OpenSearch-Dashboards
OpenSearch-Dashboards copied to clipboard
opensearch-project
[BUG] "Edit as Query DSL" functionality is generating both bad and incorrect DSL
The "Edit as Query DSL" functionality is generating both bad and incorrect DSL
To Reproduce
- Log into Wazuh Dashboard and go to Security Events
- Add a rule where rule.level is one of 3,4 or 5
- Edit the query and click on the Edit Query as DSL link to see:
"query": {
"bool": {
"should": [
{
"match_phrase": {
"rule.level": "3"
}
},
{
"match_phrase": {
"rule.level": "4"
}
},
{
"match_phrase": {
"rule.level": "5"
}
}
],
"minimum_should_match": 1
}
}
}
- Click Cancel, edit the filter again and change the Operator to is not one of and save the query
- Edit the query and click on the Edit Query as DSL link to see:
"query": {
"bool": {
"should": [
{
"match_phrase": {
"rule.level": "3"
}
},
{
"match_phrase": {
"rule.level": "4"
}
},
{
"match_phrase": {
"rule.level": "5"
}
}
],
"minimum_should_match": 1
}
}
}
This is the exact same DSL. The negation of the operator is not present.
Additionally, if you copy this DSL into a new filter you get a filter which is not editable as filter values and does not display correctly on the dashboard though it does seem to work, albeit without the NOT:
Expected behavior Correct DSL should be generated to make queries easier to save and document
OpenSearch Version wazuh-indexer 4.7.0-1
Dashboards Version wazuh-dashboards 4.7.0-1
Plugins Amazon AWS
This has already been reported to the Wazuh team. See the discussion here
Although this issue mentions Wazuh Dashboard, Security Events section, it is reproducible in the Discover section of OSD.
I just reproduced it on 2.11.1
Hello @JTMosaic,
Will check this out as soon as possible and will try to read up on the other thread. In the meantime, could you verify if this is a relatively recent issue and worked prior to an upgraded version? Or has this been a persisting issue?
Did a deep dive into this area so will check it out again. Apologies on the delay here. Will have to move it to 2.15.