-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Elasticsearch query rule doesn't work with "KQL or Lucene" query #151609
Comments
Pinging @elastic/kibana-data-discovery (Team:DataDiscovery) |
Could you provide some details how you created the rule, which query, filters, data view? And which version of Kibana are you using? |
Sure, I used Kibana UI to create the rule. First i created a new index in ES and added 2 docs for testing. Then i tried the same things with Then I tried with I am using the main branch, so v8.8. |
…hout filters (elastic#151632) Closes elastic#151609 For testing: - Go to Rule Management page - Create a new Rule with "Elasticsearch query" type in "KQL or Lucene" format - Save and check the status after the rule finishes the creating process => It should say "Succeeded" (cherry picked from commit 17ab3a3)
…ry without filters (#151632) (#151705) # Backport This will backport the following commits from `main` to `8.7`: - [[Discover] Fix Elasticsearch query rule for "KQL or Lucene" query without filters (#151632)](#151632) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Julia Rechkunova","email":"[email protected]"},"sourceCommit":{"committedDate":"2023-02-21T13:46:42Z","message":"[Discover] Fix Elasticsearch query rule for \"KQL or Lucene\" query without filters (#151632)\n\nCloses #151609 \r\n\r\nFor testing:\r\n- Go to Rule Management page\r\n- Create a new Rule with \"Elasticsearch query\" type in \"KQL or Lucene\"\r\nformat\r\n- Save and check the status after the rule finishes the creating process\r\n=> It should say \"Succeeded\"","sha":"17ab3a31dd8528d92d3c4a928b7e0923a48b037a","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:fix","Team:DataDiscovery","backport:prev-minor","v8.8.0"],"number":151632,"url":"https://github.com/elastic/kibana/pull/151632","mergeCommit":{"message":"[Discover] Fix Elasticsearch query rule for \"KQL or Lucene\" query without filters (#151632)\n\nCloses #151609 \r\n\r\nFor testing:\r\n- Go to Rule Management page\r\n- Create a new Rule with \"Elasticsearch query\" type in \"KQL or Lucene\"\r\nformat\r\n- Save and check the status after the rule finishes the creating process\r\n=> It should say \"Succeeded\"","sha":"17ab3a31dd8528d92d3c4a928b7e0923a48b037a"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/151632","number":151632,"mergeCommit":{"message":"[Discover] Fix Elasticsearch query rule for \"KQL or Lucene\" query without filters (#151632)\n\nCloses #151609 \r\n\r\nFor testing:\r\n- Go to Rule Management page\r\n- Create a new Rule with \"Elasticsearch query\" type in \"KQL or Lucene\"\r\nformat\r\n- Save and check the status after the rule finishes the creating process\r\n=> It should say \"Succeeded\"","sha":"17ab3a31dd8528d92d3c4a928b7e0923a48b037a"}}]}] BACKPORT--> Co-authored-by: Julia Rechkunova <[email protected]>
When i run
Elasticsearch query
rule withKQL or Lucene
i get below error.The query works when i click on
Test query
button.I tried it with both a custom index and
.kibana-event-log
index, both are failing. But the rule with the same params but withDSL
query works.The text was updated successfully, but these errors were encountered: