Hello @Andrew_G,
Thanks a lot for the detailed explanation. Just to get to the bottom of this...
(
focus on the EDIT FILTER popover):
When I click 'Edit filter' I do not see the meta and $state keys:
This is normal right? (The rule has been duplicated and edited, but I did not touch this filter)
I just find it weird that pasting
{
"exists": {
"field": "user_agent.original"
}
}
Seems to have the same result as pasting
{
"$state": {
"store": "appState"
},
"exists": {
"field": "user_agent.original"
},
"meta": {
"disabled": false,
"indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
"key": "user_agent.original",
"negate": true,
"type": "exists",
"value": "exists"
}
}
After saving any of the above and going back to 'Edit filter', I always see:
Grtz
Willem