Revert "EQL: Avoid filtering on tiebreakers (#63215)"
This reverts commit efd2243886
.
This commit is contained in:
parent
ccaec70a84
commit
1047d67199
|
@ -6,7 +6,7 @@ query = '''
|
|||
[ ERROR where true ]
|
||||
[ STAT where true ]
|
||||
'''
|
||||
expected_event_ids = [1,2,3,1,2,3]
|
||||
expected_event_ids = [1,2,3]
|
||||
|
||||
[[queries]]
|
||||
name = "basicWithFilter"
|
||||
|
|
|
@ -7,7 +7,9 @@
|
|||
package org.elasticsearch.xpack.eql;
|
||||
|
||||
import org.elasticsearch.test.eql.EqlExtraSpecTestCase;
|
||||
import org.elasticsearch.test.junit.annotations.TestLogging;
|
||||
|
||||
@TestLogging(value = "org.elasticsearch.xpack.eql:TRACE", reason = "results logging")
|
||||
public class EqlExtraIT extends EqlExtraSpecTestCase {
|
||||
|
||||
public EqlExtraIT(String query, String name, long[] eventIds, boolean caseSensitive) {
|
||||
|
|
|
@ -21,22 +21,29 @@ import static org.elasticsearch.index.query.QueryBuilders.rangeQuery;
|
|||
*
|
||||
* Note that the range is not set at once on purpose since each query tends to have
|
||||
* its own number of results separate from the others.
|
||||
* As such, each query starts from where it left off to reach the current in-progress window
|
||||
* As such, each query starts where it lefts to reach the current in-progress window
|
||||
* as oppose to always operating with the exact same window.
|
||||
*/
|
||||
public class BoxedQueryRequest implements QueryRequest {
|
||||
|
||||
private final RangeQueryBuilder timestampRange;
|
||||
private final RangeQueryBuilder tiebreakerRange;
|
||||
|
||||
private final SearchSourceBuilder searchSource;
|
||||
|
||||
private Ordinal from, to;
|
||||
private Ordinal after;
|
||||
|
||||
public BoxedQueryRequest(QueryRequest original, String timestamp) {
|
||||
public BoxedQueryRequest(QueryRequest original, String timestamp, String tiebreaker) {
|
||||
// setup range queries and preserve their reference to simplify the update
|
||||
timestampRange = rangeQuery(timestamp).timeZone("UTC").format("epoch_millis");
|
||||
BoolQueryBuilder filter = boolQuery().filter(timestampRange);
|
||||
if (tiebreaker != null) {
|
||||
tiebreakerRange = rangeQuery(tiebreaker);
|
||||
filter.filter(tiebreakerRange);
|
||||
} else {
|
||||
tiebreakerRange = null;
|
||||
}
|
||||
|
||||
searchSource = original.searchSource();
|
||||
// combine with existing query (if it exists)
|
||||
|
@ -65,6 +72,9 @@ public class BoxedQueryRequest implements QueryRequest {
|
|||
public BoxedQueryRequest from(Ordinal begin) {
|
||||
from = begin;
|
||||
timestampRange.gte(begin != null ? begin.timestamp() : null);
|
||||
if (tiebreakerRange != null) {
|
||||
tiebreakerRange.gte(begin != null ? begin.tiebreaker() : null);
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
|
@ -83,6 +93,9 @@ public class BoxedQueryRequest implements QueryRequest {
|
|||
public BoxedQueryRequest to(Ordinal end) {
|
||||
to = end;
|
||||
timestampRange.lte(end != null ? end.timestamp() : null);
|
||||
if (tiebreakerRange != null) {
|
||||
tiebreakerRange.lte(end != null ? end.tiebreaker() : null);
|
||||
}
|
||||
return this;
|
||||
}
|
||||
|
||||
|
|
|
@ -72,7 +72,7 @@ public class ExecutionManager {
|
|||
if (query instanceof EsQueryExec) {
|
||||
SearchSourceBuilder source = ((EsQueryExec) query).source(session);
|
||||
QueryRequest original = () -> source;
|
||||
BoxedQueryRequest boxedRequest = new BoxedQueryRequest(original, timestampName);
|
||||
BoxedQueryRequest boxedRequest = new BoxedQueryRequest(original, timestampName, tiebreakerName);
|
||||
Criterion<BoxedQueryRequest> criterion =
|
||||
new Criterion<>(i, boxedRequest, keyExtractors, tsExtractor, tbExtractor, i == 0 && descending);
|
||||
criteria.add(criterion);
|
||||
|
|
|
@ -95,7 +95,7 @@ public class SequenceSpecTests extends ESTestCase {
|
|||
|
||||
TestCriterion(final int ordinal) {
|
||||
super(ordinal,
|
||||
new BoxedQueryRequest(() -> SearchSourceBuilder.searchSource().query(matchAllQuery()).size(ordinal), "timestamp"),
|
||||
new BoxedQueryRequest(() -> SearchSourceBuilder.searchSource().query(matchAllQuery()).size(ordinal), "timestamp", null),
|
||||
keyExtractors,
|
||||
tsExtractor, tbExtractor, false);
|
||||
this.ordinal = ordinal;
|
||||
|
|
Loading…
Reference in New Issue