From 477682be1ec683e28ded55915f3ef8b647397b2a Mon Sep 17 00:00:00 2001 From: Devin Hurley Date: Wed, 23 Dec 2020 17:49:33 -0500 Subject: [PATCH 1/2] replace should with a single lower bounded and upper bounded date range filter --- .../signals/build_events_query.test.ts | 198 ++++-------------- .../signals/build_events_query.ts | 16 +- 2 files changed, 37 insertions(+), 177 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.test.ts index f9899fb55bb6a..b6793af22f1b9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.test.ts @@ -38,33 +38,12 @@ describe('create_signals', () => { bool: { filter: [ { - bool: { - should: [ - { - range: { - '@timestamp': { - gte: 'now-5m', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, - }, - }, - { - bool: { - should: [ - { - range: { - '@timestamp': { - lte: 'today', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, + range: { + '@timestamp': { + gte: 'now-5m', + lte: 'today', + format: 'strict_date_optional_time', + }, }, }, ], @@ -118,33 +97,12 @@ describe('create_signals', () => { bool: { filter: [ { - bool: { - should: [ - { - range: { - '@timestamp': { - gte: 'now-5m', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, - }, - }, - { - bool: { - should: [ - { - range: { - '@timestamp': { - lte: 'today', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, + range: { + '@timestamp': { + gte: 'now-5m', + lte: 'today', + format: 'strict_date_optional_time', + }, }, }, ], @@ -199,33 +157,12 @@ describe('create_signals', () => { bool: { filter: [ { - bool: { - should: [ - { - range: { - '@timestamp': { - gte: 'now-5m', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, - }, - }, - { - bool: { - should: [ - { - range: { - '@timestamp': { - lte: 'today', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, + range: { + '@timestamp': { + gte: 'now-5m', + lte: 'today', + format: 'strict_date_optional_time', + }, }, }, ], @@ -281,33 +218,12 @@ describe('create_signals', () => { bool: { filter: [ { - bool: { - should: [ - { - range: { - '@timestamp': { - gte: 'now-5m', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, - }, - }, - { - bool: { - should: [ - { - range: { - '@timestamp': { - lte: 'today', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, + range: { + '@timestamp': { + gte: 'now-5m', + lte: 'today', + format: 'strict_date_optional_time', + }, }, }, ], @@ -362,33 +278,12 @@ describe('create_signals', () => { bool: { filter: [ { - bool: { - should: [ - { - range: { - '@timestamp': { - gte: 'now-5m', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, - }, - }, - { - bool: { - should: [ - { - range: { - '@timestamp': { - lte: 'today', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, + range: { + '@timestamp': { + gte: 'now-5m', + lte: 'today', + format: 'strict_date_optional_time', + }, }, }, ], @@ -445,33 +340,12 @@ describe('create_signals', () => { bool: { filter: [ { - bool: { - should: [ - { - range: { - '@timestamp': { - gte: 'now-5m', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, - }, - }, - { - bool: { - should: [ - { - range: { - '@timestamp': { - lte: 'today', - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, + range: { + '@timestamp': { + gte: 'now-5m', + lte: 'today', + format: 'strict_date_optional_time', + }, }, }, ], diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts index 31a424cdbcc1b..ad686120ec55d 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts @@ -48,21 +48,6 @@ export const buildEventsSearchQuery = ({ : '@timestamp'; const rangeFilter: unknown[] = [ - { - bool: { - should: [ - { - range: { - [sortField]: { - gte: from, - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, - }, - }, { bool: { should: [ @@ -70,6 +55,7 @@ export const buildEventsSearchQuery = ({ range: { [sortField]: { lte: to, + gte: from, format: 'strict_date_optional_time', }, }, From e015a07608b5daf856098fa93a9e097c0b6bdfb5 Mon Sep 17 00:00:00 2001 From: Devin Hurley Date: Tue, 5 Jan 2021 18:16:40 -0500 Subject: [PATCH 2/2] fix after rebasing with master --- .../signals/build_events_query.ts | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts index ad686120ec55d..5957b4b671bd9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts @@ -49,19 +49,12 @@ export const buildEventsSearchQuery = ({ const rangeFilter: unknown[] = [ { - bool: { - should: [ - { - range: { - [sortField]: { - lte: to, - gte: from, - format: 'strict_date_optional_time', - }, - }, - }, - ], - minimum_should_match: 1, + range: { + [sortField]: { + lte: to, + gte: from, + format: 'strict_date_optional_time', + }, }, }, ];