KQL removes leading zero and breaks query #62748
Conversation
|
Pinging @elastic/kibana-app-arch (Team:AppArch) |
alexwizp
added
release_note:fix
bug
|
@elasticmachine merge upstream |
3 similar comments
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
There was a problem hiding this comment.
Okay, so at first glance I didn't like the following about this approach:
- It treats numbers beginning with
0differently than other numbers - It treats numbers beginning with
.(no preceding0or-0) differently than other numbers
When playing around on this PR, I realized that when indexing a document into Elasticsearch, it errors out if you try to do either of the above. So I'm not super concerned with either of these things (other than the fact that the regex is a bit complicated and could be simplified with some .startsWith calls instead).
After some thought and testing, however, I think it's actually okay to always treat any numbers as strings. All of the queries I tried (including is or range queries) seem to work fine if we send to Elasticsearch as strings instead of numbers.
@alexwizp Thoughts about that approach?
If we take this approach, it will also solve this issue: #48835
I believe the number handling was just copied over from an existing grammar (I believe it was Timelion) and there wasn't any particular reason we needed to process them as numbers, rather than strings.
|
@elasticmachine merge upstream |
|
@lukasolson agree, if we can pass string without any casting, we should definitely do it. PR was updated |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
|
Hey @alexwizp ! Could you clarify what you need review from SIEM on, here? Is it just our use of the KQL bar? Thanks! |
|
@rylnd sorry, needs a review only from |
|
@elasticmachine merge upstream |
|
@elasticmachine merge upstream |
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
* KQL removes leading zero and breaks query * correctly parse numbers started from '.' Co-authored-by: Elastic Machine <[email protected]>
* master: (70 commits) KQL removes leading zero and breaks query (elastic#62748) [FieldFormats] Cleanup: rename IFieldFormatType -> FieldFormatInstanceType (elastic#64193) [ML] Changes transforms wizard UI text (elastic#64150) [Alerting] change server log action type .log to .server-log in README (elastic#64124) [Metrics UI] Design Refresh: Inventory View, Episode 1 (elastic#64026) chore(NA): reduce siem bundle size using babel-plugin-transfor… (elastic#63269) chore(NA): use core-js instead of babel-polyfill on canvas sha… (elastic#63486) skip flaky suite (elastic#61173) skip flaky suite (elastic#62497) Renamed ilm policy for event log so it is not prefixed with dot (elastic#64262) [eslint] no_restricted_paths config cleanup (elastic#63741) Add Oil Rig Icon from @elastic/maki (elastic#64364) [Maps] Migrate Maps embeddables to NP (elastic#63976) [Ingest] Data streams list page (elastic#64134) chore(NA): add file-loader into jest moduleNameMapper (elastic#64330) [DOCS] Added images to automating report generation (elastic#64333) [SIEM][CASE] Api Integration Tests: Configuration (elastic#63948) Expose ability to check if API Keys are enabled (elastic#63454) [DOCS] Fixes formatting in alerting doc (elastic#64338) [data.search.aggs]: Create agg types function for terms agg. (elastic#63541) ...
* KQL removes leading zero and breaks query * correctly parse numbers started from '.' Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
…bana into ingest-node-pipeline/open-flyout-create-edit * 'feature/ingest-node-pipelines' of github.com:elastic/kibana: (116 commits) [Ingest Node Pipelines] More lenient treatment of on-failure value (elastic#64411) Report Deletion via UI- functional test (elastic#64031) Bump handlebars dependency from 4.5.3 to 4.7.6 (elastic#64402) [Uptime] Update TLS settings (elastic#64111) [alerting] removes usage of any throughout Alerting Services code (elastic#64161) [CANVAS] Moves notify to a canvas service (elastic#63268) [Canvas] Misc NP Stuff (elastic#63703) update apm index pattern (elastic#64232) Task/hostlist pagination (elastic#63722) [NP] Vega migration (elastic#63849) Move ensureDefaultIndexPattern into data plugin (elastic#63100) [Fleet] Fix agent status count to not include unenrolled agents (elastic#64106) Migrate graph_workspace saved object registration to Kibana platform (elastic#64157) Index pattern management UI -> TypeScript and New Platform Ready (edit_index_pattern) (elastic#64184) [ML] EuiDataGrid ml/transform components. (elastic#63447) [ML] Moving to kibana capabilities (elastic#64057) Move input_control_vis into NP (elastic#63333) remove reference to local application service in graph (elastic#64288) KQL removes leading zero and breaks query (elastic#62748) [FieldFormats] Cleanup: rename IFieldFormatType -> FieldFormatInstanceType (elastic#64193) ...
Closes: #62217
Summary
Describe the bug:
KQL seems to silently remove leading zeros causing queries to fail.
When querying "customer: 00123" with Lucene we get results but KQL removes the leading zeros:
Lucene Query generates:
Checklist
Delete any items that are not applicable to this PR.
For maintainers