mcholste
Strange results from elsa queries
Not sure if this is a bug or misuse but with the following queries for a time period i get strange results.
class=bro_conn 74691 records
(0 or 1 or "-") class=bro_conn 82754 records
(0 or 1 or "-" or "dns") class=bro_conn 147472 records
I thought that class=bro_conn would yield the higher result count. if I groupby class then the record count matches the above result.
Looks like the parenthesis are making two "or" clauses, which isn't intuitive. I'll take a look at that when I am doing some query work later this month.
Thanks for pointing it out.
--Martin
On Tuesday, August 2, 2016, james r [email protected] wrote:
Not sure if this is a bug or misuse but with the following queries for a time period i get strange results.
class=bro_conn 74691 records (0 or 1 or "-") class=bro_conn 82754 records (0 or 1 or "-" or "dns") class=bro_conn 147472 records
I thought that class=bro_conn would yield the higher result count. if I groupby class then the record count matches the above result.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/mcholste/elsa/issues/41, or mute the thread https://github.com/notifications/unsubscribe-auth/AAKlIIfadeLgeaQBbmevW5P_-ArDoUi2ks5qbxgcgaJpZM4JacxS .
