review with Liza

src/legacy/core_plugins/data/public/search/search_bar/components/search_bar.tsx

@@ -207,6 +207,10 @@ class SearchBarUI extends Component<SearchBarProps, State> {
     );
   }
 
+  /*
+   * This Function is here to show the toggle in saved query form
+   * in case you the date range (from/to)
+   */
   private shouldRenderTimeFilterInSavedQueryForm() {
     const { dateRangeFrom, dateRangeTo, showDatePicker } = this.props;
     return (

src/plugins/data/common/es_query/filters/meta_filter.ts

@@ -36,6 +36,7 @@ export interface FilterMeta {
   alias: string | null;
   disabled: boolean;
   negate: boolean;
+  // controlledBy is there to identify who owns the filter
   controlledBy?: string;
   // index and type are optional only because when you create a new filter, there are no defaults
   index?: string;
@@ -49,9 +50,6 @@ export interface Filter {
   $state?: FilterState;
   meta: FilterMeta;
   query?: any;
-  exists?: any;
-  bool?: any;
-  range?: any;
 }
 
 export interface LatLon {

x-pack/legacy/plugins/siem/public/components/open_timeline/helpers.ts

@@ -113,17 +113,22 @@ export const defaultTimelineToTimelineModel = (
             },
             meta: {
               ...filter.meta,
+              ...(filter.meta && filter.meta.field != null
+                ? { params: parseString(filter.meta.field) }
+                : {}),
               ...(filter.meta && filter.meta.params != null
                 ? { params: parseString(filter.meta.params) }
                 : {}),
               ...(filter.meta && filter.meta.value != null
                 ? { value: parseString(filter.meta.value) }
                 : {}),
             },
-            ...(filter.bool != null ? { exists: parseString(filter.bool) } : {}),
             ...(filter.exists != null ? { exists: parseString(filter.exists) } : {}),
+            ...(filter.match_all != null ? { exists: parseString(filter.match_all) } : {}),
+            ...(filter.missing != null ? { exists: parseString(filter.missing) } : {}),
             ...(filter.query != null ? { query: parseString(filter.query) } : {}),
             ...(filter.range != null ? { range: parseString(filter.range) } : {}),
+            ...(filter.script != null ? { exists: parseString(filter.script) } : {}),
           }))
         : [],
     isFavorite: duplicate

x-pack/legacy/plugins/siem/public/components/query_bar/index.tsx

@@ -8,13 +8,16 @@ import { isEqual } from 'lodash/fp';
 import React, { memo, useState, useEffect, useMemo, useCallback } from 'react';
 import { StaticIndexPattern, IndexPattern } from 'ui/index_patterns';
 
-import { Query, TimeRange } from 'src/plugins/data/common/types';
-
 import { SavedQuery, SearchBar } from '../../../../../../../src/legacy/core_plugins/data/public';
-import { FilterManager, TimeHistory } from '../../../../../../../src/plugins/data/public';
+import {
+  esFilters,
+  FilterManager,
+  Query,
+  TimeHistory,
+  TimeRange,
+} from '../../../../../../../src/plugins/data/public';
 import { SavedQueryTimeFilter } from '../../../../../../../src/legacy/core_plugins/data/public/search';
 import { Storage } from '../../../../../../../src/plugins/kibana_utils/public';
-import { Filter } from '../../../../../../../src/plugins/data/common/es_query/filters';
 
 export interface QueryBarComponentProps {
   dateRangeFrom?: string;
@@ -24,7 +27,7 @@ export interface QueryBarComponentProps {
   isRefreshPaused?: boolean;
   filterQuery: Query;
   filterManager: FilterManager;
-  filters: Filter[];
+  filters: esFilters.Filter[];
   onChangedQuery: (query: Query) => void;
   onSubmitQuery: (query: Query, timefilter?: SavedQueryTimeFilter) => void;
   refreshInterval?: number;
@@ -102,7 +105,7 @@ export const QueryBar = memo<QueryBarComponentProps>(
     }, [filterManager, onSubmitQuery, onSavedQuery, savedQuery]);
 
     const onFiltersUpdated = useCallback(
-      (newFilters: Filter[]) => {
+      (newFilters: esFilters.Filter[]) => {
         filterManager.setFilters(newFilters);
       },
       [filterManager]

x-pack/legacy/plugins/siem/public/components/timeline/helpers.test.tsx

@@ -6,6 +6,7 @@
 
 import { cloneDeep } from 'lodash/fp';
 
+import { esFilters } from '../../../../../../../src/plugins/data/public';
 import { FilterStateStore } from '../../../../../../../src/plugins/data/common/es_query/filters';
 import { mockIndexPattern } from '../../mock';
 
@@ -193,7 +194,7 @@ describe('Combined Queries', () => {
               value: 'exists',
             },
             exists: { field: 'host.name' },
-          },
+          } as esFilters.Filter,
         ],
         kqlQuery: { query: '', language: 'kuery' },
         kqlMode: 'search',

x-pack/legacy/plugins/siem/public/components/timeline/helpers.tsx

@@ -7,7 +7,7 @@
 import { isEmpty, isNumber, get } from 'lodash/fp';
 import memoizeOne from 'memoize-one';
 import { StaticIndexPattern } from 'ui/index_patterns';
-import { Query, esFilters } from 'src/plugins/data/public';
+import { Query, esFilters } from '../../../../../../../src/plugins/data/public';
 
 import { escapeQueryValue, convertToBuildEsQuery, EsQueryConfig } from '../../lib/keury';
 

x-pack/legacy/plugins/siem/public/components/timeline/index.tsx

@@ -9,7 +9,7 @@ import React, { useEffect, useCallback } from 'react';
 import { connect } from 'react-redux';
 import { ActionCreator } from 'typescript-fsa';
 
-import { Filter } from '../../../../../../../src/plugins/data/common/es_query/filters';
+import { esFilters } from '../../../../../../../src/plugins/data/public';
 
 import { WithSource } from '../../containers/source';
 import { inputsModel, inputsSelectors, State, timelineSelectors } from '../../store';
@@ -42,7 +42,7 @@ interface StateReduxProps {
   columns: ColumnHeader[];
   dataProviders?: DataProvider[];
   end: number;
-  filters: Filter[];
+  filters: esFilters.Filter[];
   isLive: boolean;
   itemsPerPage?: number;
   itemsPerPageOptions?: number[];

x-pack/legacy/plugins/siem/public/components/timeline/query_bar/index.tsx

@@ -186,8 +186,8 @@ export const QueryBarTimeline = memo<QueryBarTimelineComponentProps>(
       (newQuery: Query) => {
         if (
           filterQueryDraft == null ||
-          ((filterQueryDraft != null && filterQueryDraft.expression !== newQuery.query) ||
-            filterQueryDraft.kind !== newQuery.language)
+          (filterQueryDraft != null && filterQueryDraft.expression !== newQuery.query) ||
+          filterQueryDraft.kind !== newQuery.language
         ) {
           setKqlFilterQueryDraft(
             newQuery.query as string,
@@ -202,8 +202,8 @@ export const QueryBarTimeline = memo<QueryBarTimelineComponentProps>(
       (newQuery: Query, timefilter?: SavedQueryTimeFilter) => {
         if (
           filterQuery == null ||
-          ((filterQuery != null && filterQuery.expression !== newQuery.query) ||
-            filterQuery.kind !== newQuery.language)
+          (filterQuery != null && filterQuery.expression !== newQuery.query) ||
+          filterQuery.kind !== newQuery.language
         ) {
           setKqlFilterQueryDraft(
             newQuery.query as string,

x-pack/legacy/plugins/siem/public/components/timeline/search_or_filter/index.tsx

@@ -10,7 +10,7 @@ import { connect } from 'react-redux';
 import { Dispatch } from 'redux';
 import { StaticIndexPattern } from 'ui/index_patterns';
 
-import { Filter } from '../../../../../../../../src/plugins/data/common/es_query/filters';
+import { esFilters } from '../../../../../../../../src/plugins/data/public';
 import { BrowserFields } from '../../../containers/source';
 import { convertKueryToElasticSearchQuery } from '../../../lib/keury';
 import {
@@ -35,7 +35,7 @@ interface OwnProps {
 
 interface StateReduxProps {
   dataProviders: DataProvider[];
-  filters: Filter[];
+  filters: esFilters.Filter[];
   filterQuery: KueryFilterQuery;
   filterQueryDraft: KueryFilterQuery;
   from: number;
@@ -65,7 +65,7 @@ interface DispatchProps {
     filterQueryDraft: KueryFilterQuery;
   }) => void;
   setSavedQueryId: ({ id, savedQueryId }: { id: string; savedQueryId: string | null }) => void;
-  setFilters: ({ id, filters }: { id: string; filters: Filter[] }) => void;
+  setFilters: ({ id, filters }: { id: string; filters: esFilters.Filter[] }) => void;
   updateReduxTime: DispatchUpdateReduxTime;
 }
 
@@ -123,7 +123,7 @@ const StatefulSearchOrFilterComponent = React.memo<Props>(
     );
 
     const setFiltersInTimeline = useCallback(
-      (newFilters: Filter[]) =>
+      (newFilters: esFilters.Filter[]) =>
         setFilters({
           id: timelineId,
           filters: newFilters,
@@ -242,7 +242,7 @@ const mapDispatchToProps = (dispatch: Dispatch) => ({
     ),
   setSavedQueryId: ({ id, savedQueryId }: { id: string; savedQueryId: string | null }) =>
     dispatch(timelineActions.setSavedQueryId({ id, savedQueryId })),
-  setFilters: ({ id, filters }: { id: string; filters: Filter[] }) =>
+  setFilters: ({ id, filters }: { id: string; filters: esFilters.Filter[] }) =>
     dispatch(timelineActions.setFilters({ id, filters })),
   updateReduxTime: dispatchUpdateReduxTime(dispatch),
 });

x-pack/legacy/plugins/siem/public/components/timeline/search_or_filter/search_or_filter.tsx

@@ -10,7 +10,7 @@ import { pure } from 'recompose';
 import styled, { injectGlobal } from 'styled-components';
 import { StaticIndexPattern } from 'ui/index_patterns';
 
-import { Filter } from '../../../../../../../../src/plugins/data/common/es_query/filters';
+import { esFilters } from '../../../../../../../../src/plugins/data/public';
 import { BrowserFields } from '../../../containers/source';
 import { KueryFilterQuery, KueryFilterQueryKind } from '../../../store';
 import { KqlMode } from '../../../store/timeline/model';
@@ -55,10 +55,10 @@ interface Props {
   timelineId: string;
   updateKqlMode: ({ id, kqlMode }: { id: string; kqlMode: KqlMode }) => void;
   refreshInterval: number;
-  setFilters: (filters: Filter[]) => void;
+  setFilters: (filters: esFilters.Filter[]) => void;
   setKqlFilterQueryDraft: (expression: string, kind: KueryFilterQueryKind) => void;
   setSavedQueryId: (savedQueryId: string | null) => void;
-  filters: Filter[];
+  filters: esFilters.Filter[];
   savedQueryId: string | null;
   to: number;
   toStr: string;

x-pack/legacy/plugins/siem/public/components/timeline/timeline.tsx

@@ -11,7 +11,7 @@ import * as React from 'react';
 import styled from 'styled-components';
 import { StaticIndexPattern } from 'ui/index_patterns';
 
-import { Filter } from '../../../../../../../src/plugins/data/common/es_query/filters';
+import { esFilters } from '../../../../../../../src/plugins/data/public';
 import { BrowserFields } from '../../containers/source';
 import { TimelineQuery } from '../../containers/timeline';
 import { Direction } from '../../graphql/types';
@@ -62,7 +62,7 @@ interface Props {
   columns: ColumnHeader[];
   dataProviders: DataProvider[];
   end: number;
-  filters: Filter[];
+  filters: esFilters.Filter[];
   flyoutHeaderHeight: number;
   flyoutHeight: number;
   id: string;

x-pack/legacy/plugins/siem/public/containers/timeline/one/index.gql_query.ts

@@ -77,6 +77,8 @@ export const oneTimelineQuery = gql`
           alias
           controlledBy
           disabled
+          field
+          formattedValue
           index
           key
           negate
@@ -86,8 +88,10 @@ export const oneTimelineQuery = gql`
         }
         query
         exists
-        bool
+        match_all
+        missing
         range
+        script
       }
       kqlMode
       kqlQuery {

x-pack/legacy/plugins/siem/public/containers/timeline/persist.gql_query.ts

@@ -65,6 +65,8 @@ export const persistTimelineMutation = gql`
             alias
             controlledBy
             disabled
+            field
+            formattedValue
             index
             key
             negate
@@ -74,8 +76,10 @@ export const persistTimelineMutation = gql`
           }
           query
           exists
-          bool
+          match_all
+          missing
           range
+          script
         }
         kqlMode
         kqlQuery {