Github user justinleet commented on the issue:
https://github.com/apache/metron/pull/798
To test this spin up full dev and go to the Swagger API.
An unquoted search can result in multiple results that only partially
match. These matches may be across sensors.
For all the below queries, it'll be necessary to do your own querying to
get appropriate GUIDs. These are just what my machine generated on full-dev.
Example query.
```
{
"indices": ["websphere", "snort", "asa", "bro", "yaf"],
"query": "guid:a2d7ba04-d335-4948-8bc8-c889e7c531c9",
"from": 0,
"size": 500
}
```
e.g.
```
{
...
"id": "cabb2468-d827-4948-8137-71694ad85944",
...
"id": "58f975ae-0bd0-4948-91d7-fd433b29cd49",
...
"id": "a2d7ba04-d335-4948-8bc8-c889e7c531c9",
...
```
Now make the query against `findOne` and ensure it produces the correct
record:
```
{
"guid": "a2d7ba04-d335-4948-8bc8-c889e7c531c9",
"sensorType": "bro"
}
```
Now try again with one of the partial matches and ensure it also produces
the correct record.:
```
{
"guid": "cabb2468-d827-4948-8137-71694ad85944",
"sensorType": "bro"
}
```
Feel free to try this with more of the partial matches. All should return
the correct record now, rather than mismatching.
---
