Typing in a search term in the audit log UI only filters the already loaded events. You have to manually click 'fetch more' repeatedly to get the search to be applied to the subsequent chunks. In clusters with large numbers of events, this can mean that you often get an empty search results page and have to click 'load more' ten or more times before items start appearing.

Replicating this issue requires having a lot of events. I replicated this locally by generating 5,000 "User Role Created" events with a script. Here's what the UI looks like if I try to search for something other than "User Role Created" when teleport is in that state:

Intuitively, this seems to indicate that there are no events of that kind matching the search parameters within my selected time window. Unbeknownst to the user, however, the search was only actually applied to the first 5,000 events. I have to keep clicking Fetch More to progress the search, eventually landing on something like this:

In mid-sized clusters, this is misleading/confusing. In very large clusters that might require a very large number of fetches to find matches this issue becomes onerous.

If there are matches within the specified time range, they should be displayed (or at least the first page_size set of matches).

Related: #7724