From 712e0c05cd8cf9b2da47df230b242c91630f7eb4 Mon Sep 17 00:00:00 2001 From: Costin Leau Date: Mon, 2 Mar 2020 22:40:05 +0200 Subject: [PATCH] EQL: Add implicit ordering on timestamp (#53004) QL: Move Sort base class from SQL to QL (cherry picked from commit 798015b7bbd565e9c4222724614baeb432c7c2b3) --- .../client/eql/EqlSearchRequest.java | 2 +- .../java/org/elasticsearch/client/EqlIT.java | 1 + docs/reference/eql/search.asciidoc | 8 +- .../rest-api-spec/test/eql/10_basic.yml | 1 + .../xpack/eql/action/RequestDefaults.java | 2 +- .../eql/execution/search/SourceGenerator.java | 74 +++++++++++++++++-- .../xpack/eql/parser/LogicalPlanBuilder.java | 11 ++- .../xpack/eql/planner/QueryFolder.java | 43 ++++++++++- .../querydsl/container/QueryContainer.java | 26 +++++-- .../xpack/eql/parser/LogicalPlanTests.java | 18 ++++- .../src/test/resources/mapping-binary.json | 3 + .../src/test/resources/mapping-boolean.json | 3 + .../eql/src/test/resources/mapping-date.json | 3 + .../eql/src/test/resources/mapping-ip.json | 3 + .../eql/src/test/resources/mapping-join.json | 3 + .../test/resources/mapping-multi-field.json | 3 + .../src/test/resources/mapping-nested.json | 3 + .../eql/src/test/resources/mapping-nodoc.json | 3 + .../src/test/resources/mapping-numeric.json | 3 + .../src/test/resources/mapping-object.json | 3 + .../ql}/querydsl/container/AttributeSort.java | 2 +- .../ql}/querydsl/container/ScriptSort.java | 2 +- .../xpack/ql}/querydsl/container/Sort.java | 2 +- .../sql/execution/search/SourceGenerator.java | 6 +- .../xpack/sql/planner/QueryFolder.java | 8 +- .../xpack/sql/querydsl/agg/Aggs.java | 2 +- .../querydsl/agg/GroupByDateHistogram.java | 2 +- .../xpack/sql/querydsl/agg/GroupByKey.java | 2 +- .../querydsl/agg/GroupByNumericHistogram.java | 2 +- .../xpack/sql/querydsl/agg/GroupByValue.java | 2 +- .../xpack/sql/querydsl/agg/TopHitsAgg.java | 2 +- .../sql/querydsl/container/AggregateSort.java | 1 + .../container/GroupingFunctionSort.java | 2 + .../querydsl/container/QueryContainer.java | 1 + .../sql/querydsl/container/ScoreSort.java | 3 + .../search/SourceGeneratorTests.java | 6 +- 36 files changed, 221 insertions(+), 40 deletions(-) rename x-pack/plugin/{sql/src/main/java/org/elasticsearch/xpack/sql => ql/src/main/java/org/elasticsearch/xpack/ql}/querydsl/container/AttributeSort.java (95%) rename x-pack/plugin/{sql/src/main/java/org/elasticsearch/xpack/sql => ql/src/main/java/org/elasticsearch/xpack/ql}/querydsl/container/ScriptSort.java (95%) rename x-pack/plugin/{sql/src/main/java/org/elasticsearch/xpack/sql => ql/src/main/java/org/elasticsearch/xpack/ql}/querydsl/container/Sort.java (96%) diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/eql/EqlSearchRequest.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/eql/EqlSearchRequest.java index 9bca610194b..1e6bfafee0c 100644 --- a/client/rest-high-level/src/main/java/org/elasticsearch/client/eql/EqlSearchRequest.java +++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/eql/EqlSearchRequest.java @@ -37,7 +37,7 @@ public class EqlSearchRequest implements Validatable, ToXContentObject { private IndicesOptions indicesOptions = IndicesOptions.fromOptions(false, false, true, false); private QueryBuilder filter = null; - private String timestampField = "@timestamp"; + private String timestampField = "timestamp"; private String eventTypeField = "event_type"; private String implicitJoinKeyField = "agent.id"; private int fetchSize = 50; diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/EqlIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/EqlIT.java index 9a472e13842..9b5206e6920 100644 --- a/client/rest-high-level/src/test/java/org/elasticsearch/client/EqlIT.java +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/EqlIT.java @@ -79,6 +79,7 @@ public class EqlIT extends ESRestHighLevelClientTestCase { sb.append(","); } sb.append("\"event_type\": \"process\","); + sb.append("\"timestamp\": \"2020-02-03T12:34:56Z\","); sb.append("\"serial_event_id\": 1"); sb.append("}"); doc1.setJsonEntity(sb.toString()); diff --git a/docs/reference/eql/search.asciidoc b/docs/reference/eql/search.asciidoc index 6a9d6c8631d..2150736e58b 100644 --- a/docs/reference/eql/search.asciidoc +++ b/docs/reference/eql/search.asciidoc @@ -36,6 +36,7 @@ specified in the `query` parameter. The EQL query matches events with an GET sec_logs/_eql/search { "event_type_field": "event.category", + "timestamp_field": "@timestamp", "query": """ process where process.name == "cmd.exe" """ @@ -62,7 +63,7 @@ The API returns the following response containing the matching event: "_index": "sec_logs", "_type": "_doc", "_id": "1", - "_score": 0.9400072, + "_score": null, "_source": { "@timestamp": "2020-12-07T11:06:07.000Z", "agent": { @@ -75,7 +76,8 @@ The API returns the following response containing the matching event: "name": "cmd.exe", "path": "C:\\Windows\\System32\\cmd.exe" } - } + }, + "sort" : [1607339167000] } ] } @@ -99,6 +101,7 @@ field. GET sec_logs/_eql/search { "event_type_field": "file.type", + "timestamp_field": "@timestamp", "query": """ file where agent.id == "8a4f500d" """ @@ -146,6 +149,7 @@ filtered documents. GET sec_logs/_eql/search { "event_type_field": "event.category", + "timestamp_field": "@timestamp", "filter": { "range" : { "file.size" : { diff --git a/x-pack/plugin/eql/qa/rest/src/test/resources/rest-api-spec/test/eql/10_basic.yml b/x-pack/plugin/eql/qa/rest/src/test/resources/rest-api-spec/test/eql/10_basic.yml index d4ef1aef83e..af82017faa8 100644 --- a/x-pack/plugin/eql/qa/rest/src/test/resources/rest-api-spec/test/eql/10_basic.yml +++ b/x-pack/plugin/eql/qa/rest/src/test/resources/rest-api-spec/test/eql/10_basic.yml @@ -8,6 +8,7 @@ setup: _index: eql_test _id: 1 - event_type: process + timestamp: 2020-02-03T12:34:56Z user: SYSTEM --- diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/action/RequestDefaults.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/action/RequestDefaults.java index f89b78cb7f3..a78f1753eb7 100644 --- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/action/RequestDefaults.java +++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/action/RequestDefaults.java @@ -10,7 +10,7 @@ public final class RequestDefaults { private RequestDefaults() {} - public static final String FIELD_TIMESTAMP = "@timestamp"; + public static final String FIELD_TIMESTAMP = "timestamp"; public static final String FIELD_EVENT_TYPE = "event_type"; public static final String IMPLICIT_JOIN_KEY = "agent.id"; diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/execution/search/SourceGenerator.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/execution/search/SourceGenerator.java index aed49643452..9a1849d5c66 100644 --- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/execution/search/SourceGenerator.java +++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/execution/search/SourceGenerator.java @@ -7,21 +7,26 @@ package org.elasticsearch.xpack.eql.execution.search; import org.elasticsearch.index.query.QueryBuilder; import org.elasticsearch.search.builder.SearchSourceBuilder; -import org.elasticsearch.search.fetch.StoredFieldsContext; import org.elasticsearch.search.fetch.subphase.FetchSourceContext; +import org.elasticsearch.search.sort.FieldSortBuilder; +import org.elasticsearch.search.sort.NestedSortBuilder; +import org.elasticsearch.search.sort.ScriptSortBuilder.ScriptSortType; +import org.elasticsearch.search.sort.SortBuilder; import org.elasticsearch.xpack.eql.querydsl.container.QueryContainer; +import org.elasticsearch.xpack.ql.expression.Attribute; +import org.elasticsearch.xpack.ql.expression.FieldAttribute; +import org.elasticsearch.xpack.ql.querydsl.container.AttributeSort; +import org.elasticsearch.xpack.ql.querydsl.container.ScriptSort; +import org.elasticsearch.xpack.ql.querydsl.container.Sort; -import java.util.List; - -import static java.util.Collections.singletonList; import static org.elasticsearch.index.query.QueryBuilders.boolQuery; +import static org.elasticsearch.search.sort.SortBuilders.fieldSort; +import static org.elasticsearch.search.sort.SortBuilders.scriptSort; public abstract class SourceGenerator { private SourceGenerator() {} - private static final List NO_STORED_FIELD = singletonList(StoredFieldsContext._NONE_); - public static SearchSourceBuilder sourceBuilder(QueryContainer container, QueryBuilder filter, Integer size) { QueryBuilder finalQuery = null; // add the source @@ -38,8 +43,9 @@ public abstract class SourceGenerator { } final SearchSourceBuilder source = new SearchSourceBuilder(); - source.query(finalQuery); + source.query(finalQuery); + sorting(container, source); source.fetchSource(FetchSourceContext.FETCH_SOURCE); // set fetch size @@ -54,6 +60,60 @@ public abstract class SourceGenerator { return source; } + private static void sorting(QueryContainer container, SearchSourceBuilder source) { + for (Sort sortable : container.sort().values()) { + SortBuilder sortBuilder = null; + + if (sortable instanceof AttributeSort) { + AttributeSort as = (AttributeSort) sortable; + Attribute attr = as.attribute(); + + // sorting only works on not-analyzed fields - look for a multi-field replacement + if (attr instanceof FieldAttribute) { + FieldAttribute fa = ((FieldAttribute) attr).exactAttribute(); + + sortBuilder = fieldSort(fa.name()) + .missing(as.missing().position()) + .unmappedType(fa.dataType().esType()); + + if (fa.isNested()) { + FieldSortBuilder fieldSort = fieldSort(fa.name()) + .missing(as.missing().position()) + .unmappedType(fa.dataType().esType()); + + NestedSortBuilder newSort = new NestedSortBuilder(fa.nestedParent().name()); + NestedSortBuilder nestedSort = fieldSort.getNestedSort(); + + if (nestedSort == null) { + fieldSort.setNestedSort(newSort); + } else { + while (nestedSort.getNestedSort() != null) { + nestedSort = nestedSort.getNestedSort(); + } + nestedSort.setNestedSort(newSort); + } + + nestedSort = newSort; + + if (container.query() != null) { + container.query().enrichNestedSort(nestedSort); + } + sortBuilder = fieldSort; + } + } + } else if (sortable instanceof ScriptSort) { + ScriptSort ss = (ScriptSort) sortable; + sortBuilder = scriptSort(ss.script().toPainless(), + ss.script().outputType().isNumeric() ? ScriptSortType.NUMBER : ScriptSortType.STRING); + } + + if (sortBuilder != null) { + sortBuilder.order(sortable.direction().asOrder()); + source.sort(sortBuilder); + } + } + } + private static void optimize(QueryContainer query, SearchSourceBuilder builder) { if (query.shouldTrackHits()) { builder.trackTotalHits(true); diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/LogicalPlanBuilder.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/LogicalPlanBuilder.java index 71817528262..d35b275f02b 100644 --- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/LogicalPlanBuilder.java +++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/LogicalPlanBuilder.java @@ -7,15 +7,19 @@ package org.elasticsearch.xpack.eql.parser; import org.elasticsearch.xpack.ql.expression.Expression; import org.elasticsearch.xpack.ql.expression.Literal; +import org.elasticsearch.xpack.ql.expression.Order; import org.elasticsearch.xpack.ql.expression.UnresolvedAttribute; import org.elasticsearch.xpack.ql.expression.predicate.logical.And; import org.elasticsearch.xpack.ql.expression.predicate.operator.comparison.Equals; import org.elasticsearch.xpack.ql.plan.logical.Filter; import org.elasticsearch.xpack.ql.plan.logical.LogicalPlan; +import org.elasticsearch.xpack.ql.plan.logical.OrderBy; import org.elasticsearch.xpack.ql.plan.logical.UnresolvedRelation; import org.elasticsearch.xpack.ql.tree.Source; import org.elasticsearch.xpack.ql.type.DataTypes; +import static java.util.Collections.singletonList; + public abstract class LogicalPlanBuilder extends ExpressionBuilder { private final ParserParams params; @@ -40,6 +44,11 @@ public abstract class LogicalPlanBuilder extends ExpressionBuilder { condition = new And(source, eventMatch, condition); } - return new Filter(source(ctx), new UnresolvedRelation(Source.EMPTY, null, "", false, ""), condition); + Filter filter = new Filter(source, new UnresolvedRelation(Source.EMPTY, null, "", false, ""), condition); + // add implicit sorting - when pipes are added, this would better seat there (as a default pipe) + Order order = new Order(source, new UnresolvedAttribute(source, params.fieldTimestamp()), Order.OrderDirection.ASC, + Order.NullsPosition.FIRST); + OrderBy orderBy = new OrderBy(source, filter, singletonList(order)); + return orderBy; } } diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/planner/QueryFolder.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/planner/QueryFolder.java index 594fc62cf90..0543b3ffd67 100644 --- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/planner/QueryFolder.java +++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/planner/QueryFolder.java @@ -6,12 +6,21 @@ package org.elasticsearch.xpack.eql.planner; +import org.elasticsearch.xpack.eql.EqlIllegalArgumentException; import org.elasticsearch.xpack.eql.plan.physical.EsQueryExec; import org.elasticsearch.xpack.eql.plan.physical.FilterExec; +import org.elasticsearch.xpack.eql.plan.physical.OrderExec; import org.elasticsearch.xpack.eql.plan.physical.PhysicalPlan; import org.elasticsearch.xpack.eql.querydsl.container.QueryContainer; import org.elasticsearch.xpack.ql.expression.Attribute; +import org.elasticsearch.xpack.ql.expression.Expression; +import org.elasticsearch.xpack.ql.expression.Expressions; +import org.elasticsearch.xpack.ql.expression.FieldAttribute; +import org.elasticsearch.xpack.ql.expression.Order; import org.elasticsearch.xpack.ql.planner.ExpressionTranslators; +import org.elasticsearch.xpack.ql.querydsl.container.AttributeSort; +import org.elasticsearch.xpack.ql.querydsl.container.Sort.Direction; +import org.elasticsearch.xpack.ql.querydsl.container.Sort.Missing; import org.elasticsearch.xpack.ql.querydsl.query.Query; import org.elasticsearch.xpack.ql.rule.Rule; import org.elasticsearch.xpack.ql.rule.RuleExecutor; @@ -27,7 +36,7 @@ class QueryFolder extends RuleExecutor { @Override protected Iterable.Batch> batches() { Batch fold = new Batch("Fold queries", - new FoldFilter() + new FoldFilter(), new FoldOrderBy() ); Batch finish = new Batch("Finish query", Limiter.ONCE, new PlanOutputToQueryRef() @@ -57,6 +66,38 @@ class QueryFolder extends RuleExecutor { } } + private static class FoldOrderBy extends FoldingRule { + @Override + protected PhysicalPlan rule(OrderExec plan) { + if (plan.child() instanceof EsQueryExec) { + EsQueryExec exec = (EsQueryExec) plan.child(); + QueryContainer qContainer = exec.queryContainer(); + + for (Order order : plan.order()) { + Direction direction = Direction.from(order.direction()); + Missing missing = Missing.from(order.nullsPosition()); + + // check whether sorting is on an group (and thus nested agg) or field + Expression orderExpression = order.child(); + + String lookup = Expressions.id(orderExpression); + + // field + if (orderExpression instanceof FieldAttribute) { + qContainer = qContainer.addSort(lookup, new AttributeSort((FieldAttribute) orderExpression, direction, missing)); + } + // unknown + else { + throw new EqlIllegalArgumentException("unsupported sorting expression {}", orderExpression); + } + } + + return exec.with(qContainer); + } + return plan; + } + } + private static class PlanOutputToQueryRef extends FoldingRule { @Override protected PhysicalPlan rule(EsQueryExec exec) { diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/querydsl/container/QueryContainer.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/querydsl/container/QueryContainer.java index afab13caada..cb33e41b016 100644 --- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/querydsl/container/QueryContainer.java +++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/querydsl/container/QueryContainer.java @@ -19,14 +19,18 @@ import org.elasticsearch.xpack.ql.expression.Expression; import org.elasticsearch.xpack.ql.expression.Expressions; import org.elasticsearch.xpack.ql.expression.FieldAttribute; import org.elasticsearch.xpack.ql.expression.gen.pipeline.ConstantInput; +import org.elasticsearch.xpack.ql.querydsl.container.Sort; import org.elasticsearch.xpack.ql.querydsl.query.Query; import org.elasticsearch.xpack.ql.type.DataTypes; import java.io.IOException; +import java.util.LinkedHashMap; import java.util.List; +import java.util.Map; import java.util.Objects; import static java.util.Collections.emptyList; +import static java.util.Collections.emptyMap; import static org.elasticsearch.xpack.ql.util.CollectionUtils.combine; public class QueryContainer { @@ -37,17 +41,19 @@ public class QueryContainer { // list of fields available in the output private final List> fields; + private final Map sort; private final boolean trackHits; private final boolean includeFrozen; public QueryContainer() { - this(null, emptyList(), AttributeMap.emptyAttributeMap(), false, false); + this(null, emptyList(), AttributeMap.emptyAttributeMap(), emptyMap(), false, false); } - private QueryContainer(Query query, List> fields, AttributeMap attributes, boolean trackHits, - boolean includeFrozen) { + private QueryContainer(Query query, List> fields, AttributeMap attributes, + Map sort, boolean trackHits, boolean includeFrozen) { this.query = query; this.fields = fields; + this.sort = sort; this.attributes = attributes; this.trackHits = trackHits; this.includeFrozen = includeFrozen; @@ -65,12 +71,16 @@ public class QueryContainer { return fields; } + public Map sort() { + return sort; + } + public boolean shouldTrackHits() { return trackHits; } public QueryContainer with(Query q) { - return new QueryContainer(q, fields, attributes, trackHits, includeFrozen); + return new QueryContainer(q, fields, attributes, sort, trackHits, includeFrozen); } public QueryContainer addColumn(Attribute attr) { @@ -98,6 +108,12 @@ public class QueryContainer { throw new EqlIllegalArgumentException("Unknown output attribute {}", attr); } + public QueryContainer addSort(String expressionId, Sort sortable) { + Map newSort = new LinkedHashMap<>(this.sort); + newSort.put(expressionId, sortable); + return new QueryContainer(query, fields, attributes, newSort, trackHits, includeFrozen); + } + // // reference methods // @@ -139,7 +155,7 @@ public class QueryContainer { } public QueryContainer addColumn(FieldExtraction ref, String id) { - return new QueryContainer(query, combine(fields, new Tuple<>(ref, id)), attributes, trackHits, includeFrozen); + return new QueryContainer(query, combine(fields, new Tuple<>(ref, id)), attributes, sort, trackHits, includeFrozen); } @Override diff --git a/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/parser/LogicalPlanTests.java b/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/parser/LogicalPlanTests.java index 4b909ab7bde..30bea723293 100644 --- a/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/parser/LogicalPlanTests.java +++ b/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/parser/LogicalPlanTests.java @@ -8,11 +8,18 @@ package org.elasticsearch.xpack.eql.parser; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.ql.expression.Expression; +import org.elasticsearch.xpack.ql.expression.Order; +import org.elasticsearch.xpack.ql.expression.Order.NullsPosition; +import org.elasticsearch.xpack.ql.expression.Order.OrderDirection; +import org.elasticsearch.xpack.ql.expression.UnresolvedAttribute; import org.elasticsearch.xpack.ql.plan.logical.Filter; import org.elasticsearch.xpack.ql.plan.logical.LogicalPlan; +import org.elasticsearch.xpack.ql.plan.logical.OrderBy; import org.elasticsearch.xpack.ql.plan.logical.UnresolvedRelation; import org.elasticsearch.xpack.ql.tree.Source; +import static java.util.Collections.singletonList; + public class LogicalPlanTests extends ESTestCase { private final EqlParser parser = new EqlParser(); @@ -25,7 +32,10 @@ public class LogicalPlanTests extends ESTestCase { LogicalPlan fullQuery = parser.createStatement("process where process_name == 'net.exe'"); Expression fullExpression = expr("event_type == 'process' and process_name == 'net.exe'"); - assertEquals(fullQuery, new Filter(Source.EMPTY, new UnresolvedRelation(Source.EMPTY, null, "", false, ""), fullExpression)); + LogicalPlan filter = new Filter(Source.EMPTY, new UnresolvedRelation(Source.EMPTY, null, "", false, ""), fullExpression); + Order order = new Order(Source.EMPTY, new UnresolvedAttribute(Source.EMPTY, "timestamp"), OrderDirection.ASC, NullsPosition.FIRST); + LogicalPlan expected = new OrderBy(Source.EMPTY, filter, singletonList(order)); + assertEquals(expected, fullQuery); } public void testParameterizedEventQuery() { @@ -33,7 +43,9 @@ public class LogicalPlanTests extends ESTestCase { LogicalPlan fullQuery = parser.createStatement("process where process_name == 'net.exe'", params); Expression fullExpression = expr("myCustomEvent == 'process' and process_name == 'net.exe'"); - assertEquals(fullQuery, new Filter(Source.EMPTY, new UnresolvedRelation(Source.EMPTY, null, "", false, ""), fullExpression)); + LogicalPlan filter = new Filter(Source.EMPTY, new UnresolvedRelation(Source.EMPTY, null, "", false, ""), fullExpression); + Order order = new Order(Source.EMPTY, new UnresolvedAttribute(Source.EMPTY, "timestamp"), OrderDirection.ASC, NullsPosition.FIRST); + LogicalPlan expected = new OrderBy(Source.EMPTY, filter, singletonList(order)); + assertEquals(expected, fullQuery); } - } diff --git a/x-pack/plugin/eql/src/test/resources/mapping-binary.json b/x-pack/plugin/eql/src/test/resources/mapping-binary.json index eae2014d56e..9d9d6117f9e 100644 --- a/x-pack/plugin/eql/src/test/resources/mapping-binary.json +++ b/x-pack/plugin/eql/src/test/resources/mapping-binary.json @@ -3,6 +3,9 @@ "event_type" : { "type" : "keyword" }, + "timestamp" : { + "type" : "date" + }, "blob" : { "type" : "binary" } diff --git a/x-pack/plugin/eql/src/test/resources/mapping-boolean.json b/x-pack/plugin/eql/src/test/resources/mapping-boolean.json index aa337964887..990419c178a 100644 --- a/x-pack/plugin/eql/src/test/resources/mapping-boolean.json +++ b/x-pack/plugin/eql/src/test/resources/mapping-boolean.json @@ -3,6 +3,9 @@ "event_type" : { "type" : "keyword" }, + "timestamp" : { + "type" : "date" + }, "boolean_field" : { "type" : "boolean" } diff --git a/x-pack/plugin/eql/src/test/resources/mapping-date.json b/x-pack/plugin/eql/src/test/resources/mapping-date.json index a1c1e0fb316..e3930dca7cd 100644 --- a/x-pack/plugin/eql/src/test/resources/mapping-date.json +++ b/x-pack/plugin/eql/src/test/resources/mapping-date.json @@ -3,6 +3,9 @@ "event_type" : { "type" : "keyword" }, + "timestamp" : { + "type" : "date" + }, "date" : { "type" : "date" }, diff --git a/x-pack/plugin/eql/src/test/resources/mapping-ip.json b/x-pack/plugin/eql/src/test/resources/mapping-ip.json index 3af26c4a306..0941028326d 100644 --- a/x-pack/plugin/eql/src/test/resources/mapping-ip.json +++ b/x-pack/plugin/eql/src/test/resources/mapping-ip.json @@ -3,6 +3,9 @@ "event_type" : { "type" : "keyword" }, + "timestamp" : { + "type" : "date" + }, "ip_addr" : { "type" : "ip" } diff --git a/x-pack/plugin/eql/src/test/resources/mapping-join.json b/x-pack/plugin/eql/src/test/resources/mapping-join.json index 700024490d3..2c81e6af305 100644 --- a/x-pack/plugin/eql/src/test/resources/mapping-join.json +++ b/x-pack/plugin/eql/src/test/resources/mapping-join.json @@ -3,6 +3,9 @@ "event_type" : { "type" : "keyword" }, + "timestamp" : { + "type" : "date" + }, "serial_event_id" : { "type" : "long" }, diff --git a/x-pack/plugin/eql/src/test/resources/mapping-multi-field.json b/x-pack/plugin/eql/src/test/resources/mapping-multi-field.json index 5222d8d12b1..6e712ed75b8 100644 --- a/x-pack/plugin/eql/src/test/resources/mapping-multi-field.json +++ b/x-pack/plugin/eql/src/test/resources/mapping-multi-field.json @@ -3,6 +3,9 @@ "event_type" : { "type" : "keyword" }, + "timestamp" : { + "type" : "date" + }, "multi_field" : { "type" : "text", "fields" : { diff --git a/x-pack/plugin/eql/src/test/resources/mapping-nested.json b/x-pack/plugin/eql/src/test/resources/mapping-nested.json index 8279a933158..5ac74947d52 100644 --- a/x-pack/plugin/eql/src/test/resources/mapping-nested.json +++ b/x-pack/plugin/eql/src/test/resources/mapping-nested.json @@ -3,6 +3,9 @@ "event_type" : { "type" : "keyword" }, + "timestamp" : { + "type" : "date" + }, "processes" : { "type" : "nested", "properties" : { diff --git a/x-pack/plugin/eql/src/test/resources/mapping-nodoc.json b/x-pack/plugin/eql/src/test/resources/mapping-nodoc.json index 2f4f53443ac..0fc322d0d53 100644 --- a/x-pack/plugin/eql/src/test/resources/mapping-nodoc.json +++ b/x-pack/plugin/eql/src/test/resources/mapping-nodoc.json @@ -3,6 +3,9 @@ "event_type" : { "type" : "keyword" }, + "timestamp" : { + "type" : "date" + }, "description_nodoc" : { "type" : "integer", "doc_values" : false diff --git a/x-pack/plugin/eql/src/test/resources/mapping-numeric.json b/x-pack/plugin/eql/src/test/resources/mapping-numeric.json index 4995378681d..376d3e2dfa0 100644 --- a/x-pack/plugin/eql/src/test/resources/mapping-numeric.json +++ b/x-pack/plugin/eql/src/test/resources/mapping-numeric.json @@ -3,6 +3,9 @@ "event_type" : { "type" : "keyword" }, + "timestamp" : { + "type" : "date" + }, "long_field" : { "type" : "long" }, diff --git a/x-pack/plugin/eql/src/test/resources/mapping-object.json b/x-pack/plugin/eql/src/test/resources/mapping-object.json index 93f001dd137..c1702646c86 100644 --- a/x-pack/plugin/eql/src/test/resources/mapping-object.json +++ b/x-pack/plugin/eql/src/test/resources/mapping-object.json @@ -3,6 +3,9 @@ "event_type" : { "type" : "keyword" }, + "timestamp" : { + "type" : "date" + }, "endgame" : { "properties" : { "pid" : { diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/AttributeSort.java b/x-pack/plugin/ql/src/main/java/org/elasticsearch/xpack/ql/querydsl/container/AttributeSort.java similarity index 95% rename from x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/AttributeSort.java rename to x-pack/plugin/ql/src/main/java/org/elasticsearch/xpack/ql/querydsl/container/AttributeSort.java index cb6a42745b5..51149e8e3b2 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/AttributeSort.java +++ b/x-pack/plugin/ql/src/main/java/org/elasticsearch/xpack/ql/querydsl/container/AttributeSort.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.sql.querydsl.container; +package org.elasticsearch.xpack.ql.querydsl.container; import org.elasticsearch.xpack.ql.expression.Attribute; diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/ScriptSort.java b/x-pack/plugin/ql/src/main/java/org/elasticsearch/xpack/ql/querydsl/container/ScriptSort.java similarity index 95% rename from x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/ScriptSort.java rename to x-pack/plugin/ql/src/main/java/org/elasticsearch/xpack/ql/querydsl/container/ScriptSort.java index 284b60f1c14..18df2959f72 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/ScriptSort.java +++ b/x-pack/plugin/ql/src/main/java/org/elasticsearch/xpack/ql/querydsl/container/ScriptSort.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.sql.querydsl.container; +package org.elasticsearch.xpack.ql.querydsl.container; import org.elasticsearch.xpack.ql.expression.gen.script.ScriptTemplate; import org.elasticsearch.xpack.ql.expression.gen.script.Scripts; diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/Sort.java b/x-pack/plugin/ql/src/main/java/org/elasticsearch/xpack/ql/querydsl/container/Sort.java similarity index 96% rename from x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/Sort.java rename to x-pack/plugin/ql/src/main/java/org/elasticsearch/xpack/ql/querydsl/container/Sort.java index c37677cb74f..08dfadbb654 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/Sort.java +++ b/x-pack/plugin/ql/src/main/java/org/elasticsearch/xpack/ql/querydsl/container/Sort.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.xpack.sql.querydsl.container; +package org.elasticsearch.xpack.ql.querydsl.container; import org.elasticsearch.search.sort.SortOrder; import org.elasticsearch.xpack.ql.expression.Order.NullsPosition; diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/execution/search/SourceGenerator.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/execution/search/SourceGenerator.java index 4fb4684e640..55df28b9f09 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/execution/search/SourceGenerator.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/execution/search/SourceGenerator.java @@ -18,11 +18,11 @@ import org.elasticsearch.search.sort.SortBuilder; import org.elasticsearch.xpack.ql.execution.search.QlSourceBuilder; import org.elasticsearch.xpack.ql.expression.Attribute; import org.elasticsearch.xpack.ql.expression.FieldAttribute; -import org.elasticsearch.xpack.sql.querydsl.container.AttributeSort; +import org.elasticsearch.xpack.ql.querydsl.container.AttributeSort; +import org.elasticsearch.xpack.ql.querydsl.container.ScriptSort; +import org.elasticsearch.xpack.ql.querydsl.container.Sort; import org.elasticsearch.xpack.sql.querydsl.container.QueryContainer; import org.elasticsearch.xpack.sql.querydsl.container.ScoreSort; -import org.elasticsearch.xpack.sql.querydsl.container.ScriptSort; -import org.elasticsearch.xpack.sql.querydsl.container.Sort; import java.util.List; diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/planner/QueryFolder.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/planner/QueryFolder.java index e4edf467409..43414014863 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/planner/QueryFolder.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/planner/QueryFolder.java @@ -32,6 +32,10 @@ import org.elasticsearch.xpack.ql.expression.gen.pipeline.UnaryPipe; import org.elasticsearch.xpack.ql.expression.gen.processor.Processor; import org.elasticsearch.xpack.ql.expression.gen.script.ScriptTemplate; import org.elasticsearch.xpack.ql.planner.ExpressionTranslators; +import org.elasticsearch.xpack.ql.querydsl.container.AttributeSort; +import org.elasticsearch.xpack.ql.querydsl.container.ScriptSort; +import org.elasticsearch.xpack.ql.querydsl.container.Sort.Direction; +import org.elasticsearch.xpack.ql.querydsl.container.Sort.Missing; import org.elasticsearch.xpack.ql.querydsl.query.Query; import org.elasticsearch.xpack.ql.rule.Rule; import org.elasticsearch.xpack.ql.rule.RuleExecutor; @@ -64,7 +68,6 @@ import org.elasticsearch.xpack.sql.querydsl.agg.GroupByNumericHistogram; import org.elasticsearch.xpack.sql.querydsl.agg.GroupByValue; import org.elasticsearch.xpack.sql.querydsl.agg.LeafAgg; import org.elasticsearch.xpack.sql.querydsl.container.AggregateSort; -import org.elasticsearch.xpack.sql.querydsl.container.AttributeSort; import org.elasticsearch.xpack.sql.querydsl.container.ComputedRef; import org.elasticsearch.xpack.sql.querydsl.container.GlobalCountRef; import org.elasticsearch.xpack.sql.querydsl.container.GroupByRef; @@ -74,9 +77,6 @@ import org.elasticsearch.xpack.sql.querydsl.container.MetricAggRef; import org.elasticsearch.xpack.sql.querydsl.container.PivotColumnRef; import org.elasticsearch.xpack.sql.querydsl.container.QueryContainer; import org.elasticsearch.xpack.sql.querydsl.container.ScoreSort; -import org.elasticsearch.xpack.sql.querydsl.container.ScriptSort; -import org.elasticsearch.xpack.sql.querydsl.container.Sort.Direction; -import org.elasticsearch.xpack.sql.querydsl.container.Sort.Missing; import org.elasticsearch.xpack.sql.querydsl.container.TopHitsAggRef; import org.elasticsearch.xpack.sql.session.EmptyExecutable; import org.elasticsearch.xpack.sql.type.SqlDataTypeConverter; diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/Aggs.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/Aggs.java index eb859650078..573aa320a48 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/Aggs.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/Aggs.java @@ -10,9 +10,9 @@ import org.elasticsearch.search.aggregations.bucket.composite.CompositeAggregati import org.elasticsearch.search.aggregations.bucket.composite.CompositeValuesSourceBuilder; import org.elasticsearch.search.aggregations.bucket.filter.FiltersAggregationBuilder; import org.elasticsearch.xpack.ql.expression.gen.script.ScriptTemplate; +import org.elasticsearch.xpack.ql.querydsl.container.Sort.Direction; import org.elasticsearch.xpack.ql.util.StringUtils; import org.elasticsearch.xpack.sql.SqlIllegalArgumentException; -import org.elasticsearch.xpack.sql.querydsl.container.Sort.Direction; import java.util.ArrayList; import java.util.Collection; diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByDateHistogram.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByDateHistogram.java index 31e72770675..06488a80b59 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByDateHistogram.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByDateHistogram.java @@ -9,8 +9,8 @@ import org.elasticsearch.search.aggregations.bucket.composite.CompositeValuesSou import org.elasticsearch.search.aggregations.bucket.composite.DateHistogramValuesSourceBuilder; import org.elasticsearch.search.aggregations.bucket.histogram.DateHistogramInterval; import org.elasticsearch.xpack.ql.expression.gen.script.ScriptTemplate; +import org.elasticsearch.xpack.ql.querydsl.container.Sort.Direction; import org.elasticsearch.xpack.sql.SqlIllegalArgumentException; -import org.elasticsearch.xpack.sql.querydsl.container.Sort.Direction; import java.time.ZoneId; import java.util.Objects; diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByKey.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByKey.java index 69f6eea3acc..0e2a9f94628 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByKey.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByKey.java @@ -8,8 +8,8 @@ package org.elasticsearch.xpack.sql.querydsl.agg; import org.elasticsearch.search.aggregations.bucket.composite.CompositeValuesSourceBuilder; import org.elasticsearch.search.aggregations.support.ValueType; import org.elasticsearch.xpack.ql.expression.gen.script.ScriptTemplate; +import org.elasticsearch.xpack.ql.querydsl.container.Sort.Direction; import org.elasticsearch.xpack.ql.type.DataTypes; -import org.elasticsearch.xpack.sql.querydsl.container.Sort.Direction; import java.util.Objects; diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByNumericHistogram.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByNumericHistogram.java index e8b9a262da5..7718e700c05 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByNumericHistogram.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByNumericHistogram.java @@ -8,7 +8,7 @@ package org.elasticsearch.xpack.sql.querydsl.agg; import org.elasticsearch.search.aggregations.bucket.composite.CompositeValuesSourceBuilder; import org.elasticsearch.search.aggregations.bucket.composite.HistogramValuesSourceBuilder; import org.elasticsearch.xpack.ql.expression.gen.script.ScriptTemplate; -import org.elasticsearch.xpack.sql.querydsl.container.Sort.Direction; +import org.elasticsearch.xpack.ql.querydsl.container.Sort.Direction; import java.util.Objects; diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByValue.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByValue.java index 7612fa1d2cc..22700eeb6c0 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByValue.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/GroupByValue.java @@ -8,7 +8,7 @@ package org.elasticsearch.xpack.sql.querydsl.agg; import org.elasticsearch.search.aggregations.bucket.composite.CompositeValuesSourceBuilder; import org.elasticsearch.search.aggregations.bucket.composite.TermsValuesSourceBuilder; import org.elasticsearch.xpack.ql.expression.gen.script.ScriptTemplate; -import org.elasticsearch.xpack.sql.querydsl.container.Sort.Direction; +import org.elasticsearch.xpack.ql.querydsl.container.Sort.Direction; /** * GROUP BY key for fields or scripts. diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/TopHitsAgg.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/TopHitsAgg.java index 7131e5f8a0d..ace98059503 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/TopHitsAgg.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/agg/TopHitsAgg.java @@ -17,7 +17,7 @@ import java.util.List; import java.util.Objects; import static org.elasticsearch.search.aggregations.AggregationBuilders.topHits; -import static org.elasticsearch.xpack.sql.querydsl.container.Sort.Missing.LAST; +import static org.elasticsearch.xpack.ql.querydsl.container.Sort.Missing.LAST; public class TopHitsAgg extends LeafAgg { diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/AggregateSort.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/AggregateSort.java index 50eb7efb4b1..e5d0fc2e697 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/AggregateSort.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/AggregateSort.java @@ -7,6 +7,7 @@ package org.elasticsearch.xpack.sql.querydsl.container; import org.elasticsearch.xpack.ql.expression.function.aggregate.AggregateFunction; +import org.elasticsearch.xpack.ql.querydsl.container.Sort; import java.util.Objects; diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/GroupingFunctionSort.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/GroupingFunctionSort.java index f32c3548d03..4f5e063a274 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/GroupingFunctionSort.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/GroupingFunctionSort.java @@ -5,6 +5,8 @@ */ package org.elasticsearch.xpack.sql.querydsl.container; +import org.elasticsearch.xpack.ql.querydsl.container.Sort; + import java.util.Objects; public class GroupingFunctionSort extends Sort { diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/QueryContainer.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/QueryContainer.java index cc79dbe95d2..a2761db533f 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/QueryContainer.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/QueryContainer.java @@ -20,6 +20,7 @@ import org.elasticsearch.xpack.ql.expression.FieldAttribute; import org.elasticsearch.xpack.ql.expression.function.scalar.ScalarFunction; import org.elasticsearch.xpack.ql.expression.gen.pipeline.ConstantInput; import org.elasticsearch.xpack.ql.expression.gen.pipeline.Pipe; +import org.elasticsearch.xpack.ql.querydsl.container.Sort; import org.elasticsearch.xpack.ql.querydsl.query.BoolQuery; import org.elasticsearch.xpack.ql.querydsl.query.MatchAll; import org.elasticsearch.xpack.ql.querydsl.query.NestedQuery; diff --git a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/ScoreSort.java b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/ScoreSort.java index 21b4621d0d4..19042e4e1f4 100644 --- a/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/ScoreSort.java +++ b/x-pack/plugin/sql/src/main/java/org/elasticsearch/xpack/sql/querydsl/container/ScoreSort.java @@ -5,6 +5,9 @@ */ package org.elasticsearch.xpack.sql.querydsl.container; +import org.elasticsearch.xpack.ql.querydsl.container.ScriptSort; +import org.elasticsearch.xpack.ql.querydsl.container.Sort; + import java.util.Objects; public class ScoreSort extends Sort { diff --git a/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/execution/search/SourceGeneratorTests.java b/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/execution/search/SourceGeneratorTests.java index 2c2052264a9..1b3aff899df 100644 --- a/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/execution/search/SourceGeneratorTests.java +++ b/x-pack/plugin/sql/src/test/java/org/elasticsearch/xpack/sql/execution/search/SourceGeneratorTests.java @@ -19,17 +19,17 @@ import org.elasticsearch.xpack.ql.expression.AttributeMap; import org.elasticsearch.xpack.ql.expression.Expression; import org.elasticsearch.xpack.ql.expression.FieldAttribute; import org.elasticsearch.xpack.ql.expression.ReferenceAttribute; +import org.elasticsearch.xpack.ql.querydsl.container.AttributeSort; +import org.elasticsearch.xpack.ql.querydsl.container.Sort.Direction; +import org.elasticsearch.xpack.ql.querydsl.container.Sort.Missing; import org.elasticsearch.xpack.ql.querydsl.query.MatchQuery; import org.elasticsearch.xpack.ql.tree.Source; import org.elasticsearch.xpack.ql.type.KeywordEsField; import org.elasticsearch.xpack.sql.expression.function.Score; import org.elasticsearch.xpack.sql.querydsl.agg.AvgAgg; import org.elasticsearch.xpack.sql.querydsl.agg.GroupByValue; -import org.elasticsearch.xpack.sql.querydsl.container.AttributeSort; import org.elasticsearch.xpack.sql.querydsl.container.QueryContainer; import org.elasticsearch.xpack.sql.querydsl.container.ScoreSort; -import org.elasticsearch.xpack.sql.querydsl.container.Sort.Direction; -import org.elasticsearch.xpack.sql.querydsl.container.Sort.Missing; import java.util.LinkedHashMap; import java.util.Map;