* PIT should run well with data streams (cherry picked from commit 0a89a7db848b015b797c7678874b5c9e33bbd650)
This commit is contained in:
parent
e28750b001
commit
a43f29cfc9
|
@ -92,6 +92,11 @@ public final class OpenPointInTimeRequest extends ActionRequest implements Indic
|
||||||
return indicesOptions;
|
return indicesOptions;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean includeDataStreams() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
public TimeValue keepAlive() {
|
public TimeValue keepAlive() {
|
||||||
return keepAlive;
|
return keepAlive;
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@ apply plugin: 'elasticsearch.yaml-rest-test'
|
||||||
restResources {
|
restResources {
|
||||||
restApi {
|
restApi {
|
||||||
includeCore 'bulk', 'count', 'search', '_common', 'indices', 'index', 'cluster', 'rank_eval', 'reindex', 'update_by_query', 'delete_by_query'
|
includeCore 'bulk', 'count', 'search', '_common', 'indices', 'index', 'cluster', 'rank_eval', 'reindex', 'update_by_query', 'delete_by_query'
|
||||||
includeXpack 'eql', 'indices', 'data_stream', 'migration', 'async_search', 'searchable_snapshots', 'rollup', 'graph', 'ilm'
|
includeXpack 'eql', 'indices', 'data_stream', 'migration', 'async_search', 'searchable_snapshots', 'rollup', 'graph', 'ilm', 'open_point_in_time', 'close_point_in_time'
|
||||||
}
|
}
|
||||||
restTests {
|
restTests {
|
||||||
includeXpack 'data_stream'
|
includeXpack 'data_stream'
|
||||||
|
|
|
@ -476,7 +476,7 @@
|
||||||
- is_true: acknowledged
|
- is_true: acknowledged
|
||||||
|
|
||||||
---
|
---
|
||||||
"Verify data stream resolvability in EQL search API":
|
"Verify data stream resolvability in EQL search API with no sequences":
|
||||||
- skip:
|
- skip:
|
||||||
version: " - 7.9.1"
|
version: " - 7.9.1"
|
||||||
reason: "EQL data stream resolution only properly works from 7.9.2"
|
reason: "EQL data stream resolution only properly works from 7.9.2"
|
||||||
|
@ -538,3 +538,190 @@
|
||||||
indices.delete_data_stream:
|
indices.delete_data_stream:
|
||||||
name: simple-data-stream1
|
name: simple-data-stream1
|
||||||
- is_true: acknowledged
|
- is_true: acknowledged
|
||||||
|
|
||||||
|
---
|
||||||
|
"Verify data stream resolvability in EQL search API with sequences":
|
||||||
|
- skip:
|
||||||
|
version: " - 7.9.99"
|
||||||
|
reason: "EQL data stream resolution with queries using sequences only properly works from 7.10.0 (when point-in-time is introduced)"
|
||||||
|
features: allowed_warnings
|
||||||
|
|
||||||
|
- do:
|
||||||
|
allowed_warnings:
|
||||||
|
- "index template [my-template1] has index patterns [simple-data-stream1] matching patterns from existing older templates [global] with patterns (global => [*]); this template [my-template1] will take precedence during new index creation"
|
||||||
|
indices.put_index_template:
|
||||||
|
name: my-template1
|
||||||
|
body:
|
||||||
|
index_patterns: [simple-data-stream1]
|
||||||
|
template:
|
||||||
|
mappings:
|
||||||
|
properties:
|
||||||
|
'@timestamp':
|
||||||
|
type: date
|
||||||
|
data_stream: {}
|
||||||
|
|
||||||
|
- do:
|
||||||
|
indices.create_data_stream:
|
||||||
|
name: simple-data-stream1
|
||||||
|
|
||||||
|
- do:
|
||||||
|
bulk:
|
||||||
|
refresh: true
|
||||||
|
body:
|
||||||
|
- '{"create":{"_index":"simple-data-stream1","_id": "1"}}'
|
||||||
|
- '{"@timestamp":"2020-02-03T12:34:56Z","event":{"category":"process"},"user":"SYSTEM"}'
|
||||||
|
- '{"create":{"_index":"simple-data-stream1", "_id": "2"}}'
|
||||||
|
- '{"@timestamp":"2020-02-03T12:35:00Z","event":{"category":"file"},"user":"SYSTEM","file":{"name":"sample.exe"}}'
|
||||||
|
|
||||||
|
- do:
|
||||||
|
eql.search:
|
||||||
|
index: simple-data-stream1
|
||||||
|
body:
|
||||||
|
query: 'sequence by user [process where user == "SYSTEM"] [file where file.name == "sample.exe"]'
|
||||||
|
|
||||||
|
- match: {timed_out: false}
|
||||||
|
- match: {hits.total.value: 1}
|
||||||
|
- match: {hits.total.relation: "eq"}
|
||||||
|
- match: {hits.sequences.0.join_keys.0: "SYSTEM"}
|
||||||
|
- match: {hits.sequences.0.events.0._id: "1"}
|
||||||
|
- match: {hits.sequences.0.events.1._id: "2"}
|
||||||
|
|
||||||
|
- do:
|
||||||
|
eql.search:
|
||||||
|
index: simple-data-s*
|
||||||
|
body:
|
||||||
|
query: 'sequence by user [process where user == "SYSTEM"] [file where file.name == "sample.exe"]'
|
||||||
|
|
||||||
|
- match: {timed_out: false}
|
||||||
|
- match: {hits.total.value: 1}
|
||||||
|
- match: {hits.total.relation: "eq"}
|
||||||
|
- match: {hits.sequences.0.join_keys.0: "SYSTEM"}
|
||||||
|
- match: {hits.sequences.0.events.0._id: "1"}
|
||||||
|
- match: {hits.sequences.0.events.1._id: "2"}
|
||||||
|
|
||||||
|
- do:
|
||||||
|
indices.delete_data_stream:
|
||||||
|
name: simple-data-stream1
|
||||||
|
- is_true: acknowledged
|
||||||
|
|
||||||
|
---
|
||||||
|
"Verify data stream resolvability in PIT searches":
|
||||||
|
- skip:
|
||||||
|
version: " - 7.9.99"
|
||||||
|
reason: "Point-In-Time was introduced in 7.10.0"
|
||||||
|
features: allowed_warnings
|
||||||
|
|
||||||
|
- do:
|
||||||
|
allowed_warnings:
|
||||||
|
- "index template [my-template1] has index patterns [simple-data-stream1] matching patterns from existing older templates [global] with patterns (global => [*]); this template [my-template1] will take precedence during new index creation"
|
||||||
|
indices.put_index_template:
|
||||||
|
name: my-template1
|
||||||
|
body:
|
||||||
|
index_patterns: [simple-data-stream1]
|
||||||
|
template:
|
||||||
|
mappings:
|
||||||
|
properties:
|
||||||
|
'@timestamp':
|
||||||
|
type: date
|
||||||
|
data_stream: {}
|
||||||
|
|
||||||
|
- do:
|
||||||
|
indices.create_data_stream:
|
||||||
|
name: simple-data-stream1
|
||||||
|
|
||||||
|
- do:
|
||||||
|
bulk:
|
||||||
|
refresh: true
|
||||||
|
body:
|
||||||
|
- '{"create":{"_index":"simple-data-stream1","_id": "1"}}'
|
||||||
|
- '{"id": 1, "foo": "bar", "age": 18, "@timestamp":"2020-02-03T12:34:56Z"}'
|
||||||
|
- '{"create":{"_index":"simple-data-stream1", "_id": "5"}}'
|
||||||
|
- '{"id": 5, "foo": "bar", "age": 18, "@timestamp":"2020-02-04T12:34:56Z"}'
|
||||||
|
- '{"create":{"_index":"simple-data-stream1", "_id": "123"}}'
|
||||||
|
- '{"id": 123, "foo": "bar", "age": 22, "@timestamp":"2020-02-05T12:34:56Z"}'
|
||||||
|
|
||||||
|
- do:
|
||||||
|
open_point_in_time:
|
||||||
|
index: simple-data-s*
|
||||||
|
keep_alive: 5m
|
||||||
|
- set: {id: point_in_time_id}
|
||||||
|
|
||||||
|
- do:
|
||||||
|
search:
|
||||||
|
rest_total_hits_as_int: true
|
||||||
|
body:
|
||||||
|
size: 1
|
||||||
|
query:
|
||||||
|
match:
|
||||||
|
foo: bar
|
||||||
|
sort: [{ age: desc }, { id: desc }]
|
||||||
|
pit:
|
||||||
|
id: "$point_in_time_id"
|
||||||
|
keep_alive: 1m
|
||||||
|
|
||||||
|
- match: {hits.total: 3 }
|
||||||
|
- length: {hits.hits: 1 }
|
||||||
|
- match: {hits.hits.0._index: .ds-simple-data-stream1-000001 }
|
||||||
|
- match: {hits.hits.0._id: "123" }
|
||||||
|
- match: {hits.hits.0.sort: [22, 123] }
|
||||||
|
|
||||||
|
- do:
|
||||||
|
search:
|
||||||
|
rest_total_hits_as_int: true
|
||||||
|
body:
|
||||||
|
size: 1
|
||||||
|
query:
|
||||||
|
match:
|
||||||
|
foo: bar
|
||||||
|
sort: [ { age: desc }, { id: desc } ]
|
||||||
|
search_after: [22, 123]
|
||||||
|
pit:
|
||||||
|
id: "$point_in_time_id"
|
||||||
|
|
||||||
|
- match: {hits.total: 3}
|
||||||
|
- length: {hits.hits: 1 }
|
||||||
|
- match: {hits.hits.0._index: .ds-simple-data-stream1-000001 }
|
||||||
|
- match: {hits.hits.0._id: "5" }
|
||||||
|
- match: {hits.hits.0.sort: [18, 5] }
|
||||||
|
|
||||||
|
- do:
|
||||||
|
search:
|
||||||
|
rest_total_hits_as_int: true
|
||||||
|
body:
|
||||||
|
size: 1
|
||||||
|
query:
|
||||||
|
match:
|
||||||
|
foo: bar
|
||||||
|
sort: [{ age: desc }, { id: desc } ]
|
||||||
|
search_after: [18, 5]
|
||||||
|
pit:
|
||||||
|
id: "$point_in_time_id"
|
||||||
|
keep_alive: 1m
|
||||||
|
|
||||||
|
- match: {hits.total: 3}
|
||||||
|
- length: {hits.hits: 1 }
|
||||||
|
- match: {hits.hits.0._index: .ds-simple-data-stream1-000001 }
|
||||||
|
- match: {hits.hits.0._id: "1" }
|
||||||
|
- match: {hits.hits.0.sort: [18, 1] }
|
||||||
|
|
||||||
|
- do:
|
||||||
|
search:
|
||||||
|
rest_total_hits_as_int: true
|
||||||
|
body:
|
||||||
|
size: 1
|
||||||
|
query:
|
||||||
|
match:
|
||||||
|
foo: bar
|
||||||
|
sort: [{ age: desc }, { id: desc } ]
|
||||||
|
search_after: [18, 1]
|
||||||
|
pit:
|
||||||
|
id: "$point_in_time_id"
|
||||||
|
keep_alive: 1m
|
||||||
|
|
||||||
|
- match: {hits.total: 3}
|
||||||
|
- length: {hits.hits: 0 }
|
||||||
|
|
||||||
|
- do:
|
||||||
|
close_point_in_time:
|
||||||
|
body:
|
||||||
|
id: "$point_in_time_id"
|
||||||
|
|
Loading…
Reference in New Issue