Open eedugon opened 2 months ago
Pinging @elastic/appex-sharedux (Team:SharedUX)
I have reproduced this problem in the global search bar as well.
I added a console.log statement here:
diff --git x-pack/plugins/saved_objects_tagging/public/ui_api/parse_search_query.ts x-pack/plugins/saved_objects_tagging/public/ui_api/parse_search_query.ts
index 625c7709417..80ab5152ed3 100644
--- x-pack/plugins/saved_objects_tagging/public/ui_api/parse_search_query.ts
+++ x-pack/plugins/saved_objects_tagging/public/ui_api/parse_search_query.ts
@@ -30,6 +30,7 @@ export const buildParseSearchQuery = ({
try {
parsed = Query.parse(query);
+ console.log('searchQuery-buildParseSearch-parsed', parsed);
} catch (e) {
return {
searchTerm: query,
What I learned: when you write "remote:test-index" in a search box in Kibana, it gets parsed into an AST with the clause:
field "remote" must eq value "test-index"
Screenshot of output of logs to the console which I have added in my investigation:
I think the only "field" we care about in the saved object search dialog boxes is the tag
filter, which would let you narrow down the results that are tagged with "foo" by filtering for tag:(foo)
. Note that the parenthesis around the value make the parser interpret the value as an array:
I will reach out to some teams outside of AppEx-SharedUX for help: cc @elastic/kibana-core, original authors of the saved objects tagging features cc @elastic/eui-team, maintainers of the query parser
Thanks for the ping!
The issue is very similar to one we had a while ago with KQL
and kuery
, where the text from the search bar is passed directly through to the underlying AST. In the KQL/kuery
case, we had some control over the AST and could modify that. Here we don’t.
We'd need to implement a “query interpreter” that transforms the input into something the AST will interpret correctly.
Using double quotes around a name that contains a colon works because it escapes the AST grammar for indicating key/value pairs. What you’re looking for is a similar escape mechanism.
Ideally, someone familiar with EUI's AST should suggest a workaround. In the mean time, we can try to implement custom middleware.
IIRC, EUI's query language escape sequence is just the double quote character.
So searching for "remote:test"
instead of remote:test
may do the trick
I'm working on this through our EUI repo, which is where the query parser lives: https://github.com/elastic/eui/pull/7960
Kibana version: 8.13.2
When searching in the "choose a source" dialog box for data views with colon (
:
) in their names, the search results are unexpected. The workaround consists of using double quotes.Colons in data views names are very common when using Cross Cluster Search (CCS).
Steps to reproduce:
remote:test-index
).:
character. You will see that after typing one letter after the colon the search results don't make sense.Example: Stage 0, nothing written in search box, all looks ok:
We want to search for that
remote:test-index
pattern.... so if we writeremote
orremote:
all works fine:But as soon as we add one extra letter
remote:t
then the search results get broken (everything is returned apparently):^^ The previous results are unexpected, maybe because the search term is divided in tokens?
Workaround Using double quotes the problem disappears: