You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is the bug?
For example, if a log line contains two sub-fields that have the same name, direct query would ignore the top level fields and think both fields are duplicated. For example, the sql query below will return one field ip, with the top level fields stripped. The PPL query won't return any results and won't raise errors either.
SELECT
src_endpoint.ip,
dst_endpoint.ip
FROM
securitylake.amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_2_0
WHERE time_dt BETWEEN CURRENT_TIMESTAMP - INTERVAL '1' DAY AND CURRENT_TIMESTAMP
LIMIT 10
source = securitylake.amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_2_0
| where time_dt > '2024-07-31 00:00:00 ' and region = 'us-east-1'
| fields src_endpoint.ip
| head 10
How can one reproduce the bug?
Steps to reproduce the behavior:
Go to Data sources -> securitylake -> query data -> open log explorer
Run the follow queries:
SELECT
src_endpoint.ip,
dst_endpoint.ip
FROM
securitylake.amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_2_0
WHERE time_dt BETWEEN CURRENT_TIMESTAMP - INTERVAL '1' DAY AND CURRENT_TIMESTAMP
LIMIT 10
source = securitylake.amazon_security_lake_glue_db_us_east_1.amazon_security_lake_table_us_east_1_vpc_flow_2_0
| where time_dt > '2024-07-31 00:00:00 ' and region = 'us-east-1'
| fields src_endpoint.ip
| head 10
See returned results
What is the expected behavior?
Both fields are returned properly without the top fields stripped.
What is your host/environment?
OS: [e.g. iOS]
Version 2.13
Plugins
Do you have any screenshots?
If applicable, add screenshots to help explain your problem.
Do you have any additional context?
Add any other context about the problem.
The text was updated successfully, but these errors were encountered:
What is the bug?
For example, if a log line contains two sub-fields that have the same name, direct query would ignore the top level fields and think both fields are duplicated. For example, the sql query below will return one field
ip
, with the top level fields stripped. The PPL query won't return any results and won't raise errors either.How can one reproduce the bug?
Steps to reproduce the behavior:
What is the expected behavior?
Both fields are returned properly without the top fields stripped.
What is your host/environment?
Do you have any screenshots?
If applicable, add screenshots to help explain your problem.
Do you have any additional context?
Add any other context about the problem.
The text was updated successfully, but these errors were encountered: