Hi, I’m making a request of this kind: SOME_FIELD: FIELD AND (remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR OR remote_addr: IPADDR)
and I get such an error in the logs I don’t observe anything
Shorten it up to one AND/OR and test, add in next until it fails… to find if that’s a limit. It is genericised so much it is a little hard to understand. The first part would be SOME_FIELD: <data> rather than SOME_FIELD:FIELD, correct? There may be another way around constructing the query or retrieving the data that might be more efficient … maybe processing the addresses as they come in and adding a tag field to work with?