carverauto/serviceradar

Fork 0

2675 bug cant create event rule invalid request unsupported filter field for logs timestamp #2837

Merged

mfreeman451 merged 5 commits from refs/pull/2837/head into staging

2026-02-03 04:54:25 +00:00

mfreeman451 commented

2026-02-03 04:53:46 +00:00

(Migrated from github.com)

Owner

Imported from GitHub pull request.

Original GitHub pull request: #2679
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/pull/2679
Original created: 2026-02-03T04:53:46Z
Original updated: 2026-02-03T04:55:27Z
Original head: carverauto/serviceradar:2675-bug-cant-create-event-rule---invalid-request-unsupported-filter-field-for-logs-timestamp
Original base: staging
Original merged: 2026-02-03T04:54:25Z by @mfreeman451

User description

IMPORTANT: Please sign the Developer Certificate of Origin

Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include
a DCO sign-off statement indicating the DCO acceptance in one commit message. Here
is an example DCO Signed-off-by line in a commit message:

Signed-off-by: J. Doe <j.doe@domain.com>

Describe your changes

Issue ticket number and link

Code checklist before requesting a review

I have signed the DCO?
The build completes without errors?
All tests are passing when running make test?

PR Type

Bug fix, Enhancement

Description

Fix event rule creation by using Ash.Changeset for proper validation
Replace unsupported timestamp: filter with SRQL time:last_1h token
Add support for message field alias in log query filters
Navigate to rules page after successful rule creation
Apply consistent SRQL wildcard syntax with percent signs

Diagram Walkthrough

flowchart LR
  A["Event Rule Creation"] -->|Use Changeset| B["Proper Validation"]
  C["SRQL Query Building"] -->|Replace timestamp| D["Use time:last_1h"]
  E["Log Filters"] -->|Add message alias| F["Support message field"]
  G["Rule Creation Success"] -->|Navigate| H["Settings Rules Page"]
  I["Preview Filters"] -->|Escape & Format| J["Percent wildcard syntax"]

File Walkthrough

Relevant files

Bug fix

promotion_rule_builder.ex

Fix event rule creation and SRQL query syntax

web-ng/lib/serviceradar_web_ng_web/components/promotion_rule_builder.ex

Use Ash.Changeset.for_create before Ash.create for proper validation
Replace timestamp:>now-1h with time:last_1h in preview queries
Apply percent-sign wildcards to body and severity filters
Escape SRQL values consistently for all filter types

+7/-4

Enhancement

show.ex `Navigate to rules after rule creation` web-ng/lib/serviceradar_web_ng_web/live/log_live/show.ex Navigate to settings rules page after successful rule creation Simplify success flash message Redirect to rules with events tab selected	+2/-4
logs.rs `Add message field alias support for logs` rust/srql/src/query/logs.rs Add `message` as supported field alias for `body` in filter collection Add `message` field support in text filter application Add `message` field support in group field resolution Add `message` field support in stats filter clause building Add test cases for message filter support in regular and stats queries	+64/-4

Tests

promotion_rule_builder_test.exs

Update preview query test assertions

web-ng/test/serviceradar_web_ng_web/components/promotion_rule_builder_test.exs

Update time filter assertions from timestamp:>now-1h to time:last_1h
Update body filter assertions to use percent wildcards instead of
asterisks
Update severity filter assertions to use percent wildcards and
escaping
Verify multiple filter combinations with new syntax

+7/-7

show_test.exs

Update rule creation success assertion

web-ng/test/serviceradar_web_ng_web/live/log_live/show_test.exs

Assert redirect to settings rules page instead of modal closure
Verify navigation includes events tab parameter

+1/-1

Documentation

proposal.md `Add change proposal documentation` openspec/changes/fix-log-rule-preview-time-filter/proposal.md Document the issue with `timestamp:>now-1h` filter rejection Specify use of SRQL `time:last_1h` token as solution List affected specs and code components	+12/-0
spec.md `Add rule preview specification requirements` openspec/changes/fix-log-rule-preview-time-filter/specs/observability-rule-management/spec.md Define requirement for rule testing and preview functionality Specify SRQL `time:last_1h` filter usage in scenarios Document preview update behavior on condition changes	+22/-0
tasks.md `Add implementation task tracking` openspec/changes/fix-log-rule-preview-time-filter/tasks.md Track implementation tasks for time filter fix Mark query update and test updates as complete Note manual verification task pending	+4/-0

Imported from GitHub pull request. Original GitHub pull request: #2679 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/pull/2679 Original created: 2026-02-03T04:53:46Z Original updated: 2026-02-03T04:55:27Z Original head: carverauto/serviceradar:2675-bug-cant-create-event-rule---invalid-request-unsupported-filter-field-for-logs-timestamp Original base: staging Original merged: 2026-02-03T04:54:25Z by @mfreeman451 --- ### **User description** ## IMPORTANT: Please sign the Developer Certificate of Origin Thank you for your contribution to ServiceRadar. Please note, when contributing, the developer must include a [DCO sign-off statement]( https://developercertificate.org/) indicating the DCO acceptance in one commit message. Here is an example DCO Signed-off-by line in a commit message: ``` Signed-off-by: J. Doe <j.doe@domain.com> ``` ## Describe your changes ## Issue ticket number and link ## Code checklist before requesting a review - [ ] I have signed the DCO? - [ ] The build completes without errors? - [ ] All tests are passing when running make test? ___ ### **PR Type** Bug fix, Enhancement ___ ### **Description** - Fix event rule creation by using Ash.Changeset for proper validation - Replace unsupported `timestamp:` filter with SRQL `time:last_1h` token - Add support for `message` field alias in log query filters - Navigate to rules page after successful rule creation - Apply consistent SRQL wildcard syntax with percent signs ___ ### Diagram Walkthrough ```mermaid flowchart LR A["Event Rule Creation"] -->|Use Changeset| B["Proper Validation"] C["SRQL Query Building"] -->|Replace timestamp| D["Use time:last_1h"] E["Log Filters"] -->|Add message alias| F["Support message field"] G["Rule Creation Success"] -->|Navigate| H["Settings Rules Page"] I["Preview Filters"] -->|Escape & Format| J["Percent wildcard syntax"] ``` <details><summary><h3>File Walkthrough</h3></summary> <table><thead><tr><th></th><th align="left">Relevant files</th></tr></thead><tbody><tr><td><strong>Bug fix</strong></td><td><table> <tr> <td> <details> <summary><strong>promotion_rule_builder.ex</strong><dd><code>Fix event rule creation and SRQL query syntax</code>                        </dd></summary> <hr> web-ng/lib/serviceradar_web_ng_web/components/promotion_rule_builder.ex <ul><li>Use <code>Ash.Changeset.for_create</code> before <code>Ash.create</code> for proper validation<br> <li> Replace <code>timestamp:>now-1h</code> with <code>time:last_1h</code> in preview queries<br> <li> Apply percent-sign wildcards to body and severity filters<br> <li> Escape SRQL values consistently for all filter types</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2679/files#diff-0226580d3777904915943339ececa4e0e314a03a7c43a0e9afec64fe2a8f9354">+7/-4</a>      </td> </tr> </table></td></tr><tr><td><strong>Enhancement</strong></td><td><table> <tr> <td> <details> <summary><strong>show.ex</strong><dd><code>Navigate to rules after rule creation</code>                                        </dd></summary> <hr> web-ng/lib/serviceradar_web_ng_web/live/log_live/show.ex <ul><li>Navigate to settings rules page after successful rule creation<br> <li> Simplify success flash message<br> <li> Redirect to rules with events tab selected</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2679/files#diff-4f9769353c55928a0d382cd7510379444445aea116e1ecdf7b8eb892d249ff26">+2/-4</a>      </td> </tr> <tr> <td> <details> <summary><strong>logs.rs</strong><dd><code>Add message field alias support for logs</code>                                  </dd></summary> <hr> rust/srql/src/query/logs.rs <ul><li>Add <code>message</code> as supported field alias for <code>body</code> in filter collection<br> <li> Add <code>message</code> field support in text filter application<br> <li> Add <code>message</code> field support in group field resolution<br> <li> Add <code>message</code> field support in stats filter clause building<br> <li> Add test cases for message filter support in regular and stats queries</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2679/files#diff-f4d3b33667f2e79a6ebe4cfff931f93c728d9a81c305ac13586e623850a504db">+64/-4</a>    </td> </tr> </table></td></tr><tr><td><strong>Tests</strong></td><td><table> <tr> <td> <details> <summary><strong>promotion_rule_builder_test.exs</strong><dd><code>Update preview query test assertions</code>                                          </dd></summary> <hr> web-ng/test/serviceradar_web_ng_web/components/promotion_rule_builder_test.exs <ul><li>Update time filter assertions from <code>timestamp:>now-1h</code> to <code>time:last_1h</code><br> <li> Update body filter assertions to use percent wildcards instead of <br>asterisks<br> <li> Update severity filter assertions to use percent wildcards and <br>escaping<br> <li> Verify multiple filter combinations with new syntax</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2679/files#diff-4ff7f672a7acd6834d3e7eba25af462a2535e6ee010b511de8e57d12693703d4">+7/-7</a>      </td> </tr> <tr> <td> <details> <summary><strong>show_test.exs</strong><dd><code>Update rule creation success assertion</code>                                      </dd></summary> <hr> web-ng/test/serviceradar_web_ng_web/live/log_live/show_test.exs <ul><li>Assert redirect to settings rules page instead of modal closure<br> <li> Verify navigation includes events tab parameter</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2679/files#diff-2d62472b3e212a4da643a2f66d2a07d358795602e680f31249a162b71fa0ea3b">+1/-1</a>      </td> </tr> </table></td></tr><tr><td><strong>Documentation</strong></td><td><table> <tr> <td> <details> <summary><strong>proposal.md</strong><dd><code>Add change proposal documentation</code>                                                </dd></summary> <hr> openspec/changes/fix-log-rule-preview-time-filter/proposal.md <ul><li>Document the issue with <code>timestamp:>now-1h</code> filter rejection<br> <li> Specify use of SRQL <code>time:last_1h</code> token as solution<br> <li> List affected specs and code components</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2679/files#diff-a9154afa019d66a662e2d3dd92480888ead5f77e0ac7890e32d4827305cc20c7">+12/-0</a>    </td> </tr> <tr> <td> <details> <summary><strong>spec.md</strong><dd><code>Add rule preview specification requirements</code>                            </dd></summary> <hr> openspec/changes/fix-log-rule-preview-time-filter/specs/observability-rule-management/spec.md <ul><li>Define requirement for rule testing and preview functionality<br> <li> Specify SRQL <code>time:last_1h</code> filter usage in scenarios<br> <li> Document preview update behavior on condition changes</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2679/files#diff-b4180adcaf3fd0524deb151c47a9faf9beab40b8e3243b7caa063e7c386434e7">+22/-0</a>    </td> </tr> <tr> <td> <details> <summary><strong>tasks.md</strong><dd><code>Add implementation task tracking</code>                                                  </dd></summary> <hr> openspec/changes/fix-log-rule-preview-time-filter/tasks.md <ul><li>Track implementation tasks for time filter fix<br> <li> Mark query update and test updates as complete<br> <li> Note manual verification task pending</ul> </details> </td> <td><a href="https://github.com/carverauto/serviceradar/pull/2679/files#diff-b68695dcb9f576e88870b0c4aa3cbc4ccd6aa859f71581b01849ce2f5bbed0b5">+4/-0</a>      </td> </tr> </table></td></tr></tbody></table> </details> ___

qodo-code-review[bot] commented

2026-02-03 04:54:24 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2679#issuecomment-3839049442
Original created: 2026-02-03T04:54:24Z

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance

🟢

No security concerns identified

No security vulnerabilities detected by AI analysis. Human verification advised for critical code.

Ticket Compliance

🟡

🎫 #2675

🟢	Fix the log/event rule preview failure caused by SRQL rejecting the `timestamp` filter field (error: "unsupported filter field for logs: 'timestamp'").
⚪	Ensure a simple rule (e.g., message contains `earlyoom`, any severity, no service name) can be previewed/created without triggering the unsupported `timestamp` filter error.

Codebase Duplication Compliance

⚪

Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance

🟢

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

⚪

Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status:
No audit logging shown: The PR adds/changes event rule creation behavior but the diff does not show any
corresponding audit trail emission (user ID, action, outcome), so compliance cannot be
confirmed from the visible changes.

Referred Code

changeset = Ash.Changeset.for_create(EventRule, :create, attrs, scope: scope)

case Ash.create(changeset) do
  {:ok, rule} ->
    send(self(), {:rule_created, rule})
    {:noreply, assign(socket, :saving, false)}

Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2679#issuecomment-3839049442 Original created: 2026-02-03T04:54:24Z --- ## PR Compliance Guide 🔍  Below is a summary of compliance checks for this PR:<br> <table><tbody><tr><td colspan='2'><strong>Security Compliance</strong></td></tr> <tr><td>🟢</td><td><details><summary><strong>No security concerns identified</strong></summary> No security vulnerabilities detected by AI analysis. Human verification advised for critical code. </details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>🟡</td> <td> <details> <summary>🎫 <a href=https://github.com/carverauto/serviceradar/issues/2675>#2675</a></summary> <table width='100%'><tbody> <tr><td rowspan=1>🟢</td> <td>Fix the log/event rule preview failure caused by SRQL rejecting the <code>timestamp</code> filter field <br>(error: "unsupported filter field for logs: 'timestamp'").<br></td></tr> <tr><td rowspan=1>⚪</td> <td>Ensure a simple rule (e.g., message contains <code>earlyoom</code>, any severity, no service name) can <br>be previewed/created without triggering the unsupported <code>timestamp</code> filter error.<br></td></tr> </tbody></table> </details> </td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td rowspan=5>🟢</td><td> <details><summary><strong>Generic: Meaningful Naming and Self-Documenting Code</strong></summary><br> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code <br>self-documenting<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Robust Error Handling and Edge Case Management</strong></summary><br> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful <br>degradation<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Error Handling</strong></summary><br> **Objective:** To prevent the leakage of sensitive system information through error messages while <br>providing sufficient detail for internal debugging.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Logging Practices</strong></summary><br> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive <br>information like PII, PHI, or cardholder data.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Security-First Input Validation and Data Handling</strong></summary><br> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent <br>vulnerabilities<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=1>⚪</td> <td><details> <summary><strong>Generic: Comprehensive Audit Trails</strong></summary><br> **Objective:** To create a detailed and reliable record of critical system actions for security analysis <br>and compliance.<br> **Status:** <br><a href='https://github.com/carverauto/serviceradar/pull/2679/files#diff-0226580d3777904915943339ececa4e0e314a03a7c43a0e9afec64fe2a8f9354R692-R697'><strong>No audit logging shown</strong></a>: The PR adds/changes event rule creation behavior but the diff does not show any <br>corresponding audit trail emission (user ID, action, outcome), so compliance cannot be <br>confirmed from the visible changes.<br> <details open><summary>Referred Code</summary> ```elixir changeset = Ash.Changeset.for_create(EventRule, :create, attrs, scope: scope) case Ash.create(changeset) do {:ok, rule} -> send(self(), {:rule_created, rule}) {:noreply, assign(socket, :saving, false)} ``` </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2">   </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

qodo-code-review[bot] commented

2026-02-03 04:55:27 +00:00

(Migrated from github.com)

Author

Owner

Imported GitHub PR comment.

Original author: @qodo-code-review[bot]
Original URL: https://github.com/carverauto/serviceradar/pull/2679#issuecomment-3839051958
Original created: 2026-02-03T04:55:27Z

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Escape wildcard characters in SRQL values Extend the `escape_srql_value` function to also escape the SQL wildcard characters `%` and `_` to prevent them from being interpreted as wildcards in LIKE filters. web-ng/lib/serviceradar_web_ng_web/components/promotion_rule_builder.ex [492-496] `defp escape_srql_value(value) when is_binary(value) do value \|> String.replace("\\", "\\\\") \|> String.replace("\"", "\\\"") + \|> String.replace("%", "\\%") + \|> String.replace("_", "\\_") end` `[To ensure code accuracy, apply this suggestion manually]` Suggestion importance[1-10]: 8 __ Why: The suggestion addresses a valid security and correctness issue by pointing out that SQL wildcard characters (`%` and `_`) in user input are not being escaped, which could lead to unintended filter behavior or injection-like issues.	Medium
Possible issue	Use exact match for severity filter Use an exact match for the `severity_text` filter instead of a "contains" search by removing the `%` wildcards from the filter string. web-ng/lib/serviceradar_web_ng_web/components/promotion_rule_builder.ex [756-762] `filters = if form[:severity_enabled].value and String.trim(form[:severity_text].value \|\| "") != "" do escaped = escape_srql_value(form[:severity_text].value) - ["severity_text:\"%#{escaped}%\"" \| filters] + ["severity_text:\"#{escaped}\"" \| filters] else filters end` Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies a potential functional bug where the PR changes the `severity_text` filter to a "contains" search, which is likely incorrect for discrete values like severity levels. Reverting to an exact match improves correctness.	Medium
More

Imported GitHub PR comment. Original author: @qodo-code-review[bot] Original URL: https://github.com/carverauto/serviceradar/pull/2679#issuecomment-3839051958 Original created: 2026-02-03T04:55:27Z --- ## PR Code Suggestions ✨  Explore these optional code suggestions: <table><thead><tr><td><strong>Category</strong></td><td align=left><strong>Suggestion                                                                                                                                    </strong></td><td align=center><strong>Impact</strong></td></tr><tbody><tr><td rowspan=1>General</td> <td> <details><summary>Escape wildcard characters in SRQL values</summary> ___ **Extend the <code>escape_srql_value</code> function to also escape the SQL wildcard characters <br><code>%</code> and <code>_</code> to prevent them from being interpreted as wildcards in LIKE filters.** [web-ng/lib/serviceradar_web_ng_web/components/promotion_rule_builder.ex [492-496]](https://github.com/carverauto/serviceradar/pull/2679/files#diff-0226580d3777904915943339ececa4e0e314a03a7c43a0e9afec64fe2a8f9354R492-R496) ```diff defp escape_srql_value(value) when is_binary(value) do value |> String.replace("\\", "\\\\") |> String.replace("\"", "\\\"") + |> String.replace("%", "\\%") + |> String.replace("_", "\\_") end ``` `[To ensure code accuracy, apply this suggestion manually]` <details><summary>Suggestion importance[1-10]: 8</summary> __ Why: The suggestion addresses a valid security and correctness issue by pointing out that SQL wildcard characters (`%` and `_`) in user input are not being escaped, which could lead to unintended filter behavior or injection-like issues. </details></details></td><td align=center>Medium </td></tr><tr><td rowspan=1>Possible issue</td> <td> <details><summary>Use exact match for severity filter</summary> ___ **Use an exact match for the <code>severity_text</code> filter instead of a "contains" search <br>by removing the <code>%</code> wildcards from the filter string.** [web-ng/lib/serviceradar_web_ng_web/components/promotion_rule_builder.ex [756-762]](https://github.com/carverauto/serviceradar/pull/2679/files#diff-0226580d3777904915943339ececa4e0e314a03a7c43a0e9afec64fe2a8f9354R756-R762) ```diff filters = if form[:severity_enabled].value and String.trim(form[:severity_text].value || "") != "" do escaped = escape_srql_value(form[:severity_text].value) - ["severity_text:\"%#{escaped}%\"" | filters] + ["severity_text:\"#{escaped}\"" | filters] else filters end ``` - [ ] **Apply / Chat**  <details><summary>Suggestion importance[1-10]: 7</summary> __ Why: The suggestion correctly identifies a potential functional bug where the PR changes the `severity_text` filter to a "contains" search, which is likely incorrect for discrete values like severity levels. Reverting to an exact match improves correctness. </details></details></td><td align=center>Medium </td></tr> <tr><td align="center" colspan="2"> - [ ] More  </td><td></td></tr></tbody></table>