Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EQL: Expand case sensitive queries #59754

Closed
costin opened this issue Jul 17, 2020 · 4 comments
Closed

EQL: Expand case sensitive queries #59754

costin opened this issue Jul 17, 2020 · 4 comments
Assignees
@astefan
Labels
:Analytics/EQL EQL querying Team:QL (Deprecated) Meta label for query languages team

Comments

@costin
Copy link
Member

costin commented Jul 17, 2020

While doing performance testing, we discovered some cases where the mapping caused case sensitive/insensitive queries to fail. Due to the large volume of work it is unclear what failed - maybe it was a mapping issue, maybe a bug in how the queries get generated.
In the future, it would be useful to see whether we can validate such cases so instead of the query failing silently, we can verify that we can properly execute it.

/cc @matriv
@costin costin added the :Analytics/EQL EQL querying label Jul 17, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-ql (:Query Languages/EQL)

@elasticmachine elasticmachine added the Team:QL (Deprecated) Meta label for query languages team label Jul 17, 2020
@matriv
Copy link
Contributor

matriv commented Jul 17, 2020
edited
Loading

Currently Equals & NotEquals doesn't seem to take into account the case insensitivity (unless I'm missing something), so while python will match events with case INsensitivity when using something like myField = 'vaLUe' (provided that caseInsensitive flag is correctly set), ES EQL will always be case sensitive.

If we want to match in a case insensitive manner we have to lowercase the field -> painless -> slower queries.

@rw-access
Copy link
Contributor

rw-access commented Jul 17, 2020
edited
Loading

Related #56771 and #53603

When case-insensitive support lands for term queries on keyword fields, we won't have to resort to painless every time.

@costin
Copy link
Member Author

costin commented Oct 7, 2020

Superseded by #62255

@costin costin closed this as completed Oct 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@astefan astefan

Labels
:Analytics/EQL EQL querying Team:QL (Deprecated) Meta label for query languages team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@costin @astefan @matriv @elasticmachine @rw-access