Environment
- Carbon Black Cloud: All Versions
Symptoms
- Investigate tab shows results for a search with watchlist_name
- Alerts tab shows 0 results for the same search
Cause
Trailing space in watchlist_name search parameter not being handled consistently (DSER-32937)
Resolution
- Review your search string for any trailing spaces and remove them
- If the issue is not resolved with this change, please log a new support ticket with search examples that show the issue.
Additional Notes
- Example watchlist name is actually "test"
- watchlist_name:"test" is the correct search to use
- watchlist_name:"test " will return hits for "test" watchlist in Investigate tab
- watchlist_name"test " will NOT return results for "test" watchlist in Alerts tab.
Related Content
