When sending request to API /api/search/universal/absolute, qs: { query: ‘ID: 10194 OR ID: 12734 OR ID: 26905 OR ID: 27009 OR ID: 26910 OR ID: 26986’, from: 2021-05-24T07:57:10.000Z, to: 2021-05-24T08:57:10.000Z, filter: ‘streams:5eb3eaf8bb3f0840b000cf83’, fields: [Array], limit: 1 }, callback: [Function: RP$callback], transform: undefined, simple: true, resolveWithFullResponse: false, transform2xxOnly: false
Request in a more convenient format:
“qs”: {
“query”: “(ID: 10194 OR ID: 12734 OR ID: 26905 OR ID: 27009 OR ID: 26910 OR ID: 26986) AND T:RES”,
“from”: “2021-10-21T08:31:33.000Z”,
“to”: “2021-10-21T08:48:13.000Z”,
“filter”: “streams:5eb3eaf8bb3f0840b000cf83”,
“fields”: [
“total_results”
],
“limit”: 1
},
I get the error
must not be empty (path = AbsoluteSearchResource.searchAbsoluteChunked.arg7, invalidValue = null)
On the second node, which is a complete copy of the first and was updated simultaneously with the first, the request is processed correctly.
Graylog version 4.1.6, Centos 7.
Same problem in this topic:
Restarting graylog-server service didn’t help.
Apparently there is some problem in the argument of this class.
https://javadoc.io/static/org.graylog2/graylog2-server/1.0.0-rc.4/org/graylog2/rest/resources/search/AbsoluteSearchResource.html
When a request is made to the second node in the built query, the fields become an empty array (this can be seen in the response) and everything works on the second node.
Thank for posting how you resolved it.