15faf34a2f
[eql2kql] fix wildcard bug ( #1507 )
...
* [eql2kql] fix wildcard bug
* add test for wildcards
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com >
2022-04-21 23:44:39 -04:00
1f015ebe85
1554 update eql schemas to fail validation on text fields ( #1866 )
...
* Ensure kql2eql conversion doesnt support `text` fields
* Add unit test cases for`text` not supported in eql
* test `field not recognized` in the rule_validator and output a verbose message.
* use elasticsearch_type_family to lookup text mappings
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com >
2022-03-23 16:22:26 -04:00
582a842e32
[KQL] Add support for date fields in parser ( #1487 )
...
* [KQL] Add support for date fields in parser
* add test for parsing date value
2021-09-16 09:25:26 -08:00
c98398f1ef
Add KQL support for additional ES field types ( #1247 )
2021-06-10 22:30:11 -06:00
8d8bcfbc42
Add wildcard field support to KQL ( #1139 )
2021-04-22 11:15:38 -06:00
3fc34b86f2
Update License to Elastic v2 ( #944 )
2021-03-03 22:12:11 -09:00
5f867dbb72
Add KQL -> DSL conversion ( #81 )
...
* Add KQL -> DSL converter
* Lint with black to 120 chars
* Add more tests and flatten shoulds
* Fix NotValue conversion to DSL
2020-07-22 11:05:45 -06:00
d51474f0a7
Add unit tests
...
Co-Authored-By: Justin Ibarra <brokensound77@users.noreply.github.com >
2020-06-29 23:19:25 -06:00
AbdelMoumene-Hadfi