Github user merrimanr commented on the issue: https://github.com/apache/metron/pull/620 Just tested again and I am able to now remove the first filter and properly filter on values with special characters (referrer field for example). I did another pass and found some trivial issues as well as a few non-trivial issues and have made comments. I think more thought needs to be put into the AlertService.search and AlertService.pollSearch functions. The AlertService.getAlert function is very clear to me: it requires a couple of clearly named parameters and I expect to get an 'Alert' type object back. The other functions in this service are not as clear. The search function for example takes in a QueryBuilder object which provides a generic javascript object as the body for the post request. Then in return the post returns an Observable with a generic javascript object. So essentially Typescript isn't being used here when it should because it would make the search interface clearer. For example, I would prefer this function signature: `public search(searchRequest: SearchRequest): Observable<SearchResponse>` where SearchRequest and SearchResponse are model objects. The way it is now it's not easy to understand what is being sent and what is expected back unless you've spent time tracing the search calls to where requests are built/response are processed and know all the source code well OR already has a lot of experience with the ES query syntax. The result of all this is that not having a clear contract between the search client/server will make developing a middle-tier more tedious.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---