Commit Graph

7393 Commits

Author SHA1 Message Date
David Kyle 999c1dab48 [ML] Remove extra quotes in field config
Original commit: elastic/x-pack-elasticsearch@d9a7ca5ebf
2018-01-11 15:57:17 +00:00
David Roberts a386b5727e [ML] Increase tokenization flexibility for categorization (elastic/x-pack-elasticsearch#3372)
By moving tokenization for categorization to Java we give users access to considerably more options for tokenizing their log messages prior to using ML to categorize them. Now all Elasticsearch analyzer functionality is available, which opens up the possibility to sensibly categorize non-English log messages.

Relates elastic/machine-learning-cpp#491

Original commit: elastic/x-pack-elasticsearch@5d61b67614
2018-01-11 15:40:13 +00:00
Alexander Reelsen 992a7af126 Watcher: Add support for actions in slack attachments (elastic/x-pack-elasticsearch#3355)
In order to support buttons that can be clicked on within a slack
message, this commits adds support for so called actions within
attachments. This allows to create buttons, that are clicked and execute
a GET request, so actions must be idempotent according to the official
slack documentation.

Official slack documentation is available at
https://api.slack.com/docs/message-attachments#action_fields

Original commit: elastic/x-pack-elasticsearch@29ddc90b01
2018-01-11 11:43:24 +01:00
Albert Zaharovits 3fc17ab918 Audit Event ignore policy (elastic/x-pack-elasticsearch#3005)
This commit introduces audit event filtering policies for the logging audit.
Until now the only way to temper the gush of audit events was to specifically
pick some event types that were reported.
This superposes a way (named policies) to filter events using lucene regexp filters on 
the following event fields: users, realms, roles and indices. The policies are ignore
policies, ie when an event matches it is ignored (not reported).

Original commit: elastic/x-pack-elasticsearch@233f685121
2018-01-11 11:07:46 +02:00
Chris Earle e74f90eba0 [Monitoring] Add Cluster Alert for Nodes Changed (elastic/x-pack-elasticsearch#3504)
This creates a cluster alert that triggers whenever a node is:

- Added
- Removed
- Restarted (aka Removed and Added between collections)

Unlike all previous cluster alerts, this cluster is always instantly resolved because there is no way to otherwise resolve it later (especially if nodes are replaced).

This will require a small change to the UI so that it does not simply ignore resolved alerts.

Original commit: elastic/x-pack-elasticsearch@6340bf7960
2018-01-10 21:29:00 -05:00
Costin Leau e5e5583bd8 SQL: equality on analyzed through TermQuery on not-analyzed (elastic/x-pack-elasticsearch#3524)
Always use term equality for analyzed terms by falling back (to possible
not present) to the not-analyzed field.
Add clarifying comment in test

Original commit: elastic/x-pack-elasticsearch@9e735d3fef
2018-01-11 00:01:30 +02:00
Costin Leau 2870312320 SQL: Optimizer tests (elastic/x-pack-elasticsearch#3518)
Unit tests for the Optimizer
Disabled for now RemoveDuplicateFunctions until elastic/x-pack-elasticsearch#3527 gets resolved

Original commit: elastic/x-pack-elasticsearch@3224e3937f
2018-01-10 19:42:15 +02:00
Costin Leau c204cc0aa3 SQL: removed fallback to exact prediction in the parser (elastic/x-pack-elasticsearch#3522)
The grammar definition should not require the exact prediction on the
listener. Falling back to it hides potential ambiguities.
Moved it to a separate method so it can be enabled for debugging in
development similar to Painless picky mode.

Original commit: elastic/x-pack-elasticsearch@969cb0b5cb
2018-01-10 17:52:35 +02:00
Igor Motov ce81a34467 SQL: Add jdbc mode to REST API (elastic/x-pack-elasticsearch#3499)
Adds a mode parameter to all SQL-related requests. The mode parameter is used for license checks as well as to define the response content. For now only two modes are supported plain (default) and jdbc. We will add other modes in the future as we add more clients.

Relates elastic/x-pack-elasticsearch#3419 

Original commit: elastic/x-pack-elasticsearch@b49ca38d4b
2018-01-10 09:41:36 -05:00
David Kyle 4c973c16c2 [ML] Rename event filter params (elastic/x-pack-elasticsearch#3525)
Original commit: elastic/x-pack-elasticsearch@3089193d45
2018-01-10 14:40:32 +00:00
Colin Goodheart-Smithe 45a31c953c Fixes docs test build
Original commit: elastic/x-pack-elasticsearch@23272a29ca
2018-01-10 12:05:45 +00:00
David Kyle d3d965c8ee [ML] Configure autodetect with scheduled events (elastic/x-pack-elasticsearch#3521)
Original commit: elastic/x-pack-elasticsearch@e51b70ec69
2018-01-10 12:02:14 +00:00
David Kyle 66b187fe17 [ML] Account for job groups membership when getting events (elastic/x-pack-elasticsearch#3473)
* Account for job groups membership when getting events

Original commit: elastic/x-pack-elasticsearch@a4185cc460
2018-01-10 11:14:09 +00:00
Dimitris Athanasiou aa25704170 [ML] Add scheduled_events field to bucket (elastic/x-pack-elasticsearch#3513)
Adds `scheduled_events` to the bucket object so
it can read the corresponding field written from the
autodetect process.

Relates elastic/x-pack-elasticsearch#3016

Original commit: elastic/x-pack-elasticsearch@3f35f867f0
2018-01-10 10:57:09 +00:00
Lee Hinman 0865063740 SQL: Fix multi-line CLI commands to join correctly (elastic/x-pack-elasticsearch#3516)
Previously multi-line CLI SQL statements were joined, but the space command was
missing, so a command like:

```
sql> SHOW
   | functions;
```

Would incorrectly parse as "showfunctions" and throw an error.

This fixes the behavior and adds a test for multi-line commands.

Resolves elastic/x-pack-elasticsearch#3410

Original commit: elastic/x-pack-elasticsearch@3870924ccd
2018-01-09 16:55:30 -07:00
Lisa Cawley 923428e19f [DOCS] Add links to Beats security pages (elastic/x-pack-elasticsearch#3514)
* [DOCS] Added link to new content location

* [DOCS] Add links to Beats security pages

Original commit: elastic/x-pack-elasticsearch@f54f0ef076
2018-01-09 13:33:53 -08:00
Jay Modi cbf1427ff4 Allow license installation with TLS disabled and single-node discovery (elastic/x-pack-elasticsearch#3427)
This change allows production licenses to be installed when TLS is not enabled and the discovery
type is set to single-node.

Relates elastic/x-pack-elasticsearch#3245

Original commit: elastic/x-pack-elasticsearch@73815a3976
2018-01-09 12:32:37 -07:00
Jason Tedor 374ab447f7 Push build.snapshot to BWC builds too
We need to push this flag down to the command line for BWC builds or the
artifacts in release tests will have the wrong version (being considered
snapshots instead of non-snapshots).

Original commit: elastic/x-pack-elasticsearch@279fd02aa7
2018-01-09 12:48:48 -05:00
Costin Leau 8257d8d76a SQL: Extend grammar to allow wildcard in the grammar without quotes (elastic/x-pack-elasticsearch#3501)
Tweak the grammar to differentiate between table and normal identifier.
The table one allows wildcard while the normal one (for fields) does not.

Original commit: elastic/x-pack-elasticsearch@a714e950db
2018-01-09 19:30:50 +02:00
Nik Everett 260e5ae6cf SQL: OOify field collection and depth calculation (elastic/x-pack-elasticsearch#3465)
Converts the collection of fields and the calculation of depth for `ProcessorDefinition`s
to OO style tree traversal without the need for `Node` or `instanceof` tests.
  

Original commit: elastic/x-pack-elasticsearch@5d0517af29
2018-01-09 12:24:29 -05:00
Nik Everett 530c0f3dcb SQL: Import for javdoc
I suppose I should have retested this before pushing an update and then
merging....

Original commit: elastic/x-pack-elasticsearch@7e11e67f77
2018-01-09 11:33:29 -05:00
Nik Everett 4d6b58495d SQL: Simplify expression ID generation (elastic/x-pack-elasticsearch#3466)
Replaces the `ExpressionIdGenerator` class with a static method and drops
the `jvmId` field from the `ExpressionId` altogether because it isn't needed.

We still have the potential to roll over expression ids if the server lives for
a long time but it is quite unlikely and rolling over only matters if we roll
over in the same query. So long as each expression id is unique to a
particular query we're fine.

Original commit: elastic/x-pack-elasticsearch@fe3d7f7216
2018-01-09 11:16:31 -05:00
Nik Everett 4009ba24b6 SQL: Document reference equality requirement
Right now `ProcessorDefinition#resolveAttributes` relies on reference
equality to detect when the rewrite does nothing. At least, all the
nodes rely on this. Maybe this isn't that important, but it is what we
do so we may as well document it.

Original commit: elastic/x-pack-elasticsearch@662372db14
2018-01-09 11:11:56 -05:00
Costin Leau 25a00a3b55 SQL: Check null in processor (elastic/x-pack-elasticsearch#3494)
Make Processors resilient to NULL values
Check null only in functions not constants

Original commit: elastic/x-pack-elasticsearch@dd8bd16d49
2018-01-09 16:18:16 +02:00
David Kyle f73a7803ce [ML] Delete calendar events endpoint (elastic/x-pack-elasticsearch#3388)
* Delete calendar events endpoint

Original commit: elastic/x-pack-elasticsearch@70aebfae2c
2018-01-09 11:55:36 +00:00
Yannick Welsch bd3d652901 Fix Gradle wrapper usage on Windows when building BWC (elastic/x-pack-elasticsearch#3509)
Relates elastic/x-pack-elasticsearch#3502

Original commit: elastic/x-pack-elasticsearch@de69017a4f
2018-01-09 11:58:41 +01:00
Jason Tedor e92947e1b9 Use Gradle wrapper when building BWC
This commit modifies the BWC build to invoke the Gradle wrapper. The
motivation for this is two-fold:
 - BWC versions might be dependent on a different version of Gradle than
   the current version of Gradle
 - in a follow-up we are going to need to be able to set JAVA_HOME to a
   different value than the current value of JAVA_HOME

Relates elastic/x-pack-elasticsearch#3502

Original commit: elastic/x-pack-elasticsearch@22062f635b
2018-01-08 21:47:41 -05:00
Lisa Cawley 59044181d8 [DOCS] Update screenshots in ML tutorial (elastic/x-pack-elasticsearch#3492)
* [DOCS] Update screenshots in ML tutorial

* [DOCS] Updated screenshots for ML results

Original commit: elastic/x-pack-elasticsearch@d17bc61d62
2018-01-08 13:33:21 -08:00
Costin Leau e114a86750 Update docs to reflect date changes
Original commit: elastic/x-pack-elasticsearch@3fdc53dbdb
2018-01-08 21:52:27 +02:00
Lisa Cawley dc3d5d67a1 [DOCS] Change certgen references to certutil (elastic/x-pack-elasticsearch#3415)
* [DOCS] Change certgen references to certutil

* [DOCS] Updated TLS page with certutil info

* [DOCS] Added certutil examples to TLS page

* [DOCS] Clarified PEM requirement in TLS setup

* [DOCS] Updated certificate instructions

* [DOCS] Fixed security typo

Original commit: elastic/x-pack-elasticsearch@3a326fc87d
2018-01-08 10:14:51 -08:00
Alexander Reelsen 1d3c622746 Tests: Fix mockwebserver to parse incoming http bodies as UTF8
By not specifying a charset this used the system charset and
led to breaking tests under windows.

relates elastic/x-pack-elasticsearch#3498

Original commit: elastic/x-pack-elasticsearch@17d415ebbd
2018-01-08 18:29:22 +01:00
Costin Leau 2c1210610c SQL: Preserve DateTime as a type internally (elastic/x-pack-elasticsearch#3493)
Original commit: elastic/x-pack-elasticsearch@1d2f3d1dae
2018-01-08 18:46:16 +02:00
Costin Leau af33fb847e Fix the rest client
Original commit: elastic/x-pack-elasticsearch@e9aaf05398
2018-01-08 16:39:51 +02:00
Alexander Reelsen f80f1dd268 Tests: Silence test under windows as it fails
Relates elastic/x-pack-elasticsearch#3498

Original commit: elastic/x-pack-elasticsearch@2dda8851e4
2018-01-08 14:37:33 +01:00
Costin Leau dab50f7b77 SQL: correct index name invocation
Original commit: elastic/x-pack-elasticsearch@cec6dd6dd9
2018-01-08 14:54:18 +02:00
Alexander Reelsen b2493aad8d Tests: Added trace logging for more debug information
Relates elastic/x-pack-elasticsearch#3430

Original commit: elastic/x-pack-elasticsearch@67aeebcc4a
2018-01-08 11:49:20 +01:00
Alexander Reelsen 6f2fddc5f6 Watcher: Fix encoding of UTF8 data in HttpClient (elastic/x-pack-elasticsearch#3398)
The HttpClient uses an Apache HTTP client class named StringEntity to
encode a HTTP request body. This one however assumes ISO-8859-1 as its
charset when encoding the string based body to bytes.

This commit switches to a byte array based body, then sets the content
type header and falls back to the old text/plain content type if no
content type header is specified.

relates elastic/x-pack-elasticsearch#3397

Original commit: elastic/x-pack-elasticsearch@d5a6e7f0c7
2018-01-08 09:44:07 +01:00
Costin Leau aa85496090 Make debug tests abstract again
Original commit: elastic/x-pack-elasticsearch@1c9b60d556
2018-01-07 00:12:44 +02:00
Costin Leau ba81321d0d SQL: Support aliases and indices pattern (elastic/x-pack-elasticsearch#3438)
Add support for aliases and indices pattern
Enhance ShowTable info to differentiate between aliases and indices
Add regex filtering of index names
Handle security exceptions (in case of no privileges or no matching)

Original commit: elastic/x-pack-elasticsearch@91e3674ca7
2018-01-06 23:08:16 +02:00
David Kyle 2eb3f02e40 [ML] Rename SpecialEvents -> ScheduledEvents (elastic/x-pack-elasticsearch#3485)
* Rename SpecialEvents -> ScheduledEvents


Original commit: elastic/x-pack-elasticsearch@4bfc52c435
2018-01-05 16:35:42 +00:00
David Roberts f508e14e06 [TEST] Unmute ML categorization tests
The C++ changes these rely on are now in the snapshots on s3, so these
tests will work.

Relates elastic/machine-learning-cpp#512

Original commit: elastic/x-pack-elasticsearch@cb8f7b31e8
2018-01-05 16:02:35 +00:00
Igor Motov b769007798 Merge remote-tracking branch 'elastic/master' into feature/sql_2
Original commit: elastic/x-pack-elasticsearch@14750a59a8
2018-01-05 10:37:46 -05:00
David Roberts d7416d53e0 [ML] Fix categorization integration test following fix to C++ code (elastic/x-pack-elasticsearch#3483)
The categorization integration tests were picking up a bug in the C++
categorization code, but the expected results were set incorrectly to
match the incorrect C++ output.  This change adjusts the expected
results to reflect what is really expected.  It also mutes the tests
to avoid failures while the C++ fix propagates through the build
process.  The tests will be unmuted tomorrow.

Relates elastic/machine-learning-cpp#512

Original commit: elastic/x-pack-elasticsearch@d2b57b6216
2018-01-05 11:48:01 +00:00
Jason Tedor 1586836920 Introduce Gradle wrapper
This commit introduces the Gradle wrapper into x-pack-elasticsearch.

Relates elastic/x-pack-elasticsearch#3475

Original commit: elastic/x-pack-elasticsearch@8b40f82646
2018-01-04 16:42:12 -05:00
Adrien Grand 7b4178aa28 Remove redundant modifier.
Original commit: elastic/x-pack-elasticsearch@26b3539fa6
2018-01-04 18:56:36 +01:00
Adrien Grand 895246d6b1 SQL: Fix simplification of boolean expressions. (elastic/x-pack-elasticsearch#3422)
There is an error in the optimizer that causes expressions that look like
`a OR FALSE` to not be rewritten to `a`.

Original commit: elastic/x-pack-elasticsearch@8d19b77b8b
2018-01-04 15:15:09 +01:00
David Kyle 46c1272ed3 [ML] Fix broken backwards compatibility of field names (elastic/x-pack-elasticsearch#3463)
Original commit: elastic/x-pack-elasticsearch@613943dfe7
2018-01-04 10:05:16 +00:00
Jason Tedor 3b06254573 Set processors on audit remote client
When creating a transport client for a remote index audit trail, we are
implicitly allowing the construction of this transport client to
initialize the number of processors that Netty thinks are on the
system. Since we never pushed down the number of processors, this will
always default to the number of cores on the machine. If the user has
also set the processors setting, when the server bootstraps it will try
to push the number of processors down to Netty too. If this value does
not match the number of cores, we will fail in bootstrap because we
guard against initializing the number of processors that Netty sees to
different values. Instead, the transport client should inherit the
number of processors too and push this down when it pushes the number of
processors down to Netty. We have to worry about another possibility: an
explicit setting for the number of processors for the transport client
so we require this matches the inherited value.

Relates elastic/x-pack-elasticsearch#3469


Original commit: elastic/x-pack-elasticsearch@032810bb0b
2018-01-04 00:06:16 -05:00
Igor Motov 3d6e6c92bf Merge remote-tracking branch 'elastic/master' into feature/sql_2
Original commit: elastic/x-pack-elasticsearch@45dbf7608d
2018-01-03 16:53:29 -05:00
Ryan Ernst b05ee6fcc9 fix silly serialization test
Original commit: elastic/x-pack-elasticsearch@fc934534d7
2018-01-03 13:51:23 -08:00