1.31.28 MSG Matches SENDS ALL EVENTS

[Alec]

I just updated to:

1.31.28~20180125091522-xenial

I can build a filter that returns the desired events, however, if I execute this filter, instead of the filtered events, ALL events are returned.

Code: Select all

2018-01-26 12:06:19.999790	zmfilter		13826	INF	Checking filter _TempFilter1516986379 message returned 11 events 	zmfilter.pl	
2018-01-26 12:06:19.990730	zmfilter		13826	INF	Scanning for events using filter '_TempFilter1516986379'	zmfilter.pl	

This is a test installation, so there were only 11 events in the database.

If I "List Matches" only one event is returned; the filter is limited to 3 results.

I think that the result array in zmfilter is being populated by all events instead of the returned query, but I haven't figured out why/how.

Purge when full IS working properly.

Thanks.

[Alec]

I just updated to 1.31.28~20180126122202-xenial

I am still having the same problem. Every event in the installation is messaged if a filter is esecuted with "Message details . . ." selected, regardless of the filter criteria.

This behavior continues until zmfilter is reloaded.

[iconnor]

Do you think it might be a good idea to tell us what your filter consists of? Or should we just use our psychic powers?

[Alec]

I tried a few different filters, but I just ran this:

[Alec]

Which when I executed returned this:

[Alec]

But also did this:

[Alec]

I first ran into the problem in my "production" installation when I upgraded to 1.31.28.

This (from the Filters table) which was functioning as I expected a few versions ago:

Code: Select all

 {"terms":[{"attr":"Cause","op":"=","val":"Motion"},{"cnj":"and","attr":"MonitorId","op":"=[]","val":"6,7,8"}],"sort_field":"Id","sort_asc":"1","limit":""}

Tried to send me a message for every event from every monitor (2,3,4,5,6,7,8) . . . but that is still 1.31.28~20180125091522-xenial.

Thank you for taking the time to look at this.

Alec