Skip to content

Commit 477682b

Browse files
dhurley14dhurley14
committed
replace should with a single lower bounded and upper bounded date range filter
1 parent 284f422 commit 477682b

2 files changed

Lines changed: 37 additions & 177 deletions

File tree

x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.test.ts

Lines changed: 36 additions & 162 deletions
Original file line numberDiff line numberDiff line change
@@ -38,33 +38,12 @@ describe('create_signals', () => {
3838
bool: {
3939
filter: [
4040
{
41-
bool: {
42-
should: [
43-
{
44-
range: {
45-
'@timestamp': {
46-
gte: 'now-5m',
47-
format: 'strict_date_optional_time',
48-
},
49-
},
50-
},
51-
],
52-
minimum_should_match: 1,
53-
},
54-
},
55-
{
56-
bool: {
57-
should: [
58-
{
59-
range: {
60-
'@timestamp': {
61-
lte: 'today',
62-
format: 'strict_date_optional_time',
63-
},
64-
},
65-
},
66-
],
67-
minimum_should_match: 1,
41+
range: {
42+
'@timestamp': {
43+
gte: 'now-5m',
44+
lte: 'today',
45+
format: 'strict_date_optional_time',
46+
},
6847
},
6948
},
7049
],
@@ -118,33 +97,12 @@ describe('create_signals', () => {
11897
bool: {
11998
filter: [
12099
{
121-
bool: {
122-
should: [
123-
{
124-
range: {
125-
'@timestamp': {
126-
gte: 'now-5m',
127-
format: 'strict_date_optional_time',
128-
},
129-
},
130-
},
131-
],
132-
minimum_should_match: 1,
133-
},
134-
},
135-
{
136-
bool: {
137-
should: [
138-
{
139-
range: {
140-
'@timestamp': {
141-
lte: 'today',
142-
format: 'strict_date_optional_time',
143-
},
144-
},
145-
},
146-
],
147-
minimum_should_match: 1,
100+
range: {
101+
'@timestamp': {
102+
gte: 'now-5m',
103+
lte: 'today',
104+
format: 'strict_date_optional_time',
105+
},
148106
},
149107
},
150108
],
@@ -199,33 +157,12 @@ describe('create_signals', () => {
199157
bool: {
200158
filter: [
201159
{
202-
bool: {
203-
should: [
204-
{
205-
range: {
206-
'@timestamp': {
207-
gte: 'now-5m',
208-
format: 'strict_date_optional_time',
209-
},
210-
},
211-
},
212-
],
213-
minimum_should_match: 1,
214-
},
215-
},
216-
{
217-
bool: {
218-
should: [
219-
{
220-
range: {
221-
'@timestamp': {
222-
lte: 'today',
223-
format: 'strict_date_optional_time',
224-
},
225-
},
226-
},
227-
],
228-
minimum_should_match: 1,
160+
range: {
161+
'@timestamp': {
162+
gte: 'now-5m',
163+
lte: 'today',
164+
format: 'strict_date_optional_time',
165+
},
229166
},
230167
},
231168
],
@@ -281,33 +218,12 @@ describe('create_signals', () => {
281218
bool: {
282219
filter: [
283220
{
284-
bool: {
285-
should: [
286-
{
287-
range: {
288-
'@timestamp': {
289-
gte: 'now-5m',
290-
format: 'strict_date_optional_time',
291-
},
292-
},
293-
},
294-
],
295-
minimum_should_match: 1,
296-
},
297-
},
298-
{
299-
bool: {
300-
should: [
301-
{
302-
range: {
303-
'@timestamp': {
304-
lte: 'today',
305-
format: 'strict_date_optional_time',
306-
},
307-
},
308-
},
309-
],
310-
minimum_should_match: 1,
221+
range: {
222+
'@timestamp': {
223+
gte: 'now-5m',
224+
lte: 'today',
225+
format: 'strict_date_optional_time',
226+
},
311227
},
312228
},
313229
],
@@ -362,33 +278,12 @@ describe('create_signals', () => {
362278
bool: {
363279
filter: [
364280
{
365-
bool: {
366-
should: [
367-
{
368-
range: {
369-
'@timestamp': {
370-
gte: 'now-5m',
371-
format: 'strict_date_optional_time',
372-
},
373-
},
374-
},
375-
],
376-
minimum_should_match: 1,
377-
},
378-
},
379-
{
380-
bool: {
381-
should: [
382-
{
383-
range: {
384-
'@timestamp': {
385-
lte: 'today',
386-
format: 'strict_date_optional_time',
387-
},
388-
},
389-
},
390-
],
391-
minimum_should_match: 1,
281+
range: {
282+
'@timestamp': {
283+
gte: 'now-5m',
284+
lte: 'today',
285+
format: 'strict_date_optional_time',
286+
},
392287
},
393288
},
394289
],
@@ -445,33 +340,12 @@ describe('create_signals', () => {
445340
bool: {
446341
filter: [
447342
{
448-
bool: {
449-
should: [
450-
{
451-
range: {
452-
'@timestamp': {
453-
gte: 'now-5m',
454-
format: 'strict_date_optional_time',
455-
},
456-
},
457-
},
458-
],
459-
minimum_should_match: 1,
460-
},
461-
},
462-
{
463-
bool: {
464-
should: [
465-
{
466-
range: {
467-
'@timestamp': {
468-
lte: 'today',
469-
format: 'strict_date_optional_time',
470-
},
471-
},
472-
},
473-
],
474-
minimum_should_match: 1,
343+
range: {
344+
'@timestamp': {
345+
gte: 'now-5m',
346+
lte: 'today',
347+
format: 'strict_date_optional_time',
348+
},
475349
},
476350
},
477351
],

x-pack/plugins/security_solution/server/lib/detection_engine/signals/build_events_query.ts

Lines changed: 1 addition & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -48,28 +48,14 @@ export const buildEventsSearchQuery = ({
4848
: '@timestamp';
4949

5050
const rangeFilter: unknown[] = [
51-
{
52-
bool: {
53-
should: [
54-
{
55-
range: {
56-
[sortField]: {
57-
gte: from,
58-
format: 'strict_date_optional_time',
59-
},
60-
},
61-
},
62-
],
63-
minimum_should_match: 1,
64-
},
65-
},
6651
{
6752
bool: {
6853
should: [
6954
{
7055
range: {
7156
[sortField]: {
7257
lte: to,
58+
gte: from,
7359
format: 'strict_date_optional_time',
7460
},
7561
},

0 commit comments

Comments
 (0)