Error converting sigma rules

[guizz-hub]

Good morning everyone,
I'm running into a syntax error in a custom detection

Version

2.4.90 (same error in 2.4.80)

Installation Method

install from Security Onion ISO image

Description

other (please provide detail below)

Installation Type

only 1 node (managersearch)

Location

on-prem deployment with Internet access

Hardware Specs

Meets minimum requirements

CPU

8

RAM

32

Storage for /

200GB

Storage for /nsm

200GB

Network Traffic Collection

netflow

Network Traffic Speeds

1Gbps

Status

so-status show all services running

Salt Status

there are no failures

Logs

No, there are no additional clues

Detail

I'm creating a custom detection like this:

title: 'GZZ Find ssh vs umarell from mypc in netflow'
id: 5ffeb028-f827-4900-8b3d-15307407ae9a
status: 'experimental'
description: |
    Find ssh traffic from gzz to umarell in netflow
author: 'test'
date: '2024/07/25'
logsource: 
    service: netflow
detection:
    selection:
        destination.port: 22
        destination.ip: 192.168.0.1
        source.ip: 192.168.0.100
    condition: selection
level: 'high'

when I convert it to eql it results:
any where destination.port:22 and destination.ip=="192.168.0.1" and source.ip=="192.168.0.100"
if i test it in kibana the error is:

{
  "error": {
    "root_cause": [
      {
        "type": "verification_exception",
        "reason": """Found 1 problem
line 2:12: first argument of [:] must be [string], found value [destination.port] type [long]; consider using [==] instead"""
      }
    ],
    "type": "verification_exception",
    "reason": """Found 1 problem
line 2:12: first argument of [:] must be [string], found value [destination.port] type [long]; consider using [==] instead"""
  },
  "status": 400
}

i tried with

destination.port: "22"
destination.port: '22'
destination.port:
    - 22

but same error. Is there a way to solve it?
i've found a similar discussion but without resolution:
#12745