Describe the bug
Unquoted leading / must be escaped in KQL, since this is used for regex syntax with lucene
This
process.args:/lockscreenurl\:http*
should become
`"\\/lockscreenurl\\:http*"`
to mimic expected DSL conversion
but instead it is converted to
`"/lockscreenurl\\:http*"`
To Reproduce
Steps to reproduce the behavior:
- search
process.args:/lockscreenurl\:http* in kibana
- this is converted to:
"\\/lockscreenurl\\:http*"
- run
kql.to_dsl("process.args:/lockscreenurl\:http*")
4 compare diffs
Describe the bug
Unquoted leading
/must be escaped in KQL, since this is used for regex syntax with luceneThis
should become
to mimic expected DSL conversion
but instead it is converted to
To Reproduce
Steps to reproduce the behavior:
process.args:/lockscreenurl\:http*in kibana"\\/lockscreenurl\\:http*"kql.to_dsl("process.args:/lockscreenurl\:http*")4 compare diffs