Details
-
Bug
-
Resolution: Fixed
-
Low
-
None
-
2
-
Severity 2 - Major
-
Description
Issue Summary
Searching key-value pairs in the alert search is returning incorrect results for the status filter on the query.
Steps to Reproduce
- Search key-value pairs in the alert search
- example: status: open AND (incident-alert-type: Owner OR incident-alert-type: responder)
Expected Results
This isn't supported search syntax as far as I'm aware, so I'd expect an error or no results.
Actual Results
Closed alerts are returned with the results.
Workaround
Use the 'detailsPair' search option.
Syntax: detailsPair("key":"value")