By moving tokenization for categorization to Java we give users access to considerably more options for tokenizing their log messages prior to using ML to categorize them. Now all Elasticsearch analyzer functionality is available, which opens up the possibility to sensibly categorize non-English log messages.
Relates elastic/machine-learning-cpp#491
Original commit: elastic/x-pack-elasticsearch@5d61b67614
In order to support buttons that can be clicked on within a slack
message, this commits adds support for so called actions within
attachments. This allows to create buttons, that are clicked and execute
a GET request, so actions must be idempotent according to the official
slack documentation.
Official slack documentation is available at
https://api.slack.com/docs/message-attachments#action_fields
Original commit: elastic/x-pack-elasticsearch@29ddc90b01
This commit introduces audit event filtering policies for the logging audit.
Until now the only way to temper the gush of audit events was to specifically
pick some event types that were reported.
This superposes a way (named policies) to filter events using lucene regexp filters on
the following event fields: users, realms, roles and indices. The policies are ignore
policies, ie when an event matches it is ignored (not reported).
Original commit: elastic/x-pack-elasticsearch@233f685121
This creates a cluster alert that triggers whenever a node is:
- Added
- Removed
- Restarted (aka Removed and Added between collections)
Unlike all previous cluster alerts, this cluster is always instantly resolved because there is no way to otherwise resolve it later (especially if nodes are replaced).
This will require a small change to the UI so that it does not simply ignore resolved alerts.
Original commit: elastic/x-pack-elasticsearch@6340bf7960
Always use term equality for analyzed terms by falling back (to possible
not present) to the not-analyzed field.
Add clarifying comment in test
Original commit: elastic/x-pack-elasticsearch@9e735d3fef
The grammar definition should not require the exact prediction on the
listener. Falling back to it hides potential ambiguities.
Moved it to a separate method so it can be enabled for debugging in
development similar to Painless picky mode.
Original commit: elastic/x-pack-elasticsearch@969cb0b5cb
Adds a mode parameter to all SQL-related requests. The mode parameter is used for license checks as well as to define the response content. For now only two modes are supported plain (default) and jdbc. We will add other modes in the future as we add more clients.
Relates elastic/x-pack-elasticsearch#3419
Original commit: elastic/x-pack-elasticsearch@b49ca38d4b
Previously multi-line CLI SQL statements were joined, but the space command was
missing, so a command like:
```
sql> SHOW
| functions;
```
Would incorrectly parse as "showfunctions" and throw an error.
This fixes the behavior and adds a test for multi-line commands.
Resolveselastic/x-pack-elasticsearch#3410
Original commit: elastic/x-pack-elasticsearch@3870924ccd
We need to push this flag down to the command line for BWC builds or the
artifacts in release tests will have the wrong version (being considered
snapshots instead of non-snapshots).
Original commit: elastic/x-pack-elasticsearch@279fd02aa7
Tweak the grammar to differentiate between table and normal identifier.
The table one allows wildcard while the normal one (for fields) does not.
Original commit: elastic/x-pack-elasticsearch@a714e950db
Converts the collection of fields and the calculation of depth for `ProcessorDefinition`s
to OO style tree traversal without the need for `Node` or `instanceof` tests.
Original commit: elastic/x-pack-elasticsearch@5d0517af29
Replaces the `ExpressionIdGenerator` class with a static method and drops
the `jvmId` field from the `ExpressionId` altogether because it isn't needed.
We still have the potential to roll over expression ids if the server lives for
a long time but it is quite unlikely and rolling over only matters if we roll
over in the same query. So long as each expression id is unique to a
particular query we're fine.
Original commit: elastic/x-pack-elasticsearch@fe3d7f7216
Right now `ProcessorDefinition#resolveAttributes` relies on reference
equality to detect when the rewrite does nothing. At least, all the
nodes rely on this. Maybe this isn't that important, but it is what we
do so we may as well document it.
Original commit: elastic/x-pack-elasticsearch@662372db14
This commit modifies the BWC build to invoke the Gradle wrapper. The
motivation for this is two-fold:
- BWC versions might be dependent on a different version of Gradle than
the current version of Gradle
- in a follow-up we are going to need to be able to set JAVA_HOME to a
different value than the current value of JAVA_HOME
Relates elastic/x-pack-elasticsearch#3502
Original commit: elastic/x-pack-elasticsearch@22062f635b
The HttpClient uses an Apache HTTP client class named StringEntity to
encode a HTTP request body. This one however assumes ISO-8859-1 as its
charset when encoding the string based body to bytes.
This commit switches to a byte array based body, then sets the content
type header and falls back to the old text/plain content type if no
content type header is specified.
relates elastic/x-pack-elasticsearch#3397
Original commit: elastic/x-pack-elasticsearch@d5a6e7f0c7
Add support for aliases and indices pattern
Enhance ShowTable info to differentiate between aliases and indices
Add regex filtering of index names
Handle security exceptions (in case of no privileges or no matching)
Original commit: elastic/x-pack-elasticsearch@91e3674ca7
The categorization integration tests were picking up a bug in the C++
categorization code, but the expected results were set incorrectly to
match the incorrect C++ output. This change adjusts the expected
results to reflect what is really expected. It also mutes the tests
to avoid failures while the C++ fix propagates through the build
process. The tests will be unmuted tomorrow.
Relates elastic/machine-learning-cpp#512
Original commit: elastic/x-pack-elasticsearch@d2b57b6216
There is an error in the optimizer that causes expressions that look like
`a OR FALSE` to not be rewritten to `a`.
Original commit: elastic/x-pack-elasticsearch@8d19b77b8b
When creating a transport client for a remote index audit trail, we are
implicitly allowing the construction of this transport client to
initialize the number of processors that Netty thinks are on the
system. Since we never pushed down the number of processors, this will
always default to the number of cores on the machine. If the user has
also set the processors setting, when the server bootstraps it will try
to push the number of processors down to Netty too. If this value does
not match the number of cores, we will fail in bootstrap because we
guard against initializing the number of processors that Netty sees to
different values. Instead, the transport client should inherit the
number of processors too and push this down when it pushes the number of
processors down to Netty. We have to worry about another possibility: an
explicit setting for the number of processors for the transport client
so we require this matches the inherited value.
Relates elastic/x-pack-elasticsearch#3469
Original commit: elastic/x-pack-elasticsearch@032810bb0b
Igor Motov
David Roberts
David Kyle
Alexander Reelsen
Albert Zaharovits
Chris Earle
Costin Leau
Colin Goodheart-Smithe
Dimitris Athanasiou
Lee Hinman
Lisa Cawley
Jay Modi
Jason Tedor
Nik Everett
Yannick Welsch
Costin Leau
Adrien Grand