Closed jonathan-s closed 1 year ago
It seems like this issue is resolved by adding parenthesize = True for the SplunkBackend
Hi! Thanks for reporting this! The root cause is that the current Splunk backend doesn't defines an operator precedence and inherits the default precedence from TextQueryBackendBase, which is NOT, AND, OR while Splunk has the different precendence NOT, OR, AND for the search
command. Further, there doesn't seems to be a proper test to catch this.
I fix this by adding the precedence and a stripped down version of your rule as test case. Setting parenthesize
to True will generate lots of parentheses and is only meant for target query languages that don't have a strict ordered precedence, like Lucene.
Fixed!
Included in backend release 0.3.6.
I've got the following rule.
When I run the following code.
I get this result.
I'm expecting