Run a search starting $Today - 7d and Ending $Today - 1d results = 0
Run a search starting $Today - 2d and Ending $Today - 1d results = 11
Shorter search time range is INCLUDED in longer search time range. Therefore, longer search results should INCLUDE AT LEAST AS MANY RESULTS as the shorter search.
Logs and screenshots attached.
This is a CRITICAL issue that needs to be ESCALATED ASAP.
Wed May 06 19:29:03 GMT 2015
As requested I have tested a different search and can confirm similar issues. I will post details for you tomorrow AM.
Thu May 07 23:38:05 GMT 2015
I performed a database defragmentation on all 30 loggers. Unfortunately the issue still exists. Attached are screenshots.
Fri May 08 22:51:57 GMT 2015
Is there any update to this ticket?
Tue May 19 18:31:20 GMT 2015
This is not REPORT issue but SEARCH/ANALYZE issue.
Thu May 14 16:00:27 GMT 2015
My apologies for the delayed response. I am currently working with a Logger developer to see if this behavior matches a very similar defect that is in our bug system. If this is the same, then it will be addressed in v6.1 of our product. If it does not then further investigation will be necessary.
I will update as soon as I have more information.
Tue May 19 21:01:14 GMT 2015
I have confirmed with Development that this issue is a known bug. Its been file internally as LOG-13781. There is a patch 2 scheduled for Logger 6.0 to address this. The patch is scheduled for release within a few weeks.
One other thing before this is closed, I also have an issue where searches never finish even tho it is obvious that the search is "done". For example, I have a query that will run in about 1min. If I add to that base query (screenshot attached) it will also finish in about a min. However, if I add on a chart or top to the query the search will return the events im looking for again in about an hour but then the search will continue to run for hours without ever stopping or finding new hits.
Is this also related?
Tue May 19 22:48:47 GMT 2015
That is a completely separate bug that has been filed as LOG-13574. It was wasn't specific to the chart or top operators but otherwise the behavior you are describing is the same. Thank you for alerting me to it.
It is also fixed in v6.0 P2 as well as v6.1.
I will place this incident in 'pending internal', referencing both bug ID's.
Wed May 20 21:05:51 GMT 2015
I have a copy of the patch 2 release notes and LOG-13781 is not mentioned in it.
I cannot emphasize enough how this issue makes Logger essentially useless.
Please contact me as soon as possible.
Mon Jun 29 18:36:00 GMT 2015
6.1 is currently in beta and has a tentative release date for this fall. Historically Logger major releases have arrived right around Protect 724 conference.
Tue Jun 30 22:22:27 GMT 2015
I just wanted to update you today that we are still in the midst of our investigation. I've been working with xxxxx today investigating these logs and screen capture, however I don't have a specific update for you yet.
This issue is of critical importance to us and will be given the highest priority. I will update you by the close of business on Monday.
Fri Jul 10 21:33:16 GMT 2015