Actions
Bug #25705
opensearch on event log must also search on event type
Status:
Pending release
Priority:
2
Assignee:
Category:
Web - Maintenance
Target version:
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
If we plan to search on Node Modified event logs, there is no easy way to do that
We can type "no" (lowercase) that would partially filter ith what we want, but an extra character won't return anything
SQL query generated by "node" is
select eventtype, id, modificationid, principal, creationdate, causeid, severity, reason, data from ( select eventtype, id, modificationid, principal, creationdate, causeid, severity, reason, data, UNNEST(xpath('string(//entry)',data))::text as filter from eventlog) as temp1 where temp1.filter like ? and creationDate >= ? and creationDate <= ? order by id DESC offset ? limit ? arguments = [%node%, 2024-10-16 13:05:02.0, 2024-10-18 13:05:02.0, 0, 25]
typical entry is
4024 | 2024-10-15 00:29:13.817+00 | 100 | | c6ca13c7-7b06-489c-b61b-afb2323463b7 | rudder | | NodeModified | <entry><node changeType="modify" fileFormat="6"><id>736320a2-998b-45f2-9bad-864b01d48d88</id><properties><from/><to><property><name>cpu_vulnerabilities</name><value>{"gather_data_sampling":{"status":"unknown"},"itlb_multihit":{"status":"not-affected"},"l1tf":{"details":"PTE Inversion; VMX: flush not necessary, SMT disabled","status":"mitigated"},"mds":{"details":"Clear CPU buffers; SMT Host state unknown","status":"mitigated"},"meltdown":{"details":"PTI","status":"mitigated"},"mmio_stale_data":{"details":"Clear CPU buffers attempted, no microcode; SMT Host state unknown","status":"vulnerable"},"retbleed":{"details":"IBRS","status":"mitigated"},"spec_store_bypass":{"details":"Speculative Store Bypass disabled via prctl and seccomp","status":"mitigated"},"spectre_v1":{"details":"usercopy/swapgs barriers and __user pointer sanitization","status":"mitigated"},"spectre_v2":{"details":"IBRS, IBPB: conditional, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected","status":"mitigated"},"srbds":{"status":"unknown"},"tsx_async_abort":{"status":"not-affected"}}</value></property><property><name>reboot_required</name><value>false</value></property></to></properties></node></entry>
which unest to
736320a2-998b-45f2-9bad-864b01d48d88cpu_vulnerabilities{"gather_data_sampling":{"status":"unknown"},"itlb_multihit":{"status":"not-affected"},"l1tf":{"details":"PTE Inversion; VMX: flush not necessary, SMT disabled","status":"mitigated"},"mds":{"details":"Clear CPU buffers; SMT Host state unknown","status":"mitigated"},"meltdown":{"details":"PTI","status":"mitigated"},"mmio_stale_data":{"details":"Clear CPU buffers attempted, no microcode; SMT Host state unknown","status":"vulnerable"},"retbleed":{"details":"IBRS","status":"mitigated"},"spec_store_bypass":{"details":"Speculative Store Bypass disabled via prctl and seccomp","status":"mitigated"},"spectre_v1":{"details":"usercopy/swapgs barriers and __user pointer sanitization","status":"mitigated"},"spectre_v2":{"details":"IBRS, IBPB: conditional, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected","status":"mitigated"},"srbds":{"status":"unknown"},"tsx_async_abort":{"status":"not-affected"}}reboot_requiredfalse
i would expect that it search either by event type, and that it would find the detailed change
Updated by François ARMAND about 2 months ago
- Subject changed from search on event log seems broken to search on event log must also search on event type
- Priority changed from To review to 2
Updated by Vincent MEMBRÉ about 1 month ago
- Target version changed from 8.1.8 to 8.1.9
Updated by Vincent MEMBRÉ 25 days ago
- Target version changed from 8.1.9 to 8.1.10
Updated by Clark ANDRIANASOLO 24 days ago
- Status changed from New to In progress
- Assignee set to Clark ANDRIANASOLO
Updated by Clark ANDRIANASOLO 24 days ago
- Status changed from In progress to Pending technical review
- Assignee changed from Clark ANDRIANASOLO to François ARMAND
- Pull Request set to https://github.com/Normation/rudder/pull/6055
Updated by Vincent MEMBRÉ 20 days ago
- Target version changed from 8.1.10 to 8.1.11
Updated by Clark ANDRIANASOLO 20 days ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|857e26f4c3afc1d808f500b1bbc4a2cb4e5f7123.
Actions