Commit Graph

15 Commits

Author SHA1 Message Date
Ross Wolf 96a903b17f
EQL: Add string function ()
* EQL: Add string() function
* EQL: Reorder queryfolder_tests
* EQL: Add test queries
* EQL: Fix InternalEqlScriptUtils.string and test case
* EQL: Fix testStringFunctionWithText error message
* EQL: Flatten ToStringFunctionPipe.equals
* EQL: Reorder painless whitelist
* EQL: Address feedback and remove string(null) handling
* EQL: Move string(pid) test over
* EQL: Rename source -> value
2020-04-10 09:48:29 -06:00
Andrei Stefan 85f129a50a
EQL: indexOf function implementation () ()
(cherry picked from commit a4b1d6e52d9ba22d541dd86d69861b1efee83604)
2020-04-09 02:41:01 +03:00
Aleksandr Maus d02f774cb6
EQL: implement cidrMatch function () ()
Related to https://github.com/elastic/elasticsearch/issues/54132
2020-04-07 22:07:28 -04:00
Aleksandr Maus 868798e4db
EQL: implement between function () () 2020-04-07 16:52:30 -04:00
Ross Wolf 022f829d84
EQL: Add wildcard function ()
* EQL: Add wildcard function
* EQL: Cleanup Wildcard.getArguments
* EQL: Cleanup Wildcard and rearrange methods
* EQL: Wildcard newline lint
* EQL: Make StringUtils function final
* EQL: Make Wildcard.asLikes return ScalarFunction
* QL: Restore BinaryLogic.java
* EQL: Add Wildcard PR feedback
* EQL: Add Wildcard verification tests
* EQL: Switch wildcard to isFoldable test
* EQL: Change wildcard test to numeric field
* EQL: Remove Wildcard.get_arguments
2020-04-03 10:15:43 -06:00
Andrei Stefan 977302e46c
EQL: startsWith and endsWith functions implementation ()
* EQL: startsWith function implementation ()

(cherry picked from commit 666719fcfc40f6fc0535609577791369123320ab)

* EQL: endsWith function implementation ()

(cherry picked from commit 554a4c8ef04b67eed107d29b57185e9af25d9d4f)
2020-03-31 18:06:03 +03:00
Costin Leau 68f74cf593
EQL: Fix custom scripting for functions () ()
Improve separation of scripting between EQL and SQL by delegating common
methods to QL. The context detection is determined based on the package
to avoid having repetitive class hierarchies.
The Painless whitelists have been improved so that the declaring class
is used instead of the inherited one.

Relates 

(cherry picked from commit 6d46033e736c64ac9255c5d6964600d2a931430a)

EQL: Add Substring function with Python semantics ()

Does not reuse substring from SQL due to the difference in semantics and
the accepted arguments.
Currently it is missing full integration tests as, due to the usage of
scripting, requires an actual integration test against a proper cluster
(and likely its own QA project).

(cherry picked from commit f58680bad33d5ce4139157a69a4d9f5f286bc3c4)
2020-03-24 20:54:19 +02:00
Aleksandr Maus fd0cdde38c
EQL: EqlActionIT improvements () ()
Related to https://github.com/elastic/elasticsearch/issues/53598
2020-03-20 17:28:15 -04:00
Aleksandr Maus d064846416
EQL: Test infrastructure improvements () ()
Update CommonEqlRestTestCase code to simplify making changes as requested.
Update EqlActionIT to simplify the test code as requested.
Replace Jackson parser with XContent in EqlActionIT.
Whitelist more EQL tests specs that are now supported.
2020-03-09 14:11:54 -04:00
Aleksandr Maus b47bffba24
EQL: consistent naming for event type vs event category () ()
Related to https://github.com/elastic/elasticsearch/issues/52941
2020-03-04 08:02:38 -05:00
Aleksandr Maus 89ed857c79
EQL: Change request parameter query to filter and rule to query () ()
Related to https://github.com/elastic/elasticsearch/issues/52911
2020-03-02 09:26:23 -05:00
Igor Motov e5b21a3fc6
Add HLRC for EQL search ()
Adds EQL HLRC client with the search method.

Relates to 
2020-02-21 08:44:08 -05:00
Aleksandr Maus d4f6f38150
EQL: Fix : [CI] unknown setting [xpack.eql.enabled] in release-tests () ()
Fixes 
Co-authored-by: Igor Motov <igor@motovs.org>
2020-01-31 15:14:27 -05:00
Aleksandr Maus d715176c00 Add more Eql REST API validation integration tests, clean up request implementation () 2020-01-27 15:12:48 -05:00
Aleksandr Maus 79875ce4d9 Initial EQL rest API implementation () 2020-01-27 15:11:41 -05:00