I have a question about how the query function in Investigator is supposed to work.
If I do a query on a meta value like ip.src such as: ip.src = 220.127.116.11
The results will show just 18.104.22.168 in meta value Source IP Address (ip.src) along with everything associated with it within investigator.
However, if I do the same kind of filter on a meta key like "filename" like so: filename = 'index.php'
I get that entry listed in the filename meta value plus lots of other file names.
Shouldn't it filter out all the other filenames? Or is this SOP for the way Investigator queries work?
Currently running 10.6.1.0 BTW.