query_key value is a string instead of a dict

### Behavior
Method  _check_matches_ in ruletypes.py appends the query key as a string. 
So match is a dict composed of simple type like string or integer.

**Rules types impacted:**  
- metric
- percentage

On another side, **all other rules** create match from documents content. The method involved is _add_data(self, data)_

### Example
Suppose that we store documents like this one in the index: 
{'@timestamp': **value**, metadata': { 'ip': **value**} }

- If we use a frequency rule on this index , the match generated will have this template : 

  `[{**'metadata': {'ip**': "10.0.0.1"}, '@timestamp': datetime.datetime(20...o=tzutc()), '@version': '1',  '_id': 'tR46i3oBTsznpu6_lwkh', '_index': 'index', '_type': '_doc'}]`

- If we use a metric rule, the match generated will have this template : 

  `[{**'metadata.ip**': '10.0.0.1' , '@timestamp': datetime.datetime(20...o=tzutc())'}]`


### Possible Solution

Fix _check_matches_ by converting query_key value=`"string1.string2.stringN"` to `["string1']["string2]['stringN"]`



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

query_key value is a string instead of a dict #340

Behavior

Example

Possible Solution

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development