From abd1ed2102be8bddd9ac101c1c7ae19892455b53 Mon Sep 17 00:00:00 2001
From: Marshall Main <55718608+marshallmain@users.noreply.github.com>
Date: Tue, 20 Oct 2020 10:23:00 -0400
Subject: [PATCH] Specify format for date range query (#81025)

---
 .../common/detection_engine/get_query_filter.test.ts           | 3 +++
 .../common/detection_engine/get_query_filter.ts                | 1 +
 2 files changed, 4 insertions(+)

diff --git a/x-pack/plugins/security_solution/common/detection_engine/get_query_filter.test.ts b/x-pack/plugins/security_solution/common/detection_engine/get_query_filter.test.ts
index d6352d2e6aa15..8ff75b25388b0 100644
--- a/x-pack/plugins/security_solution/common/detection_engine/get_query_filter.test.ts
+++ b/x-pack/plugins/security_solution/common/detection_engine/get_query_filter.test.ts
@@ -1112,6 +1112,7 @@ describe('get_filter', () => {
                     '@timestamp': {
                       gte: 'now-5m',
                       lte: 'now',
+                      format: 'strict_date_optional_time',
                     },
                   },
                 },
@@ -1148,6 +1149,7 @@ describe('get_filter', () => {
                     'event.ingested': {
                       gte: 'now-5m',
                       lte: 'now',
+                      format: 'strict_date_optional_time',
                     },
                   },
                 },
@@ -1183,6 +1185,7 @@ describe('get_filter', () => {
                     '@timestamp': {
                       gte: 'now-5m',
                       lte: 'now',
+                      format: 'strict_date_optional_time',
                     },
                   },
                 },
diff --git a/x-pack/plugins/security_solution/common/detection_engine/get_query_filter.ts b/x-pack/plugins/security_solution/common/detection_engine/get_query_filter.ts
index 278ce1d39ae9f..73638fc48f381 100644
--- a/x-pack/plugins/security_solution/common/detection_engine/get_query_filter.ts
+++ b/x-pack/plugins/security_solution/common/detection_engine/get_query_filter.ts
@@ -117,6 +117,7 @@ export const buildEqlSearchRequest = (
         [timestamp]: {
           gte: from,
           lte: to,
+          format: 'strict_date_optional_time',
         },
       },
     },