Brackets in API query string since 2.5 causes problems

Graylog Central (peer support)
1

Hello,
I have recently installed new instation of Greylog (Graylog 2.5.1+34194da on Oracle Corporation 1.8.0_181 on Linux 4.18.0-0.bpo.1-amd64) and it seems that API do not respond for the same query string as it did for version below 2.4 (Graylog 2.4.6Oracle Corporation 1.8.0_171 on Linux 4.13.0-0.bpo.1-amd64).
The difference is about brackets “()” for operator IN, stated in DOCs: http://docs.graylog.org/en/2.5/pages/queries.html as:
" Messages where the field type includes ssh or login :type:(ssh login)"
For version 2.4 it works fine.
For version 2.5 it return empty search, altghout results exists - I need to remove brackets from query string.

In my example I use “IN” operator for field “tables” - table:(cc_ticket cc_ticket_message cc_ticket_reporter)"

Query example with brackets:
http://[address]/api/search/universal/keyword?query=table%3A%28cc_ticket+cc_ticket_message+cc_ticket_reporter%29&keyword=1970-01-01&limit=20&offset=0&fields=[fields list]

Return for version 2.4 - ok - got messages
Return for version 2.5 - not ok - got empty list of messages

When I remove wrapping around “tables” brackets from URL (strings “%28” and “%29” ) the version 2.5 returns also correct list of messges (messages meeting the criteria “table in cc_ticket or in cc_ticket_message or in cc_ticket_reporter”)

Sample output v.2.5
{“query”:“table:(cc_ticket cc_ticket_message cc_ticket_reporter)”,“built_query”:"{\n “from” : 0,\n “size” : 20,\n “query” : {\n “bool” : {\n “must” : {\n “query_string” : {\n “query” : “table:(cc_ticket cc_ticket_message cc_ticket_reporter)”,\n “allow_leading_wildcard” : false\n }\n },\n “filter” : {\n “bool” : {\n “must” : {\n “range” : {\n “timestamp” : {\n “from” : “1970-01-01 08:19:58.284”,\n “to” : “2019-01-29 08:19:58.288”,\n “include_lower” : true,\n “include_upper” : true\n }\n }\n }\n }\n }\n }\n },\n “_source” : {\n “includes” : […, “messages”:,“fields”:,“time”:92,“total_results”:0,“from”:“1970-01-01T08:19:58.284Z”,“to”:“2019-01-29T08:19:58.288Z”,“decoration_stats”:null}

This returns for version 2.5

2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.