Github user merrimanr commented on the issue:
https://github.com/apache/metron/pull/796
This issue is still not fixed:
- The first is related to time-range selections that include 'Now' as part
of the range (Last 7 days, Last 5 minutes, Today so far, etc). This should be a
sliding window so I would expect the search query to be different every time
the results are refreshed. - Fixed
I submitted a PR against this PR that should address it (also has the
latest version of master merged in). Let me know if you think this is the
right way to fix it. Seems kind of strange to import a class (QueryBuilder) in
alerts-list into a service but I'll let you decide if that is ideal.
Saved search is working now and everything else seems to function
correctly. I did notice a regression where if I rename a column, type a query
with the friendly name in the query box (ie. sourceType:snort) results are no
longer returned. Not sure if that was introduced in this PR or not because I
don't think we are testing for it.
I am still not a fan of how the Time Range selection works. The "now"
designation is essentially meaningless because you can't save a range with
"now" in either FROM or TO. I still agree with all my previous complaints
about this too. If the community feels it is working correctly then I would
not hold up this PR over it.
The e2e tests are still insufficient and failing. I gave some
recommendations
[here](https://github.com/apache/metron/pull/796#issuecomment-337965321) for
your reference.
---
