honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove search_after and implicit_join_key_field (#59232) (#59280) 

(cherry picked from commit 6ede6c59eff321b9fedad30e19508b9e4f788b54)
This commit is contained in:
Andrei Stefan 2020-07-09 12:34:01 +03:00 committed by GitHub
parent acfff7b896
commit c0e0bca84c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 1 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
client/rest-high-level/src/main/java/org/elasticsearch/client/eql/EqlSearchRequest.java
View File

@ -26,7 +26,6 @@ import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.ToXContentObject;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.index.query.QueryBuilder;
import org.elasticsearch.search.searchafter.SearchAfterBuilder;
import java.io.IOException;
import java.util.Arrays;
@ -40,12 +39,10 @@ public class EqlSearchRequest implements Validatable, ToXContentObject {
private QueryBuilder filter = null;
private String timestampField = "@timestamp";
private String eventCategoryField = "event.category";
private String implicitJoinKeyField = "agent.id";
private boolean isCaseSensitive = true;
private int size = 10;
private int fetchSize = 1000;
private SearchAfterBuilder searchAfterBuilder;
private String query;
private String tiebreakerField;
@ -58,11 +55,9 @@ public class EqlSearchRequest implements Validatable, ToXContentObject {
static final String KEY_TIMESTAMP_FIELD = "timestamp_field";
static final String KEY_TIEBREAKER_FIELD = "tiebreaker_field";
static final String KEY_EVENT_CATEGORY_FIELD = "event_category_field";
static final String KEY_IMPLICIT_JOIN_KEY_FIELD = "implicit_join_key_field";
static final String KEY_CASE_SENSITIVE = "case_sensitive";
static final String KEY_SIZE = "size";
static final String KEY_FETCH_SIZE = "fetch_size";
static final String KEY_SEARCH_AFTER = "search_after";
static final String KEY_QUERY = "query";
static final String KEY_WAIT_FOR_COMPLETION_TIMEOUT = "wait_for_completion_timeout";
static final String KEY_KEEP_ALIVE = "keep_alive";
@ -84,16 +79,8 @@ public class EqlSearchRequest implements Validatable, ToXContentObject {
builder.field(KEY_TIEBREAKER_FIELD, tiebreakerField());
}
builder.field(KEY_EVENT_CATEGORY_FIELD, eventCategoryField());
if (implicitJoinKeyField != null) {
builder.field(KEY_IMPLICIT_JOIN_KEY_FIELD, implicitJoinKeyField());
}
builder.field(KEY_SIZE, size());
builder.field(KEY_FETCH_SIZE, fetchSize());
if (searchAfterBuilder != null) {
builder.array(KEY_SEARCH_AFTER, searchAfterBuilder.getSortValues());
}
builder.field(KEY_CASE_SENSITIVE, isCaseSensitive());
builder.field(KEY_QUERY, query);
@ -156,10 +143,6 @@ public class EqlSearchRequest implements Validatable, ToXContentObject {
return this;
}
public String implicitJoinKeyField() {
return this.implicitJoinKeyField;
}
public boolean isCaseSensitive() {
return this.isCaseSensitive;
}
@ -169,12 +152,6 @@ public class EqlSearchRequest implements Validatable, ToXContentObject {
return this;
}
public EqlSearchRequest implicitJoinKeyField(String implicitJoinKeyField) {
Objects.requireNonNull(implicitJoinKeyField, "implicit join key must not be null");
this.implicitJoinKeyField = implicitJoinKeyField;
return this;
}
public int size() {
return this.size;
}
@ -199,23 +176,6 @@ public class EqlSearchRequest implements Validatable, ToXContentObject {
return this;
}
public Object[] searchAfter() {
if (searchAfterBuilder == null) {
return null;
}
return searchAfterBuilder.getSortValues();
}
public EqlSearchRequest searchAfter(Object[] values) {
this.searchAfterBuilder = new SearchAfterBuilder().setSortValues(values);
return this;
}
private EqlSearchRequest setSearchAfter(SearchAfterBuilder builder) {
this.searchAfterBuilder = builder;
return this;
}
public String query() {
return this.query;
}
@ -269,8 +229,6 @@ public class EqlSearchRequest implements Validatable, ToXContentObject {
Objects.equals(timestampField, that.timestampField) &&
Objects.equals(tiebreakerField, that.tiebreakerField) &&
Objects.equals(eventCategoryField, that.eventCategoryField) &&
Objects.equals(implicitJoinKeyField, that.implicitJoinKeyField) &&
Objects.equals(searchAfterBuilder, that.searchAfterBuilder) &&
Objects.equals(query, that.query) &&
Objects.equals(isCaseSensitive, that.isCaseSensitive) &&
Objects.equals(waitForCompletionTimeout, that.waitForCompletionTimeout) &&
@ -289,8 +247,6 @@ public class EqlSearchRequest implements Validatable, ToXContentObject {
timestampField,
tiebreakerField,
eventCategoryField,
implicitJoinKeyField,
searchAfterBuilder,
query,
isCaseSensitive,
waitForCompletionTimeout,

8
client/rest-high-level/src/test/java/org/elasticsearch/client/eql/EqlSearchRequestTests.java
View File

@ -39,9 +39,6 @@ public class EqlSearchRequestTests extends AbstractRequestTestCase<EqlSearchRequ
if (randomBoolean()) {
EqlSearchRequest.fetchSize(randomIntBetween(1, Integer.MAX_VALUE));
}
if (randomBoolean()) {
EqlSearchRequest.implicitJoinKeyField(randomAlphaOfLength(10));
}
if (randomBoolean()) {
EqlSearchRequest.eventCategoryField(randomAlphaOfLength(10));
}
@ -54,9 +51,6 @@ public class EqlSearchRequestTests extends AbstractRequestTestCase<EqlSearchRequ
if (randomBoolean()) {
EqlSearchRequest.tiebreakerField(randomAlphaOfLength(10));
}
if (randomBoolean()) {
EqlSearchRequest.searchAfter(randomArray(1, 4, Object[]::new, () -> randomAlphaOfLength(3)));
}
if (randomBoolean()) {
if (randomBoolean()) {
EqlSearchRequest.filter(QueryBuilders.matchAllQuery());
@ -76,12 +70,10 @@ public class EqlSearchRequestTests extends AbstractRequestTestCase<EqlSearchRequ
protected void assertInstances(org.elasticsearch.xpack.eql.action.EqlSearchRequest serverInstance, EqlSearchRequest
clientTestInstance) {
assertThat(serverInstance.eventCategoryField(), equalTo(clientTestInstance.eventCategoryField()));
assertThat(serverInstance.implicitJoinKeyField(), equalTo(clientTestInstance.implicitJoinKeyField()));
assertThat(serverInstance.timestampField(), equalTo(clientTestInstance.timestampField()));
assertThat(serverInstance.tiebreakerField(), equalTo(clientTestInstance.tiebreakerField()));
assertThat(serverInstance.filter(), equalTo(clientTestInstance.filter()));
assertThat(serverInstance.query(), equalTo(clientTestInstance.query()));
assertThat(serverInstance.searchAfter(), equalTo(clientTestInstance.searchAfter()));
assertThat(serverInstance.indicesOptions(), equalTo(clientTestInstance.indicesOptions()));
assertThat(serverInstance.indices(), equalTo(clientTestInstance.indices()));
assertThat(serverInstance.fetchSize(), equalTo(clientTestInstance.fetchSize()));

8
docs/reference/eql/eql-search-api.asciidoc
View File

@ -181,10 +181,6 @@ A greater `fetch_size` value often increases search speed but uses more memory.
Query, written in query DSL, used to filter the events on which the EQL query
runs.
`implicit_join_key_field`::
(Optional, string)
Reserved for future use.
`keep_alive`::
+
--
@ -235,10 +231,6 @@ If both parameters are specified, only the query parameter is used.
IMPORTANT: This parameter supports a subset of EQL syntax. See
<<eql-unsupported-syntax>>.
`search_after`::
(Optional, string)
Reserved for future use.
`size`::
(Optional, integer or float)
For <<eql-basic-syntax,basic queries>>, the maximum number of matching events to

3
x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/CommonEqlRestTestCase.java
View File

@ -30,11 +30,8 @@ public abstract class CommonEqlRestTestCase extends ESRestTestCase {
{"{\"query\": \"\"}", "query is null or empty"},
{"{\"query\": \"" + validQuery + "\", \"timestamp_field\": \"\"}", "timestamp field is null or empty"},
{"{\"query\": \"" + validQuery + "\", \"event_category_field\": \"\"}", "event category field is null or empty"},
{"{\"query\": \"" + validQuery + "\", \"implicit_join_key_field\": \"\"}", "implicit join key field is null or empty"},
{"{\"query\": \"" + validQuery + "\", \"size\": 0}", "size must be greater than 0"},
{"{\"query\": \"" + validQuery + "\", \"size\": -1}", "size must be greater than 0"},
{"{\"query\": \"" + validQuery + "\", \"search_after\": null}", "search_after doesn't support values of type: VALUE_NULL"},
{"{\"query\": \"" + validQuery + "\", \"search_after\": []}", "must contains at least one value"},
{"{\"query\": \"" + validQuery + "\", \"filter\": null}", "filter doesn't support values of type: VALUE_NULL"},
{"{\"query\": \"" + validQuery + "\", \"filter\": {}}", "query malformed, empty clause found"}
};

55
x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/action/EqlSearchRequest.java
View File

@ -21,7 +21,6 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.index.query.AbstractQueryBuilder;
import org.elasticsearch.index.query.QueryBuilder;
import org.elasticsearch.search.searchafter.SearchAfterBuilder;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.tasks.TaskId;
@ -33,7 +32,6 @@ import java.util.function.Supplier;
import static org.elasticsearch.action.ValidateActions.addValidationError;
import static org.elasticsearch.xpack.eql.action.RequestDefaults.FIELD_EVENT_CATEGORY;
import static org.elasticsearch.xpack.eql.action.RequestDefaults.FIELD_IMPLICIT_JOIN_KEY;
import static org.elasticsearch.xpack.eql.action.RequestDefaults.FIELD_TIMESTAMP;
public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Replaceable, ToXContent {
@ -49,10 +47,8 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
private String timestampField = FIELD_TIMESTAMP;
private String tiebreakerField = null;
private String eventCategoryField = FIELD_EVENT_CATEGORY;
private String implicitJoinKeyField = FIELD_IMPLICIT_JOIN_KEY;
private int size = RequestDefaults.SIZE;
private int fetchSize = RequestDefaults.FETCH_SIZE;
private SearchAfterBuilder searchAfterBuilder;
private String query;
private boolean isCaseSensitive = false;
@ -65,10 +61,8 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
static final String KEY_TIMESTAMP_FIELD = "timestamp_field";
static final String KEY_TIEBREAKER_FIELD = "tiebreaker_field";
static final String KEY_EVENT_CATEGORY_FIELD = "event_category_field";
static final String KEY_IMPLICIT_JOIN_KEY_FIELD = "implicit_join_key_field";
static final String KEY_SIZE = "size";
static final String KEY_FETCH_SIZE = "fetch_size";
static final String KEY_SEARCH_AFTER = "search_after";
static final String KEY_QUERY = "query";
static final String KEY_WAIT_FOR_COMPLETION_TIMEOUT = "wait_for_completion_timeout";
static final String KEY_KEEP_ALIVE = "keep_alive";
@ -79,10 +73,8 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
static final ParseField TIMESTAMP_FIELD = new ParseField(KEY_TIMESTAMP_FIELD);
static final ParseField TIEBREAKER_FIELD = new ParseField(KEY_TIEBREAKER_FIELD);
static final ParseField EVENT_CATEGORY_FIELD = new ParseField(KEY_EVENT_CATEGORY_FIELD);
static final ParseField IMPLICIT_JOIN_KEY_FIELD = new ParseField(KEY_IMPLICIT_JOIN_KEY_FIELD);
static final ParseField SIZE = new ParseField(KEY_SIZE);
static final ParseField FETCH_SIZE = new ParseField(KEY_FETCH_SIZE);
static final ParseField SEARCH_AFTER = new ParseField(KEY_SEARCH_AFTER);
static final ParseField QUERY = new ParseField(KEY_QUERY);
static final ParseField WAIT_FOR_COMPLETION_TIMEOUT = new ParseField(KEY_WAIT_FOR_COMPLETION_TIMEOUT);
static final ParseField KEEP_ALIVE = new ParseField(KEY_KEEP_ALIVE);
@ -103,10 +95,8 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
timestampField = in.readString();
tiebreakerField = in.readOptionalString();
eventCategoryField = in.readString();
implicitJoinKeyField = in.readString();
size = in.readVInt();
fetchSize = in.readVInt();
searchAfterBuilder = in.readOptionalWriteable(SearchAfterBuilder::new);
query = in.readString();
if (in.getVersion().onOrAfter(Version.V_7_9_0)) {
this.waitForCompletionTimeout = in.readOptionalTimeValue();
@ -147,10 +137,6 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
validationException = addValidationError("event category field is null or empty", validationException);
}
if (implicitJoinKeyField == null || implicitJoinKeyField.isEmpty()) {
validationException = addValidationError("implicit join key field is null or empty", validationException);
}
if (size <= 0) {
validationException = addValidationError("size must be greater than 0", validationException);
}
@ -177,16 +163,8 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
builder.field(KEY_TIEBREAKER_FIELD, tiebreakerField());
}
builder.field(KEY_EVENT_CATEGORY_FIELD, eventCategoryField());
if (implicitJoinKeyField != null) {
builder.field(KEY_IMPLICIT_JOIN_KEY_FIELD, implicitJoinKeyField());
}
builder.field(KEY_SIZE, size());
builder.field(KEY_FETCH_SIZE, fetchSize());
if (searchAfterBuilder != null) {
builder.array(SEARCH_AFTER.getPreferredName(), searchAfterBuilder.getSortValues());
}
builder.field(KEY_QUERY, query);
if (waitForCompletionTimeout != null) {
builder.field(KEY_WAIT_FOR_COMPLETION_TIMEOUT, waitForCompletionTimeout);
@ -211,11 +189,8 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
parser.declareString(EqlSearchRequest::timestampField, TIMESTAMP_FIELD);
parser.declareString(EqlSearchRequest::tiebreakerField, TIEBREAKER_FIELD);
parser.declareString(EqlSearchRequest::eventCategoryField, EVENT_CATEGORY_FIELD);
parser.declareString(EqlSearchRequest::implicitJoinKeyField, IMPLICIT_JOIN_KEY_FIELD);
parser.declareInt(EqlSearchRequest::size, SIZE);
parser.declareInt(EqlSearchRequest::fetchSize, FETCH_SIZE);
parser.declareField(EqlSearchRequest::setSearchAfter, SearchAfterBuilder::fromXContent, SEARCH_AFTER,
ObjectParser.ValueType.OBJECT_ARRAY);
parser.declareString(EqlSearchRequest::query, QUERY);
parser.declareField(EqlSearchRequest::waitForCompletionTimeout,
(p, c) -> TimeValue.parseTimeValue(p.text(), KEY_WAIT_FOR_COMPLETION_TIMEOUT), WAIT_FOR_COMPLETION_TIMEOUT,
@ -261,13 +236,6 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
return this;
}
public String implicitJoinKeyField() { return this.implicitJoinKeyField; }
public EqlSearchRequest implicitJoinKeyField(String implicitJoinKeyField) {
this.implicitJoinKeyField = implicitJoinKeyField;
return this;
}
public int size() {
return this.size;
}
@ -286,23 +254,6 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
return this;
}
public Object[] searchAfter() {
if (searchAfterBuilder == null) {
return null;
}
return searchAfterBuilder.getSortValues();
}
public EqlSearchRequest searchAfter(Object[] values) {
this.searchAfterBuilder = new SearchAfterBuilder().setSortValues(values);
return this;
}
private EqlSearchRequest setSearchAfter(SearchAfterBuilder builder) {
this.searchAfterBuilder = builder;
return this;
}
public String query() { return this.query; }
public EqlSearchRequest query(String query) {
@ -353,10 +304,8 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
out.writeString(timestampField);
out.writeOptionalString(tiebreakerField);
out.writeString(eventCategoryField);
out.writeString(implicitJoinKeyField);
out.writeVInt(size);
out.writeVInt(fetchSize);
out.writeOptionalWriteable(searchAfterBuilder);
out.writeString(query);
if (out.getVersion().onOrAfter(Version.V_7_9_0)) {
out.writeOptionalTimeValue(waitForCompletionTimeout);
@ -383,8 +332,6 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
Objects.equals(timestampField, that.timestampField) &&
Objects.equals(tiebreakerField, that.tiebreakerField) &&
Objects.equals(eventCategoryField, that.eventCategoryField) &&
Objects.equals(implicitJoinKeyField, that.implicitJoinKeyField) &&
Objects.equals(searchAfterBuilder, that.searchAfterBuilder) &&
Objects.equals(query, that.query) &&
Objects.equals(waitForCompletionTimeout, that.waitForCompletionTimeout) &&
Objects.equals(keepAlive, that.keepAlive) &&
@ -402,8 +349,6 @@ public class EqlSearchRequest extends ActionRequest implements IndicesRequest.Re
timestampField,
tiebreakerField,
eventCategoryField,
implicitJoinKeyField,
searchAfterBuilder,
query,
waitForCompletionTimeout,
keepAlive,

12
x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/action/EqlSearchRequestBuilder.java
View File

@ -40,11 +40,6 @@ public class EqlSearchRequestBuilder extends ActionRequestBuilder<EqlSearchReque
return this;
}
public EqlSearchRequestBuilder implicitJoinKeyField(String implicitJoinKeyField) {
request.implicitJoinKeyField(implicitJoinKeyField);
return this;
}
public EqlSearchRequestBuilder size(int size) {
request.size(size);
return this;
@ -55,17 +50,12 @@ public class EqlSearchRequestBuilder extends ActionRequestBuilder<EqlSearchReque
return this;
}
public EqlSearchRequestBuilder searchAfter(Object[] values) {
request.searchAfter(values);
return this;
}
public EqlSearchRequestBuilder query(String query) {
request.query(query);
return this;
}
public EqlSearchRequestBuilder query(boolean isCaseSensitive) {
public EqlSearchRequestBuilder isCaseSensitive(boolean isCaseSensitive) {
request.isCaseSensitive(isCaseSensitive);
return this;
}

1
x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/action/RequestDefaults.java
View File

@ -12,7 +12,6 @@ public final class RequestDefaults {
public static final String FIELD_TIMESTAMP = "@timestamp";
public static final String FIELD_EVENT_CATEGORY = "event.category";
public static final String FIELD_IMPLICIT_JOIN_KEY = "agent.id";
public static int SIZE = 10;
public static int FETCH_SIZE = 1000;

11
x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/ParserParams.java
View File

@ -12,7 +12,6 @@ import java.util.List;
import static java.util.Collections.emptyList;
import static org.elasticsearch.xpack.eql.action.RequestDefaults.FETCH_SIZE;
import static org.elasticsearch.xpack.eql.action.RequestDefaults.FIELD_EVENT_CATEGORY;
import static org.elasticsearch.xpack.eql.action.RequestDefaults.FIELD_IMPLICIT_JOIN_KEY;
import static org.elasticsearch.xpack.eql.action.RequestDefaults.FIELD_TIMESTAMP;
import static org.elasticsearch.xpack.eql.action.RequestDefaults.SIZE;
@ -22,7 +21,6 @@ public class ParserParams {
private String fieldEventCategory = FIELD_EVENT_CATEGORY;
private String fieldTimestamp = FIELD_TIMESTAMP;
private String fieldTiebreaker = null;
private String implicitJoinKey = FIELD_IMPLICIT_JOIN_KEY;
private int size = SIZE;
private int fetchSize = FETCH_SIZE;
private List<Object> queryParams = emptyList();
@ -58,15 +56,6 @@ public class ParserParams {
return this;
}
public String implicitJoinKey() {
return implicitJoinKey;
}
public ParserParams implicitJoinKey(String implicitJoinKey) {
this.implicitJoinKey = implicitJoinKey;
return this;
}
public int size() {
return size;
}

1
x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/plugin/TransportEqlSearchAction.java
View File

@ -115,7 +115,6 @@ public class TransportEqlSearchAction extends HandledTransportAction<EqlSearchRe
.fieldEventCategory(request.eventCategoryField())
.fieldTimestamp(request.timestampField())
.fieldTiebreaker(request.tiebreakerField())
.implicitJoinKey(request.implicitJoinKeyField())
.size(request.size())
.fetchSize(request.fetchSize());

9
x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/action/EqlRequestParserTests.java
View File

@ -37,11 +37,6 @@ public class EqlRequestParserTests extends ESTestCase {
EqlSearchRequest::fromXContent);
assertParsingErrorMessage("{\"event_category_field\" : 123}", "event_category_field doesn't support values of type: VALUE_NUMBER",
EqlSearchRequest::fromXContent);
assertParsingErrorMessage("{\"implicit_join_key_field\" : 123}",
"implicit_join_key_field doesn't support values of type: VALUE_NUMBER",
EqlSearchRequest::fromXContent);
assertParsingErrorMessage("{\"search_after\" : 123}", "search_after doesn't support values of type: VALUE_NUMBER",
EqlSearchRequest::fromXContent);
assertParsingErrorMessage("{\"size\" : \"foo\"}", "failed to parse field [size]", EqlSearchRequest::fromXContent);
assertParsingErrorMessage("{\"query\" : 123}", "query doesn't support values of type: VALUE_NUMBER",
EqlSearchRequest::fromXContent);
@ -55,8 +50,6 @@ public class EqlRequestParserTests extends ESTestCase {
EqlSearchRequest request = generateRequest("endgame-*", "{\"filter\" : {\"match\" : {\"foo\":\"bar\"}}, "
+ "\"timestamp_field\" : \"tsf\", "
+ "\"event_category_field\" : \"etf\","
+ "\"implicit_join_key_field\" : \"imjf\","
+ "\"search_after\" : [ 12345678, \"device-20184\", \"/user/local/foo.exe\", \"2019-11-26T00:45:43.542\" ],"
+ "\"size\" : \"101\","
+ "\"query\" : \"file where user != 'SYSTEM' by file_path\""
+ (setIsCaseSensitive ? (",\"case_sensitive\" : " + isCaseSensitive) : "")
@ -69,8 +62,6 @@ public class EqlRequestParserTests extends ESTestCase {
assertEquals("bar", filter.value());
assertEquals("tsf", request.timestampField());
assertEquals("etf", request.eventCategoryField());
assertEquals("imjf", request.implicitJoinKeyField());
assertArrayEquals(new Object[]{12345678, "device-20184", "/user/local/foo.exe", "2019-11-26T00:45:43.542"}, request.searchAfter());
assertEquals(101, request.size());
assertEquals(1000, request.fetchSize());
assertEquals("file where user != 'SYSTEM' by file_path", request.query());

26
x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/action/EqlSearchRequestTests.java
View File

@ -5,19 +5,15 @@
*/
package org.elasticsearch.xpack.eql.action;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.io.stream.Writeable;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.text.Text;
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentParser;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.index.query.QueryBuilder;
import org.elasticsearch.search.SearchModule;
import org.elasticsearch.search.searchafter.SearchAfterBuilder;
import org.elasticsearch.test.AbstractSerializingTestCase;
import org.elasticsearch.test.ESTestCase;
import org.junit.Before;
@ -65,13 +61,9 @@ public class EqlSearchRequestTests extends AbstractSerializingTestCase<EqlSearch
.filter(filter)
.timestampField(randomAlphaOfLength(10))
.eventCategoryField(randomAlphaOfLength(10))
.implicitJoinKeyField(randomAlphaOfLength(10))
.fetchSize(randomIntBetween(1, 50))
.query(randomAlphaOfLength(10));
if (randomBoolean()) {
request.searchAfter(randomJsonSearchFromBuilder());
}
return request;
} catch (IOException ex) {
assertNotNull("unexpected IOException " + ex.getCause().getMessage(), ex);
@ -105,24 +97,6 @@ public class EqlSearchRequestTests extends AbstractSerializingTestCase<EqlSearch
return value.get();
}
private Object[] randomJsonSearchFromBuilder() throws IOException {
int numSearchAfter = randomIntBetween(1, 10);
XContentBuilder jsonBuilder = XContentFactory.jsonBuilder();
jsonBuilder.startObject();
jsonBuilder.startArray("search_after");
for (int i = 0; i < numSearchAfter; i++) {
jsonBuilder.value(randomValue());
}
jsonBuilder.endArray();
jsonBuilder.endObject();
try (XContentParser parser = createParser(JsonXContent.jsonXContent, BytesReference.bytes(jsonBuilder))) {
parser.nextToken();
parser.nextToken();
parser.nextToken();
return SearchAfterBuilder.fromXContent(parser).getSortValues();
}
}
@Override
protected Writeable.Reader<EqlSearchRequest> instanceReader() {
return EqlSearchRequest::new;