After upgrade to version 4.1.6 request to API not working on 1'st node on graylog cluster

When sending request to API /api/search/universal/absolute, qs: { query: ‘ID: 10194 OR ID: 12734 OR ID: 26905 OR ID: 27009 OR ID: 26910 OR ID: 26986’, from: 2021-05-24T07:57:10.000Z, to: 2021-05-24T08:57:10.000Z, filter: ‘streams:5eb3eaf8bb3f0840b000cf83’, fields: [Array], limit: 1 }, callback: [Function: RP$callback], transform: undefined, simple: true, resolveWithFullResponse: false, transform2xxOnly: false

Request in a more convenient format:
“qs”: {
“query”: “(ID: 10194 OR ID: 12734 OR ID: 26905 OR ID: 27009 OR ID: 26910 OR ID: 26986) AND T:RES”,
“from”: “2021-10-21T08:31:33.000Z”,
“to”: “2021-10-21T08:48:13.000Z”,
“filter”: “streams:5eb3eaf8bb3f0840b000cf83”,
“fields”: [
“limit”: 1

I get the error
must not be empty (path = AbsoluteSearchResource.searchAbsoluteChunked.arg7, invalidValue = null)

On the second node, which is a complete copy of the first and was updated simultaneously with the first, the request is processed correctly.

Graylog version 4.1.6, Centos 7.

Same problem in this topic:

Restarting graylog-server service didn’t help.

Apparently there is some problem in the argument of this class.

When a request is made to the second node in the built query, the fields become an empty array (this can be seen in the response) and everything works on the second node.

Hello && welcome

I don’t have a direct answer for you about your issue but if you believe this is a bug you can always post it here.

After update graylog to 4.2 problem, has solved.

Wow that was an easy fix :slight_smile: Thank for posting how you resolved it.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.