How to properly scape double quotes in query filters

[alexku7]

Please advice :)
I have for example that filter which works perfect in kibana ( KQL and Lucence syntax)
filter:
- query:
query_string:
query: "kubernetes.container_name: analyzer AND log: "ERROR" AND NOT ( log: "empty rules section" or log: "Failed to decode decrypted key body - Encoded text cannot have a 6-bit remainder")"

When I define it in elastalert the pod crashes. It's definitely because of double quotes. If I remove it , the elastAlert works.
Is is correct to escape the qyury in that way ?
filter:
- query:
query_string:
query: "kubernetes.container_name: analyzer AND log: \"ERROR\" AND NOT ( log: \"empty rules section\" or log: \"Failed to decode decrypted key body - Encoded text cannot have a 6-bit remainder\")"

The elastalert doesn't crash with error but I suspect that something wrong here. The elastalert doesn't find what it have to find :(

[alexku7]

seems replacing the query with single quotes without escape characters does the magic :)
query: 'kubernetes.container_name: analyzer AND log: "ERROR" AND NOT (log: "empty rules section" OR log: "Failed to decode decrypted key body - Encoded text cannot have a 6-bit remainder")'

Just wanted to metion that this format query: "kubernetes.container_name: analyzer AND log: \"ERROR\" AND NOT ( log: \"empty rules section\" or log: \"Failed to decode decrypted key body - Encoded text cannot have a 6-bit remainder\")"
causes to search the \ symbol literally