Github user merrimanr commented on the issue: https://github.com/apache/metron/pull/620 Ok I will assume anything related to Alert Status is a not-yet-functional portion. I am testing in full dev. For the 2 you are not able to reproduce: - Add the "referrer" field to your table. Then filter on a value in that column that starts with "http://" and you should get an "all shards failed" error. - The "OR" query will appear to be working but it's not bringing back the correct results. The results should only contains values in the OR terms but it brings back all values. It looks like an extra \ is being added to the query for some reason. I've seen this problem in other queries too.
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---