Our documentation should note that any floating quotients returned by the division operator (/) or divide function are rounded down to an integer. This could lead to unexpected matches.
As a workaround, users can cast either the dividend or divisor as a float.
Example
In the following query, a user might expect to match events with a serial_event_id of 66.
file where 66 / serial_event_id == 1
However, any floating quotients returned by division are rounded down to an integer. For example, if serial_event_id were 42
66 / 42 = 1.571
1.571 is rounded down to 1.
This means any events with the following serial_event_id values would match the query:
34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66
To match only events with a serial_event_id of 66, the user can cast either the dividend or divisor as a float:
file where 66.0 / serial_event_id == 1
OR
file where 66 / float(serial_event_id) == 1
Our documentation should note that any floating quotients returned by the division operator (
/) ordividefunction are rounded down to an integer. This could lead to unexpected matches.As a workaround, users can cast either the dividend or divisor as a float.
Example
In the following query, a user might expect to match events with a
serial_event_idof66.However, any floating quotients returned by division are rounded down to an integer. For example, if
serial_event_idwere42This means any events with the following
serial_event_idvalues would match the query:To match only events with a
serial_event_idof66, the user can cast either the dividend or divisor as a float:OR