github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

[SIEM] Fix KQL filter query with data provider (#41250) (#41409)

Browse source 
* fix KQL filter query with data provider

* fix eslint
This commit is contained in:
Xavier Mouligneau 2019-07-18 00:39:39 +02:00 committed by GitHub
parent dba937592d
commit 919c22a5c6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
x-pack/legacy/plugins/siem/public/components/timeline/helpers.test.tsx
View file

@ -245,7 +245,7 @@ describe('Combined Queries', () => {
endDate
)!;
expect(filterQuery).toEqual(
'{"bool":{"filter":[{"bool":{"should":[{"bool":{"should":[{"match_phrase":{"name":"Provider 1"}}],"minimum_should_match":1}},{"bool":{"should":[{"match_phrase":{"host.name":"host-1"}}],"minimum_should_match":1}}],"minimum_should_match":1}},{"bool":{"filter":[{"bool":{"should":[{"range":{"@timestamp":{"gte":1521830963132}}}],"minimum_should_match":1}},{"bool":{"should":[{"range":{"@timestamp":{"lte":1521862432253}}}],"minimum_should_match":1}}]}}]}}'
'{"bool":{"should":[{"bool":{"should":[{"match_phrase":{"name":"Provider 1"}}],"minimum_should_match":1}},{"bool":{"filter":[{"bool":{"should":[{"match_phrase":{"host.name":"host-1"}}],"minimum_should_match":1}},{"bool":{"filter":[{"bool":{"should":[{"range":{"@timestamp":{"gte":1521830963132}}}],"minimum_should_match":1}},{"bool":{"should":[{"range":{"@timestamp":{"lte":1521862432253}}}],"minimum_should_match":1}}]}}]}}],"minimum_should_match":1}}'
);
});
@ -261,7 +261,7 @@ describe('Combined Queries', () => {
endDate
)!;
expect(filterQuery).toEqual(
'{"bool":{"filter":[{"bool":{"filter":[{"bool":{"should":[{"match_phrase":{"name":"Provider 1"}}],"minimum_should_match":1}},{"bool":{"should":[{"match_phrase":{"host.name":"host-1"}}],"minimum_should_match":1}}]}},{"bool":{"filter":[{"bool":{"should":[{"range":{"@timestamp":{"gte":1521830963132}}}],"minimum_should_match":1}},{"bool":{"should":[{"range":{"@timestamp":{"lte":1521862432253}}}],"minimum_should_match":1}}]}}]}}'
'{"bool":{"filter":[{"bool":{"should":[{"match_phrase":{"name":"Provider 1"}}],"minimum_should_match":1}},{"bool":{"filter":[{"bool":{"should":[{"match_phrase":{"host.name":"host-1"}}],"minimum_should_match":1}},{"bool":{"filter":[{"bool":{"should":[{"range":{"@timestamp":{"gte":1521830963132}}}],"minimum_should_match":1}},{"bool":{"should":[{"range":{"@timestamp":{"lte":1521862432253}}}],"minimum_should_match":1}}]}}]}}]}}'
);
});
});

6
x-pack/legacy/plugins/siem/public/components/timeline/helpers.tsx
View file

@ -77,7 +77,7 @@ export const buildGlobalQuery = (dataProviders: DataProvider[], browserFields: B
const prepend = (q: string) => `${q !== '' ? `${q} or ` : ''}`;
return dataProvider.enabled
? `${prepend(query)}(
${buildQueryMatch(dataProvider, browserFields)}
${buildQueryMatch(dataProvider, browserFields)}
${
dataProvider.and.length > 0
? ` and ${buildQueryForAndProvider(dataProvider.and, browserFields)}`
@ -118,9 +118,9 @@ export const combineQueries = (
}
const operatorKqlQuery = kqlMode === 'filter' ? 'and' : 'or';
const postpend = (q: string) => `${!isEmpty(q) ? ` ${operatorKqlQuery} (${q})` : ''}`;
const globalQuery = `((${buildGlobalQuery(dataProviders, browserFields)}${postpend(
const globalQuery = `((${buildGlobalQuery(dataProviders, browserFields)})${postpend(
kqlQuery
)}) and @timestamp >= ${start} and @timestamp <= ${end})`;
)} and @timestamp >= ${start} and @timestamp <= ${end})`;
return {
filterQuery: convertKueryToElasticSearchQuery(globalQuery, indexPattern),
};