Actions
Bug #25705
opensearch on event log must also search on event type
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
To do
Regression:
No
Description
If we plan to search on Node Modified event logs, there is no easy way to do that
We can type "no" (lowercase) that would partially filter ith what we want, but an extra character won't return anything
SQL query generated by "node" is
select eventtype, id, modificationid, principal, creationdate, causeid, severity, reason, data from ( select eventtype, id, modificationid, principal, creationdate, causeid, severity, reason, data, UNNEST(xpath('string(//entry)',data))::text as filter from eventlog) as temp1 where temp1.filter like ? and creationDate >= ? and creationDate <= ? order by id DESC offset ? limit ? arguments = [%node%, 2024-10-16 13:05:02.0, 2024-10-18 13:05:02.0, 0, 25]
typical entry is
4024 | 2024-10-15 00:29:13.817+00 | 100 | | c6ca13c7-7b06-489c-b61b-afb2323463b7 | rudder | | NodeModified | <entry><node changeType="modify" fileFormat="6"><id>736320a2-998b-45f2-9bad-864b01d48d88</id><properties><from/><to><property><name>cpu_vulnerabilities</name><value>{"gather_data_sampling":{"status":"unknown"},"itlb_multihit":{"status":"not-affected"},"l1tf":{"details":"PTE Inversion; VMX: flush not necessary, SMT disabled","status":"mitigated"},"mds":{"details":"Clear CPU buffers; SMT Host state unknown","status":"mitigated"},"meltdown":{"details":"PTI","status":"mitigated"},"mmio_stale_data":{"details":"Clear CPU buffers attempted, no microcode; SMT Host state unknown","status":"vulnerable"},"retbleed":{"details":"IBRS","status":"mitigated"},"spec_store_bypass":{"details":"Speculative Store Bypass disabled via prctl and seccomp","status":"mitigated"},"spectre_v1":{"details":"usercopy/swapgs barriers and __user pointer sanitization","status":"mitigated"},"spectre_v2":{"details":"IBRS, IBPB: conditional, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected","status":"mitigated"},"srbds":{"status":"unknown"},"tsx_async_abort":{"status":"not-affected"}}</value></property><property><name>reboot_required</name><value>false</value></property></to></properties></node></entry>
which unest to
736320a2-998b-45f2-9bad-864b01d48d88cpu_vulnerabilities{"gather_data_sampling":{"status":"unknown"},"itlb_multihit":{"status":"not-affected"},"l1tf":{"details":"PTE Inversion; VMX: flush not necessary, SMT disabled","status":"mitigated"},"mds":{"details":"Clear CPU buffers; SMT Host state unknown","status":"mitigated"},"meltdown":{"details":"PTI","status":"mitigated"},"mmio_stale_data":{"details":"Clear CPU buffers attempted, no microcode; SMT Host state unknown","status":"vulnerable"},"retbleed":{"details":"IBRS","status":"mitigated"},"spec_store_bypass":{"details":"Speculative Store Bypass disabled via prctl and seccomp","status":"mitigated"},"spectre_v1":{"details":"usercopy/swapgs barriers and __user pointer sanitization","status":"mitigated"},"spectre_v2":{"details":"IBRS, IBPB: conditional, STIBP: disabled, RSB filling, PBRSB-eIBRS: Not affected","status":"mitigated"},"srbds":{"status":"unknown"},"tsx_async_abort":{"status":"not-affected"}}reboot_requiredfalse
i would expect that it search either by event type, and that it would find the detailed change
Actions