[kql] Creating filters with numeric scripted fields sends incorrect type

[lukasolson]

Kibana version: 7.12

Describe the bug:

Upgrading to 7.12 from 7.11.2 causes errors when trying to use previously defined scripted fields in queries.

For example, I calculate the length of a DNS query from my Zeek logs in Filebeat by creating a scripted field called "dns.question.length" defined as:

if (doc.containsKey('dns.question.name') && doc['dns.question.name'].size()!=0 ) {
return doc['dns.question.name'].value.length()
}
return 0

This will still calculate and display correctly in the "Discover" view when I open a log for viewing. However, if I try to run a search query in "Discover" like dns.question.length > 50 to find any DNS queries larger than a length of 50, I get shard errors:

{
"took": 13,
"timed_out": false,
"_shards": {
"total": 4,
"successful": 3,
"skipped": 3,
"failed": 1,
"failures": [
{
"shard": 0,
"index": "filebeat-7.12.0-2021.03.24-000001",
"node": "Qr7gcGRRQTaNvm0PLGP8ig",
"reason": {
"type": "script_exception",
"reason": "runtime error",
"script_stack": [
"return s.get() > v}",
" ^---- HERE"
],
"script": "boolean gt(Supplier s, def v) {return s.get() > v}gt(() -> { if (doc.containsKey('dns.question.name') && doc['dns.question.name'].size()!=0 ) { ...",
"lang": "painless",
"position": {
"offset": 39,
"start": 31,
"end": 50
},
"caused_by": {
"type": "class_cast_exception",
"reason": "Cannot apply [>] operation to types [java.lang.Integer] and [java.lang.String]."
}
}
}
]
},
"hits": {
"total": 0,
"max_score": 0,
"hits": []
}
}

Expected behavior:

The parameter would be sent as a numeric, rather than a string. We also need to verify whether or not the same is true for runtime fields.

Caused by #93658.

[elasticmachine]

Pinging @elastic/kibana-app-services (Team:AppServices)

[marius-dr]

^ this work fine with runtime fields. Just tested it today when an user asked on Discuss about scripted fields.