Original install method (e.g. download page, yum, from source, etc.):
Describe the bug:
Steps to reproduce:
Using the Kibana Sample Web Log data set, create a new keyword runtime field named agent_with_quotes. In the script, useemit("\"" + doc['agent.keyword'].value + "\"")
Create a new Anomaly detection job using the modified Kibana Sample Web Log data view that uses the agent_with_quote field as one of the influencers.
Kibana version: 8.10 and likely earlier
Elasticsearch version:
Server OS version:
Browser version:
Browser OS version:
Original install method (e.g. download page, yum, from source, etc.):
Describe the bug:
Steps to reproduce:
Using the Kibana Sample Web Log data set, create a new
keyword
runtime field namedagent_with_quotes
. In the script, useemit("\"" + doc['agent.keyword'].value + "\"")
Create a new Anomaly detection job using the modified Kibana Sample Web Log data view that uses the
agent_with_quote
field as one of the influencers.Or via API:
View in Discover
.https://github.com/elastic/kibana/assets/43350163/d817bd8f-29f8-4a0f-bf5d-63ae465767da
Expected behavior:
The link to discover should show results with the anomaly field value added to the query correctly. Instead, it gives an error.
Temporary solution/Workaround:
A workaround in the meantime is to manually add a
\
before any"
mark within the first quotation set to escape the character properly.https://github.com/elastic/kibana/assets/43350163/1474fa8c-9852-4e11-abd1-5f844a22155d
So for example:
""Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1""
→"\"Mozilla/5.0 (X11; Linux x86_64; rv:6.0a1) Gecko/20110421 Firefox/6.0a1\""
Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context: