Strange results from elsa queries

[jimmony]

Not sure if this is a bug or misuse but with the following queries for a time period i get strange results.

class=bro_conn 74691 records
(0 or 1 or "-") class=bro_conn 82754 records
(0 or 1 or "-" or "dns") class=bro_conn 147472 records

I thought that class=bro_conn would yield the higher result count. if I groupby class then the record count matches the above result.

[mcholste]

Looks like the parenthesis are making two "or" clauses, which isn't
intuitive. I'll take a look at that when I am doing some query work later
this month.

Thanks for pointing it out.

--Martin

On Tuesday, August 2, 2016, james r notifications@github.com wrote:

Not sure if this is a bug or misuse but with the following queries for a
time period i get strange results.

class=bro_conn 74691 records
(0 or 1 or "-") class=bro_conn 82754 records
(0 or 1 or "-" or "dns") class=bro_conn 147472 records

I thought that class=bro_conn would yield the higher result count. if I
groupby class then the record count matches the above result.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#41, or mute the thread
https://github.com/notifications/unsubscribe-auth/AAKlIIfadeLgeaQBbmevW5P_-ArDoUi2ks5qbxgcgaJpZM4JacxS
.