Fix tests

astefan · astefan · commit 999fad237ae7 · 2025-08-01T08:48:24.000+03:00
diff --git a/x-pack/plugin/eql/src/test/resources/querytranslator_tests.txt b/x-pack/plugin/eql/src/test/resources/querytranslator_tests.txt
@@ -132,43 +132,43 @@ process where process_name == "python.exe" or process_name == "SMSS.exe" or proc
 multipleOrAndEquals_As_InTranslation
 process where process_name == "python.exe" and process_name == "SMSS.exe" or process_name == "explorer.exe" or process_name == "test.exe"
 ;
-{"bool":{"should":[{"bool":{"must":[{"term":{"process_name":{"value":"python.exe"}}},{"term":{"process_name":{"value":"SMSS.exe"}}}],"boost":1}},{"terms":{"process_name":["explorer.exe","test.exe"],"boost":1}}],"boost":1}}
+{"bool":{"should":[{"bool":{"must":[{"term":{"process_name":{"value":"python.exe"}}},{"term":{"process_name":{"value":"SMSS.exe"}}}],"boost":1.0}},{"terms":{"process_name":["explorer.exe","test.exe"],"boost":1.0}}],"boost":1.0}}
 ;
 
 mutipleOrEquals_As_InTranslation2
 process where source_address == "123.12.1.1" or (opcode == 123 or opcode == 127)
 ;
-{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"terms":{"opcode":[123,127],"boost":1}}],"boost":1}}
+{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"terms":{"opcode":[123,127],"boost":1.0}}],"boost":1.0}}
 ;
 
 mutipleOrEquals_As_InTranslation3
 process where (source_address == "123.12.1.1" or source_address == "127.0.0.1") and (opcode == 123 or opcode == 127)
 ;
-{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"terms":{"opcode":[123,127],"boost":1}}],"boost":1}}
+{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"127.0.0.1"}}}],"boost":1.0}},{"terms":{"opcode":[123,127],"boost":1.0}}
 ;
 
 mutipleOrEquals_As_InTranslation4
 process where (source_address == "123.12.1.1" or source_address == "127.0.0.1") and (opcode == 123 or opcode == 127)
 ;
-"must":[{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"127.0.0.1"}}}],"boost":1}},{"terms":{"opcode":[123,127],"boost":1}},{"term":{"event.category":{"value":"process"}}}]
+"must":[{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"127.0.0.1"}}}],"boost":1.0}},{"terms":{"opcode":[123,127],"boost":1.0}},{"term":{"event.category":{"value":"process"}}}]
 ;
 
 multipleOrIncompatibleTypes1
 process where process_name == "python.exe" or process_name == 2 or process_name == "3"
 ;
-{"bool":{"should":[{"term":{"process_name":{"value":"python.exe"}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1}}
+{"bool":{"should":[{"term":{"process_name":{"value":"python.exe"}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1.0}}
 ;
 
 multipleOrIncompatibleTypes2
 process where process_name == "1" or process_name == 2 or process_name == "3"
 ;
-{"bool":{"should":[{"term":{"process_name":{"value":"1"}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1}}
+{"bool":{"should":[{"term":{"process_name":{"value":"1"}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1.0}}
 ;
 
 multipleOrIncompatibleTypes3
 process where process_name == 1.2 or process_name == 2 or process_name == "3"
 ;
-{"bool":{"should":[{"term":{"process_name":{"value":1.2}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1}}
+{"bool":{"should":[{"term":{"process_name":{"value":1.2}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1.0}}
 ;
 
 // this query as an equivalent with
@@ -177,7 +177,7 @@ process where process_name == 1.2 or process_name == 2 or process_name == "3"
 multipleOrIncompatibleTypes4
 process where process_name == 1.2 or process_name == 2 or process_name == 3
 ;
-{"bool":{"should":[{"term":{"process_name":{"value":1.2}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":3}}}],"boost":1}}
+{"bool":{"should":[{"term":{"process_name":{"value":1.2}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":3}}}],"boost":1.0}}
 ;
 
 // this query as an equivalent with
@@ -186,25 +186,25 @@ process where process_name == 1.2 or process_name == 2 or process_name == 3
 multipleOrIncompatibleTypes5
 process where source_address == "123.12.1.1" or source_address == "123.12.1.2"
 ;
-{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"123.12.1.2"}}}],"boost":1}}
+{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"123.12.1.2"}}}],"boost":1.0}}
 ;
 
 multipleOrIncompatibleTypes6
 process where source_address == "123.12.1.1" or source_address == concat("123.12.","1.2")
 ;
-{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"123.12.1.2"}}}],"boost":1}}
+{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"123.12.1.2"}}}],"boost":1.0}}
 ;
 
 multipleOrIncompatibleTypes7
 process where source_address == "123.12.1.1" and (source_address == "123.12.1.2" or source_address >= "127.0.0.1")
 ;
-"must":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.2"}}},{"range":{"source_address":{"gte":"127.0.0.1","boost":1}}}],"boost":1}},{"term":{"event.category":{"value":"process"}}}]
+"must":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.2"}}},{"range":{"source_address":{"gte":"127.0.0.1","boost":1.0}}}],"boost":1.0}},{"term":{"event.category":{"value":"process"}}}]
 ;
 
 multipleOrIncompatibleTypes8
 process where source_address == "123.12.1.1" and (source_address == "123.12.1.2" or source_address == "127.0.0.1")
 ;
-"must":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.2"}}},{"term":{"source_address":{"value":"127.0.0.1"}}}],"boost":1}},{"term":{"event.category":{"value":"process"}}}]
+"must":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.2"}}},{"term":{"source_address":{"value":"127.0.0.1"}}}],"boost":1.0}},{"term":{"event.category":{"value":"process"}}}]
 ;
 
 inFilterWithScripting

Original file line number	Diff line number	Diff line change
`@@ -132,43 +132,43 @@ process where process_name == "python.exe" or process_name == "SMSS.exe" or proc`
`132`	`132`	`multipleOrAndEquals_As_InTranslation`
`133`	`133`	`process where process_name == "python.exe" and process_name == "SMSS.exe" or process_name == "explorer.exe" or process_name == "test.exe"`
`134`	`134`	`;`
`135`		`-{"bool":{"should":[{"bool":{"must":[{"term":{"process_name":{"value":"python.exe"}}},{"term":{"process_name":{"value":"SMSS.exe"}}}],"boost":1}},{"terms":{"process_name":["explorer.exe","test.exe"],"boost":1}}],"boost":1}}`
	`135`	`+{"bool":{"should":[{"bool":{"must":[{"term":{"process_name":{"value":"python.exe"}}},{"term":{"process_name":{"value":"SMSS.exe"}}}],"boost":1.0}},{"terms":{"process_name":["explorer.exe","test.exe"],"boost":1.0}}],"boost":1.0}}`
`136`	`136`	`;`
`137`	`137`
`138`	`138`	`mutipleOrEquals_As_InTranslation2`
`139`	`139`	`process where source_address == "123.12.1.1" or (opcode == 123 or opcode == 127)`
`140`	`140`	`;`
`141`		`-{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"terms":{"opcode":[123,127],"boost":1}}],"boost":1}}`
	`141`	`+{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"terms":{"opcode":[123,127],"boost":1.0}}],"boost":1.0}}`
`142`	`142`	`;`
`143`	`143`
`144`	`144`	`mutipleOrEquals_As_InTranslation3`
`145`	`145`	`process where (source_address == "123.12.1.1" or source_address == "127.0.0.1") and (opcode == 123 or opcode == 127)`
`146`	`146`	`;`
`147`		`-{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"terms":{"opcode":[123,127],"boost":1}}],"boost":1}}`
	`147`	`+{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"127.0.0.1"}}}],"boost":1.0}},{"terms":{"opcode":[123,127],"boost":1.0}}`
`148`	`148`	`;`
`149`	`149`
`150`	`150`	`mutipleOrEquals_As_InTranslation4`
`151`	`151`	`process where (source_address == "123.12.1.1" or source_address == "127.0.0.1") and (opcode == 123 or opcode == 127)`
`152`	`152`	`;`
`153`		`-"must":[{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"127.0.0.1"}}}],"boost":1}},{"terms":{"opcode":[123,127],"boost":1}},{"term":{"event.category":{"value":"process"}}}]`
	`153`	`+"must":[{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"127.0.0.1"}}}],"boost":1.0}},{"terms":{"opcode":[123,127],"boost":1.0}},{"term":{"event.category":{"value":"process"}}}]`
`154`	`154`	`;`
`155`	`155`
`156`	`156`	`multipleOrIncompatibleTypes1`
`157`	`157`	`process where process_name == "python.exe" or process_name == 2 or process_name == "3"`
`158`	`158`	`;`
`159`		`-{"bool":{"should":[{"term":{"process_name":{"value":"python.exe"}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1}}`
	`159`	`+{"bool":{"should":[{"term":{"process_name":{"value":"python.exe"}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1.0}}`
`160`	`160`	`;`
`161`	`161`
`162`	`162`	`multipleOrIncompatibleTypes2`
`163`	`163`	`process where process_name == "1" or process_name == 2 or process_name == "3"`
`164`	`164`	`;`
`165`		`-{"bool":{"should":[{"term":{"process_name":{"value":"1"}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1}}`
	`165`	`+{"bool":{"should":[{"term":{"process_name":{"value":"1"}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1.0}}`
`166`	`166`	`;`
`167`	`167`
`168`	`168`	`multipleOrIncompatibleTypes3`
`169`	`169`	`process where process_name == 1.2 or process_name == 2 or process_name == "3"`
`170`	`170`	`;`
`171`		`-{"bool":{"should":[{"term":{"process_name":{"value":1.2}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1}}`
	`171`	`+{"bool":{"should":[{"term":{"process_name":{"value":1.2}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":"3"}}}],"boost":1.0}}`
`172`	`172`	`;`
`173`	`173`
`174`	`174`	`// this query as an equivalent with`
`@@ -177,7 +177,7 @@ process where process_name == 1.2 or process_name == 2 or process_name == "3"`
`177`	`177`	`multipleOrIncompatibleTypes4`
`178`	`178`	`process where process_name == 1.2 or process_name == 2 or process_name == 3`
`179`	`179`	`;`
`180`		`-{"bool":{"should":[{"term":{"process_name":{"value":1.2}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":3}}}],"boost":1}}`
	`180`	`+{"bool":{"should":[{"term":{"process_name":{"value":1.2}}},{"term":{"process_name":{"value":2}}},{"term":{"process_name":{"value":3}}}],"boost":1.0}}`
`181`	`181`	`;`
`182`	`182`
`183`	`183`	`// this query as an equivalent with`
`@@ -186,25 +186,25 @@ process where process_name == 1.2 or process_name == 2 or process_name == 3`
`186`	`186`	`multipleOrIncompatibleTypes5`
`187`	`187`	`process where source_address == "123.12.1.1" or source_address == "123.12.1.2"`
`188`	`188`	`;`
`189`		`-{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"123.12.1.2"}}}],"boost":1}}`
	`189`	`+{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"123.12.1.2"}}}],"boost":1.0}}`
`190`	`190`	`;`
`191`	`191`
`192`	`192`	`multipleOrIncompatibleTypes6`
`193`	`193`	`process where source_address == "123.12.1.1" or source_address == concat("123.12.","1.2")`
`194`	`194`	`;`
`195`		`-{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"123.12.1.2"}}}],"boost":1}}`
	`195`	`+{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"term":{"source_address":{"value":"123.12.1.2"}}}],"boost":1.0}}`
`196`	`196`	`;`
`197`	`197`
`198`	`198`	`multipleOrIncompatibleTypes7`
`199`	`199`	`process where source_address == "123.12.1.1" and (source_address == "123.12.1.2" or source_address >= "127.0.0.1")`
`200`	`200`	`;`
`201`		`-"must":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.2"}}},{"range":{"source_address":{"gte":"127.0.0.1","boost":1}}}],"boost":1}},{"term":{"event.category":{"value":"process"}}}]`
	`201`	`+"must":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.2"}}},{"range":{"source_address":{"gte":"127.0.0.1","boost":1.0}}}],"boost":1.0}},{"term":{"event.category":{"value":"process"}}}]`
`202`	`202`	`;`
`203`	`203`
`204`	`204`	`multipleOrIncompatibleTypes8`
`205`	`205`	`process where source_address == "123.12.1.1" and (source_address == "123.12.1.2" or source_address == "127.0.0.1")`
`206`	`206`	`;`
`207`		`-"must":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.2"}}},{"term":{"source_address":{"value":"127.0.0.1"}}}],"boost":1}},{"term":{"event.category":{"value":"process"}}}]`
	`207`	`+"must":[{"term":{"source_address":{"value":"123.12.1.1"}}},{"bool":{"should":[{"term":{"source_address":{"value":"123.12.1.2"}}},{"term":{"source_address":{"value":"127.0.0.1"}}}],"boost":1.0}},{"term":{"event.category":{"value":"process"}}}]`
`208`	`208`	`;`
`209`	`209`
`210`	`210`	`inFilterWithScripting`