Skip to content

Commit effd504

Browse files
FrankHassanabadFrankHassanabad
authored
[SIEM] Adds example unit test to convert KQL using a nested query
## Summary Adds example unit test to convert KQL using a nested query ### Checklist - [x] [Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios
1 parent a34a3a7 commit effd504

File tree

1 file changed

+55
-0
lines changed

1 file changed

+55
-0
lines changed

x-pack/plugins/security_solution/server/lib/detection_engine/signals/get_filter.test.ts

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -462,6 +462,61 @@ describe('get_filter', () => {
462462
},
463463
});
464464
});
465+
466+
test('it should work with a nested object queries', () => {
467+
const esQuery = getQueryFilter(
468+
'category:{ name:Frank and trusted:true }',
469+
'kuery',
470+
[],
471+
['auditbeat-*'],
472+
[]
473+
);
474+
expect(esQuery).toEqual({
475+
bool: {
476+
must: [],
477+
filter: [
478+
{
479+
nested: {
480+
path: 'category',
481+
query: {
482+
bool: {
483+
filter: [
484+
{
485+
bool: {
486+
should: [
487+
{
488+
match: {
489+
'category.name': 'Frank',
490+
},
491+
},
492+
],
493+
minimum_should_match: 1,
494+
},
495+
},
496+
{
497+
bool: {
498+
should: [
499+
{
500+
match: {
501+
'category.trusted': true,
502+
},
503+
},
504+
],
505+
minimum_should_match: 1,
506+
},
507+
},
508+
],
509+
},
510+
},
511+
score_mode: 'none',
512+
},
513+
},
514+
],
515+
should: [],
516+
must_not: [],
517+
},
518+
});
519+
});
465520
});
466521

467522
describe('getFilter', () => {

0 commit comments

Comments
 (0)