Skip to content

EQL search api query hits.relation value receiving mismatching values compared to search lucene query  #103668

New issue
New issue
Open
Open
EQL search api query hits.relation value receiving mismatching values compared to search lucene query #103668
Labels
:Analytics/EQLEQL querying>bugTeam:AnalyticsMeta label for analytical engine team (ESQL/Aggs/Geo)
@theusername-sudo

Description

@theusername-sudo
theusername-sudo
opened on Dec 21, 2023

Elasticsearch Version

8.9.1

Installed Plugins

No response

Java Version

bundled

OS Version

Docker

Problem Description

EQL search api hits.relation value stays at eq value even if there are more values to be searched. This differs from a search api query formated in lucene which if there are more values it recieves a GTE value. Attached are some tests of the EQL API & SEARCH API queries to show the differing results.

Steps to Reproduce

Eql API Query with no size specified:
eql_search_no_size
Response:
eql_search_no_size_response
Eql API Query with size specified:
eql_size_query
Response:
eql_size_query_response
Search API Query with no parameters:
search_no_parameters
Response:
search_no_parameters_response
Search API with total hits with track total hits setting turned on:
search_track_total_hits
Response:
search_track_total_hits_response

Logs (if relevant)

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    :Analytics/EQLEQL querying>bugTeam:AnalyticsMeta label for analytical engine team (ESQL/Aggs/Geo)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions