Show surrounding messages uses message as query

dzarda · January 17, 2020, 7:17pm

We upgraded from 3.1.2 to 3.1.3 and started using the Enterprise plugin. The “Show surrounding messages” then cease to work properly. I don’t recall changing any configuration during the upgrade. Upgrade to 3.1.4 today and subsequent downgrade to 3.1.2 did not resolve the issue.

Clicking for example the “Show surrounding messages” -> “10 seconds” button GETs the following URL in browser:

https://graylog.eledus.cz/streams/5db1912a08813b000fcbe51c/search?rangetype=absolute&from=2020-01-17T19%3A01%3A18.000Z&to=2020-01-17T19%3A01%3A38.000Z&q=source%3A%22rick%5C-app%5C%3ASCX%5C-CST%5C-AVX%5C-01%22%20AND%20gl2_source_input%3A%225da99d2308813b000ead8014%22%20AND%20message%3A%22%222020-01-17%2020%3A01%3A28.812%20%2B01%3A00%20%5BDBG%5DEledus.Sciox.Rick.HW.Plc.Transaction%20Transaction%2017-01-20T20-01-28.812-05712%20entered%22%22&highlightMessage=d0c2b59b-395b-11ea-bc1e-0242ac180004&fields=message%2Csource

Presumable, before the break, only the time range was requested.

Following page then loads, clearing the query restores functionality:

Error Message: Unable to perform search query Failed to parse query [source:"rick\-app\:SCX\-CST\-AVX\-01" AND gl2_source_input:"5da99d2308813b000ead8014" AND message:""2020-01-17 20:01:28.812 +01:00 [DBG]Eledus.Sciox.Rick.HW.Plc.Transaction Transaction 17-01-20T20-01-28.812-05712 entered""]
Details: *Failed to parse query [source:"rick\-app\:SCX\-CST\-AVX\-01" AND gl2_source_input:"5da99d2308813b000ead8014" AND message:""2020-01-17 20:01:28.812 +01:00 [DBG]Eledus.Sciox.Rick.HW.Plc.Transaction Transaction 17-01-20T20-01-28.812-05712 entered""]
Search status code: 500
Search response: cannot GET https://graylog.eledus.cz/api/search/universal/absolute?query=source%3A%22rick%5C-app%5C%3ASCX%5C-CST%5C-AVX%5C-01%22%20AND%20gl2_source_input%3A%225da99d2308813b000ead8014%22%20AND%20message%3A%22%222020-01-17%2020%3A01%3A28.812%20%2B01%3A00%20%5BDBG%5DEledus.Sciox.Rick.HW.Plc.Transaction%20Transaction%2017-01-20T20-01-28.812-05712%20entered%22%22&from=2020-01-17T19%3A01%3A18.000Z&to=2020-01-17T19%3A01%3A38.000Z&filter=streams%3A5db1912a08813b000fcbe51c&limit=150&sort=timestamp%3Adesc (500)

Runs in Docker on Debian 10 amd64 with Elasticsearch 6.1.8 and Mongo 3 (neither changed during the upgrade)

system · January 31, 2020, 7:29pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Viewing alert details (search messages in stream) Graylog Central (peer support)	2	348	July 31, 2020
Empty Message evaluated Graylog Central (peer support)	1	405	December 26, 2019
Instead of Single log message it displays multiple messages Graylog Central (peer support)	5	2782	February 6, 2019
Duplicate Events with AWS plugin Graylog Central (peer support)	7	560	October 2, 2019
Graylog 3.3.5 - Some messages in stream do not generate event and notification Graylog Central (peer support)	15	1934	April 9, 2021

Show surrounding messages uses message as query

Related Topics