Rudder

If we plan to search on Node Modified event logs, there is no easy way to do that
We can type "no" (lowercase) that would partially filter ith what we want, but an extra character won't return anything

SQL query generated by "node" is

  select eventtype, id, modificationid, principal, creationdate, causeid, severity, reason, data  from ( select eventtype, id, modificationid, principal, creationdate, causeid, severity, reason, data, UNNEST(xpath('string(//entry)',data))::text as filter from eventlog) as temp1   where   temp1.filter like ?  and  creationDate >= ? and creationDate <= ?   order by id DESC  offset ?  limit ?  
 arguments = [%node%, 2024-10-16 13:05:02.0, 2024-10-18 13:05:02.0, 0, 25]

typical entry is

 4024 | 2024-10-15 00:29:13.817+00 |      100 |         | c6ca13c7-7b06-489c-b61b-afb2323463b7 | rudder    |        | NodeModified | <entry><node changeType="modify" fileFormat="6"><id>736320a2-998b-45f2-9bad-864b01d48d88</id><properties><from/><to><property><name>cpu_vulnerabilities</name><value>{&quot;gather_data_sampling&quot;:{&quot;status&quot;:&quot;unknown&quot;},&quot;itlb_multihit&quot;:{&quot;status&quot;:&quot;not-affected&quot;},&quot;l1tf&quot;:{&quot;details&quot;:&quot;PTE Inversion; VMX: flush not necessary, SMT disabled&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;mds&quot;:{&quot;details&quot;:&quot;Clear CPU buffers; SMT Host state unknown&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;meltdown&quot;:{&quot;details&quot;:&quot;PTI&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;mmio_stale_data&quot;:{&quot;details&quot;:&quot;Clear CPU buffers attempted, no microcode; SMT Host state unknown&quot;,&quot;status&quot;:&quot;vulnerable&quot;},&quot;retbleed&quot;:{&quot;details&quot;:&quot;IBRS&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;spec_store_bypass&quot;:{&quot;details&quot;:&quot;Speculative Store Bypass disabled via prctl and seccomp&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;spectre_v1&quot;:{&quot;details&quot;:&quot;usercopy/swapgs barriers and __user pointer sanitization&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;spectre_v2&quot;:{&quot;details&quot;:&quot;IBRS, IBPB: conditional, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected&quot;,&quot;status&quot;:&quot;mitigated&quot;},&quot;srbds&quot;:{&quot;status&quot;:&quot;unknown&quot;},&quot;tsx_async_abort&quot;:{&quot;status&quot;:&quot;not-affected&quot;}}</value></property><property><name>reboot_required</name><value>false</value></property></to></properties></node></entry>

which unest to

736320a2-998b-45f2-9bad-864b01d48d88cpu_vulnerabilities{"gather_data_sampling":{"status":"unknown"},"itlb_multihit":{"status":"not-affected"},"l1tf":{"details":"PTE Inversion; VMX: flush not necessary, SMT disabled","status":"mitigated"},"mds":{"details":"Clear CPU buffers; SMT Host state unknown","status":"mitigated"},"meltdown":{"details":"PTI","status":"mitigated"},"mmio_stale_data":{"details":"Clear CPU buffers attempted, no microcode; SMT Host state unknown","status":"vulnerable"},"retbleed":{"details":"IBRS","status":"mitigated"},"spec_store_bypass":{"details":"Speculative Store Bypass disabled via prctl and seccomp","status":"mitigated"},"spectre_v1":{"details":"usercopy/swapgs barriers and __user pointer sanitization","status":"mitigated"},"spectre_v2":{"details":"IBRS, IBPB: conditional, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected","status":"mitigated"},"srbds":{"status":"unknown"},"tsx_async_abort":{"status":"not-affected"}}reboot_requiredfalse

i would expect that it search either by event type, and that it would find the detailed change