Access official resources from Carbon Black experts
VersionThis solution applies to versions earlier than v5.0 Patch 3.
Performing a search fails when combining the fields digsig_result and an Alliance score, such as:
digsig_result:signed AND alliance_score_virustotal:[1 TO *]
SymptomsThe error message observed in the UI after performing the search:
An unexpected error occurred - please see your system administrator.
The following may also be seen in /var/log/cb/solr/debug.log:
2015-04-16 08:22:09,266 - [ERROR] - from org.apache.solr.core.SolrCore in http-8080-14org.apache.solr.common.SolrException: undefined field: "_qalliance_score_virustotal"
2015-04-16 08:22:09,266 - [ERROR] - from org.apache.solr.core.SolrCore in http-8080-14
org.apache.solr.common.SolrException: undefined field: "_qalliance_score_virustotal"
CauseThe cause is a syntax problem with the join clause Solr uses.Solution
As a workaround on v5.0 Patch 1 (220.127.116.11416.1350), include the alliance_score_<feed> query first, such as:
alliance_score_virustotal:[1 TO *] AND digsig_result:signed
The issue is resolved in v5.0 Patch 3. Refer to defect numbers ENT-3832 and ENT-4341.