Hi
I found that a query "NOT num_pkts:1024 OR src_port:80" behaves the same as "NOT num_pkts:1024 AND src_port:80". The actual query is (start_utc:[1230748200 TO 1230768000] OR end_utc:[1230748200 TO 1230768000]) AND (num_pkts:1024 OR NOT num_bytes:40960) but it behaves as if it is (start_utc:[1230748200 TO 1230768000] OR end_utc:[1230748200 TO 1230768000]) AND (num_pkts:1024 AND NOT num_bytes:40960). Is this a known issue? Is there a workaround to this problem? Thanks Sumanta
