Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/620
I was able to get this running in "dev" mode against full dev based on
instructions in the README. This is a great start.
I've noticed several bugs while initially exploring the UI:
- When multiple filters are applied, I am not able to successfully remove
the first one. For example given a query "source:type:snort AND
ip_dst_addr:192.168.138.158", when I remove the source:type filter it becomes
"AND ip_dst_addr:192.168.138.158" and I get a failed to parse error.
- Filtering by alert status always returns 0 records
- What is supposed to happen when you change an alert status? Right now it
looks like nothing happens.
- Changing the sort order resizes all the columns more than it should.
- _id column sorting doesn't do anything.
- Filtering on various columns causes an error ("url" and "referrer" for
example).
- Does the ACTIONS dropdown do anything right now?
- OR operators don't seem to work. For example
"ip_src_addr:192.168.138.158 OR ip_src_addr:192.168.66.1" returns records with
ip_src_addr that does not match those filters (actual query sent ends up being
"query": "ip_src_addr\\:192.168.138.158 OR ip_src_addr:192.168.66.1").
Will report more as I find them.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
