanks for your detailed report, we'll look into this.
As of your last question - have you tried using EXPORT - Share Link already? ;)
runelucica
commented
4 years ago Thank for the hint. Will give this a try and report back.
lmangani
commented
4 years ago Please update the ticket title or open a new one for the reported behaviour
runelucica
commented
4 years ago I would like to keep the this one as is so that others may use it in case they have similar OR related search queries.
You would like me to open new ones for Issue 1, Issue 2 and the save search settings topic?
runelucica
commented
4 years ago As agreed I opened 2 new issues for the other topics discovered while testing the Search capabilities.
RFbkak37y3kIY
commented
4 years ago fixed on devel branch, waiting marge to master
runelucica
commented
4 years ago I tested pre-configured searches using the Export Share Link format. I used the same format for parameters where I needed to perform the OR operation. For example I wanted to search the following calls: method is INVITE and the SrcIP or DestIP is 10.10.10.10 or 10.10.10.11, with no time frame specified I noticed that Homer searches against Today.
{ "timestamp": { "from":, "to": }, "param": { "search": { "1_call": { "method":INVITE, "srcIP":[||"10.10.10.10";"10.10.10.11"], "dstIP":[||"10.10.10.10";"10.10.10.11"]} }, "location":{}, "transaction": { "call":true, "registration":false, "rest":false }, "id":{}, "timezone": { "value":-60, "name":"Local"} } }
Here is the url built manually: https://homer-UI-server/search/result?{"timestamp":{"from":,"to":},"param":{"search":{"1_call":{"method":INVITE,"srcIP":[||"10.10.10.10";"10.10.10.11"],"dstIP":[||"10.10.10.10";"10.10.10.11"]}},"location":{},"transaction":{"call":true,"registration":false,"rest":false},"id":{},"timezone":{"value":-60,"name":"Local"}}}=
First of all can someone please confirm if the parameters for the search are defined correctly.
As far as the search goes I get strange results, similar to what I found when testing with the search dashboards. If I had a pre-existing session the search works OKish for any parameters not previously used in any searches. The parameters used in previous searches will overwrite any parameters specified in the manually built URL.
If I paste the URL in a fresh session Homer does not display any calls. If in that same session I navigate to a dashboard, perform a search and then paste again the same search URL I get some results (however the results are impacted by the same thing mentioned above).
I believe this is related to the other issues submitted for searches.
I am using Homer UI 7.0.7.031 and homer-app 1.1.35.
I would like to ask if it is possible to perform an OR operation between different parameters when Searching for calls? I would like for example to search for all calls where the Source IP or Destination IP is 10.10.10.10.