Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EQL: revising usage of quote (single or double) for escaping identifiers #57194

Closed
costin opened this issue May 27, 2020 · 4 comments
Closed

EQL: revising usage of quote (single or double) for escaping identifiers #57194

costin opened this issue May 27, 2020 · 4 comments
Assignees
@rw-access
Labels
:Analytics/EQL EQL querying >enhancement Team:QL (Deprecated) Meta label for query languages team

Comments

@costin
Copy link
Member

costin commented May 27, 2020

User feedback when running an EQL query: I cannot escape the event category for the query: system.cpu where cpu.cores = 16

line 1:8: mismatched input '.' expecting 'where'

Tried escaping (with " or "):
"system.cpu" where ...

line 1:1: no viable alternative at input '\"system.cpu\"'"

Finally fixed by using backticks:
`system.cpu` where ...

This is a poor experience from an internal uses, that is interested in EQL and know about it. And yet gets caught off-guard by our use of quotes and escaping.

I'm raising this issue to revisit this topic and improve the current situation.
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-ql (:Query Languages/EQL)

@elasticmachine elasticmachine added the Team:QL (Deprecated) Meta label for query languages team label May 27, 2020
@costin
Copy link
Member Author

costin commented May 27, 2020

For background, see the previous issue on the same topic at #51443

@rw-access rw-access self-assigned this May 28, 2020
@rw-access
Copy link
Contributor

rw-access commented May 28, 2020
edited
Loading

I think we need a separate pattern for eventType. I think it's fair to allow . and -, and that shouldn't cause any conflicts with the grammar since we still have where as a hard requirement. Or we could handle error conditions in a different way where we can show the recommended syntax.

@rw-access rw-access mentioned this issue Aug 27, 2020
Closed
@costin
Copy link
Member Author

costin commented Sep 28, 2020

Superseded by #62883 and #62933.

@costin costin closed this as completed Sep 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rw-access rw-access

Labels
:Analytics/EQL EQL querying >enhancement Team:QL (Deprecated) Meta label for query languages team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@costin @elasticmachine @rw-access