Skip to content

KQL: Support boolean operators in field queries #133737

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Aug 29, 2025
Merged

KQL: Support boolean operators in field queries #133737

merged 9 commits into from
Aug 29, 2025

Conversation

afoucret
Copy link
Contributor

@afoucret afoucret commented Aug 28, 2025
edited
Loading

Fixes #132366

Description

This pull request introduces support for boolean operators (AND, OR, NOT) within KQL field queries.

Previously, it was not possible to combine multiple conditions for a single field using boolean logic. For instance, a query like response:(200 AND ok) would not be parsed correctly.

Changes summary:

  1. Updating the KQL ANTLR grammar to recognize boolean expressions within field query values.
  2. Enhancing the AST builder to correctly parse these expressions and translate them into the corresponding Elasticsearch BoolQueryBuilder clauses.
  3. Adding unit tests to validate the new functionality.

Example:

A query like response:((200 AND "OK") OR 404) is now supported and will be translated into the appropriate boolean query.

@elasticsearchmachine elasticsearchmachine added v9.2.0 needs:triage Requires assignment of a team area label labels Aug 28, 2025
@afoucret afoucret added :Search Relevance/Search Catch all for Search Relevance >bug labels Aug 28, 2025
@elasticsearchmachine elasticsearchmachine added Team:Search Relevance Meta label for the Search Relevance team in Elasticsearch and removed needs:triage Requires assignment of a team area label labels Aug 28, 2025
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-search-relevance (Team:Search Relevance)

@elasticsearchmachine
Copy link
Collaborator

Hi @afoucret, I've created a changelog YAML for you.

@afoucret afoucret added the auto-backport Automatically create backport pull requests when merged label Aug 28, 2025
@afoucret afoucret requested review from a team, carlosdelest and ioanatia August 28, 2025 17:21
kderusso
kderusso reviewed Aug 28, 2025
View reviewed changes
Copy link
Member

@kderusso kderusso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work, left some minor comments, will leave the grammar review to others 👍

x-pack/plugin/kql/src/yamlRestTest/resources/rest-api-spec/test/kql/10_kql_basic_query.yml
{
"query": { "kql": { "query": "text_field:(bar OR baz)" } }
}
- match: { hits.total: 2 }
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Match hit IDs here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really needed cause the index contains only two docs, so just checking the number of results is enough to check that all docs are returned.

carlosdelest
carlosdelest approved these changes Aug 29, 2025
View reviewed changes
Copy link
Member

@carlosdelest carlosdelest left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@afoucret afoucret enabled auto-merge (squash) August 29, 2025 07:22
@afoucret afoucret merged commit 36a00d1 into elastic:main Aug 29, 2025
33 checks passed
@afoucret afoucret mentioned this pull request Aug 29, 2025
Merged
@elasticsearchmachine
Copy link
Collaborator

💔 Backport failed

Status Branch Result
9.0 Commit could not be cherrypicked due to conflicts
9.1
8.18 Commit could not be cherrypicked due to conflicts
8.19 Commit could not be cherrypicked due to conflicts

You can use sqren/backport to manually backport by running backport --upstream elastic/elasticsearch --pr 133737

afoucret added a commit to afoucret/elasticsearch that referenced this pull request Aug 29, 2025
@afoucret
KQL: Support boolean operators in field queries (elastic#133737)
99d9c53
This was referenced Aug 29, 2025
Merged
Closed
afoucret added a commit to afoucret/elasticsearch that referenced this pull request Aug 29, 2025
@afoucret
KQL: Support boolean operators in field queries (elastic#133737)
7b95ec7 
(cherry picked from commit 36a00d1)
@afoucret
Copy link
Contributor Author

💔 Some backports could not be created

Status Branch Result
9.0
8.18
8.17 Conflict resolution was aborted by the user
8.16 An unhandled error occurred. Please see the logs for details

Manual backport

To create the backport manually run:

backport --pr 133737

Questions ?

Please refer to the Backport tool documentation

afoucret added a commit to afoucret/elasticsearch that referenced this pull request Aug 29, 2025
@afoucret
KQL: Support boolean operators in field queries (elastic#133737)
2b1a925 
(cherry picked from commit 36a00d1)
elasticsearchmachine pushed a commit that referenced this pull request Aug 29, 2025
@afoucret
KQL: Support boolean operators in field queries (#133737) (#133835)
cae6afa
elasticsearchmachine pushed a commit that referenced this pull request Aug 29, 2025
@afoucret
KQL: Support boolean operators in field queries (#133737) (#133836)
68a161f 
(cherry picked from commit 36a00d1)
This was referenced Sep 1, 2025
Closed
Closed
@thecoop
Copy link
Member

thecoop commented Sep 1, 2025

@afoucret This causes #133863 and #133871

@afoucret afoucret mentioned this pull request Sep 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kderusso kderusso kderusso left review comments

@carlosdelest carlosdelest carlosdelest approved these changes

@ioanatia ioanatia Awaiting requested review from ioanatia

Assignees

No one assigned

Labels

auto-backport Automatically create backport pull requests when merged backport pending >bug :Search Relevance/Search Catch all for Search Relevance Team:Search Relevance Meta label for the Search Relevance team in Elasticsearch v8.18.7 v8.19.4 v9.0.6 v9.1.3 v9.2.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ESQL: KQL OR condition behavior causing query_shard_exception

5 participants

@afoucret @elasticsearchmachine @thecoop @carlosdelest @kderusso