From 6f1890bf2d52cabdfd1e7848fb481cf54b895f25 Mon Sep 17 00:00:00 2001
From: Ross Wolf <31489089+rw-access@users.noreply.github.com>
Date: Mon, 27 Jan 2020 11:23:53 -0700
Subject: [PATCH] EQL grammar updates and tests (#49658)
* EQL: Additional tests and grammar updates
* EQL: Add backtick escaped identifiers
* EQL: Adding keywords to language
* EQL: Add checks for unsupported syntax
* EQL: Testing updates and PR feedback
* EQL: Add string escapes
* EQL: Cleanup grammar for identifier
* EQL: Remove tabs from .eql tests
---
x-pack/plugin/eql/src/main/antlr/EqlBase.g4 | 150 +-
.../plugin/eql/src/main/antlr/EqlBase.tokens | 87 --
.../eql/src/main/antlr/EqlBaseLexer.tokens | 86 --
.../xpack/eql/parser/AbstractBuilder.java | 59 +-
.../eql/parser/CaseInsensitiveStream.java | 45 -
.../xpack/eql/parser/EqlBaseBaseListener.java | 88 +-
.../xpack/eql/parser/EqlBaseBaseVisitor.java | 50 +-
.../xpack/eql/parser/EqlBaseLexer.java | 328 ++--
.../xpack/eql/parser/EqlBaseListener.java | 100 +-
.../xpack/eql/parser/EqlBaseParser.java | 1363 ++++++++---------
.../xpack/eql/parser/EqlBaseVisitor.java | 56 +-
.../xpack/eql/parser/EqlParser.java | 122 +-
.../xpack/eql/parser/GrammarTests.java | 45 +-
.../src/test/resources/grammar-queries.eql | 95 --
.../src/test/resources/queries-supported.eql | 332 ++++
.../test/resources/queries-unsupported.eql | 700 +++++++++
16 files changed, 2280 insertions(+), 1426 deletions(-)
delete mode 100644 x-pack/plugin/eql/src/main/antlr/EqlBase.tokens
delete mode 100644 x-pack/plugin/eql/src/main/antlr/EqlBaseLexer.tokens
delete mode 100644 x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/CaseInsensitiveStream.java
delete mode 100644 x-pack/plugin/eql/src/test/resources/grammar-queries.eql
create mode 100644 x-pack/plugin/eql/src/test/resources/queries-supported.eql
create mode 100644 x-pack/plugin/eql/src/test/resources/queries-unsupported.eql
diff --git a/x-pack/plugin/eql/src/main/antlr/EqlBase.g4 b/x-pack/plugin/eql/src/main/antlr/EqlBase.g4
index 717f549614397..8e26ec9b753df 100644
--- a/x-pack/plugin/eql/src/main/antlr/EqlBase.g4
+++ b/x-pack/plugin/eql/src/main/antlr/EqlBase.g4
@@ -6,9 +6,6 @@
grammar EqlBase;
-tokens {
- DELIMITER
-}
singleStatement
: statement EOF
@@ -19,45 +16,54 @@ singleExpression
;
statement
- : query (PIPE pipe)*
+ : query pipe*
;
-
+
query
: sequence
| join
- | condition
+ | eventQuery
+ ;
+
+sequenceParams
+ : WITH (MAXSPAN EQ timeUnit)
;
-
+
sequence
- : SEQUENCE (by=joinKeys)? (span)?
- match+
- (UNTIL match)?
+ : SEQUENCE (by=joinKeys sequenceParams? | sequenceParams by=joinKeys?)?
+ sequenceTerm sequenceTerm+
+ (UNTIL sequenceTerm)?
;
join
: JOIN (by=joinKeys)?
- match+
- (UNTIL match)?
+ joinTerm joinTerm+
+ (UNTIL joinTerm)?
;
pipe
- : kind=IDENTIFIER (booleanExpression (COMMA booleanExpression)*)?
+ : PIPE kind=IDENTIFIER (booleanExpression (COMMA booleanExpression)*)?
;
+
joinKeys
- : BY qualifiedNames
- ;
-
-span
- : WITH MAXSPAN EQ DIGIT_IDENTIFIER
+ : BY expression (COMMA expression)*
;
-match
- : LB condition RB (by=joinKeys)?
+joinTerm
+ : subquery (by=joinKeys)?
+ ;
+
+sequenceTerm
+ : subquery (FORK (EQ booleanValue)?)? (by=joinKeys)?
+ ;
+
+subquery
+ : LB eventQuery RB
;
-condition
- : event=qualifiedName WHERE expression
+eventQuery
+ : event=identifier WHERE expression
;
expression
@@ -66,6 +72,7 @@ expression
booleanExpression
: NOT booleanExpression #logicalNot
+ | relationship=IDENTIFIER OF subquery #processCheck
| predicated #booleanDefault
| left=booleanExpression operator=AND right=booleanExpression #logicalBinary
| left=booleanExpression operator=OR right=booleanExpression #logicalBinary
@@ -81,9 +88,7 @@ predicated
// dedicated calls for each branch are not used to reuse the NOT handling across them
// instead the property kind is used for differentiation
predicate
- : NOT? kind=BETWEEN lower=valueExpression AND upper=valueExpression
- | NOT? kind=IN LP valueExpression (COMMA valueExpression)* RP
- | NOT? kind=IN LP query RP
+ : NOT? kind=IN LP valueExpression (COMMA valueExpression)* RP
;
valueExpression
@@ -102,14 +107,14 @@ primaryExpression
;
functionExpression
- : identifier LP (expression (COMMA expression)*)? RP
+ : name=IDENTIFIER LP (expression (COMMA expression)*)? RP
;
constant
: NULL #nullLiteral
| number #numericLiteral
| booleanValue #booleanLiteral
- | STRING+ #stringLiteral
+ | string #stringLiteral
;
comparisonOperator
@@ -120,26 +125,17 @@ booleanValue
: TRUE | FALSE
;
-qualifiedNames
- : qualifiedName (COMMA qualifiedName)*
- ;
-
qualifiedName
- : (identifier DOT)* identifier
+ : identifier (DOT identifier | LB INTEGER_VALUE+ RB)*
;
identifier
- : quoteIdentifier
- | unquoteIdentifier
+ : IDENTIFIER
+ | ESCAPED_IDENTIFIER
;
-quoteIdentifier
- : QUOTED_IDENTIFIER #quotedIdentifier
- ;
-
-unquoteIdentifier
- : IDENTIFIER #unquotedIdentifier
- | DIGIT_IDENTIFIER #digitIdentifier
+timeUnit
+ : number unit=IDENTIFIER?
;
number
@@ -151,31 +147,26 @@ string
: STRING
;
-AND: 'AND';
-ANY: 'ANY';
-ASC: 'ASC';
-BETWEEN: 'BETWEEN';
-BY: 'BY';
-CHILD: 'CHILD';
-DESCENDANT: 'DESCENDANT';
-EVENT: 'EVENT';
-FALSE: 'FALSE';
-IN: 'IN';
-JOIN: 'JOIN';
-MAXSPAN: 'MAXSPAN';
-NOT: 'NOT';
-NULL: 'NULL';
-OF: 'OF';
-OR: 'OR';
-SEQUENCE: 'SEQUENCE';
-TRUE: 'TRUE';
-UNTIL: 'UNTIL';
-WHERE: 'WHERE';
-WITH: 'WITH';
+AND: 'and';
+BY: 'by';
+FALSE: 'false';
+FORK: 'fork';
+IN: 'in';
+JOIN: 'join';
+MAXSPAN: 'maxspan';
+NOT: 'not';
+NULL: 'null';
+OF: 'of';
+OR: 'or';
+SEQUENCE: 'sequence';
+TRUE: 'true';
+UNTIL: 'until';
+WHERE: 'where';
+WITH: 'with';
// Operators
EQ : '=' | '==';
-NEQ : '<>' | '!=';
+NEQ : '!=';
LT : '<';
LTE : '<=';
GT : '>';
@@ -194,9 +185,16 @@ LP: '(';
RP: ')';
PIPE: '|';
+
+ESCAPED_IDENTIFIER
+ : '`' (~'`')* '`'
+ ;
+
STRING
- : '\'' ( ~'\'')* '\''
- | '"' ( ~'"' )* '"'
+ : '\'' ('\\' [btnfr"'\\] | ~[\r\n'\\])* '\''
+ | '"' ('\\' [btnfr"'\\] | ~[\r\n"\\])* '"'
+ | '?"' ('\\"' |~["\r\n])* '"'
+ | '?\'' ('\\\'' |~['\r\n])* '\''
;
INTEGER_VALUE
@@ -210,20 +208,13 @@ DECIMAL_VALUE
| DOT DIGIT+ EXPONENT
;
+// make @timestamp not require escaping, since @ has no other meaning
IDENTIFIER
- : (LETTER | '_') (LETTER | DIGIT | '_' | '@' )*
- ;
-
-DIGIT_IDENTIFIER
- : DIGIT (LETTER | DIGIT | '_' | '@')+
+ : (LETTER | '_' | '@') (LETTER | DIGIT | '_')*
;
-QUOTED_IDENTIFIER
- : '"' ( ~'"' | '""' )* '"'
- ;
-
fragment EXPONENT
- : 'E' [+-]? DIGIT+
+ : [Ee] [+-]? DIGIT+
;
fragment DIGIT
@@ -231,10 +222,10 @@ fragment DIGIT
;
fragment LETTER
- : [A-Z]
+ : [A-Za-z]
;
-SIMPLE_COMMENT
+LINE_COMMENT
: '//' ~[\r\n]* '\r'? '\n'? -> channel(HIDDEN)
;
@@ -246,9 +237,12 @@ WS
: [ \r\n\t]+ -> channel(HIDDEN)
;
+
// Catch-all for anything we can't recognize.
// We use this to be able to ignore and recover all the text
// when splitting statements with DelimiterLexer
+/*
UNRECOGNIZED
: .
- ;
\ No newline at end of file
+ ;
+*/
diff --git a/x-pack/plugin/eql/src/main/antlr/EqlBase.tokens b/x-pack/plugin/eql/src/main/antlr/EqlBase.tokens
deleted file mode 100644
index e27c72ef28209..0000000000000
--- a/x-pack/plugin/eql/src/main/antlr/EqlBase.tokens
+++ /dev/null
@@ -1,87 +0,0 @@
-AND=1
-ANY=2
-ASC=3
-BETWEEN=4
-BY=5
-CHILD=6
-DESCENDANT=7
-EVENT=8
-FALSE=9
-IN=10
-JOIN=11
-MAXSPAN=12
-NOT=13
-NULL=14
-OF=15
-OR=16
-SEQUENCE=17
-TRUE=18
-UNTIL=19
-WHERE=20
-WITH=21
-EQ=22
-NEQ=23
-LT=24
-LTE=25
-GT=26
-GTE=27
-PLUS=28
-MINUS=29
-ASTERISK=30
-SLASH=31
-PERCENT=32
-DOT=33
-COMMA=34
-LB=35
-RB=36
-LP=37
-RP=38
-PIPE=39
-STRING=40
-INTEGER_VALUE=41
-DECIMAL_VALUE=42
-IDENTIFIER=43
-DIGIT_IDENTIFIER=44
-QUOTED_IDENTIFIER=45
-SIMPLE_COMMENT=46
-BRACKETED_COMMENT=47
-WS=48
-UNRECOGNIZED=49
-DELIMITER=50
-'AND'=1
-'ANY'=2
-'ASC'=3
-'BETWEEN'=4
-'BY'=5
-'CHILD'=6
-'DESCENDANT'=7
-'EVENT'=8
-'FALSE'=9
-'IN'=10
-'JOIN'=11
-'MAXSPAN'=12
-'NOT'=13
-'NULL'=14
-'OF'=15
-'OR'=16
-'SEQUENCE'=17
-'TRUE'=18
-'UNTIL'=19
-'WHERE'=20
-'WITH'=21
-'<'=24
-'<='=25
-'>'=26
-'>='=27
-'+'=28
-'-'=29
-'*'=30
-'/'=31
-'%'=32
-'.'=33
-','=34
-'['=35
-']'=36
-'('=37
-')'=38
-'|'=39
diff --git a/x-pack/plugin/eql/src/main/antlr/EqlBaseLexer.tokens b/x-pack/plugin/eql/src/main/antlr/EqlBaseLexer.tokens
deleted file mode 100644
index e72abca518c43..0000000000000
--- a/x-pack/plugin/eql/src/main/antlr/EqlBaseLexer.tokens
+++ /dev/null
@@ -1,86 +0,0 @@
-AND=1
-ANY=2
-ASC=3
-BETWEEN=4
-BY=5
-CHILD=6
-DESCENDANT=7
-EVENT=8
-FALSE=9
-IN=10
-JOIN=11
-MAXSPAN=12
-NOT=13
-NULL=14
-OF=15
-OR=16
-SEQUENCE=17
-TRUE=18
-UNTIL=19
-WHERE=20
-WITH=21
-EQ=22
-NEQ=23
-LT=24
-LTE=25
-GT=26
-GTE=27
-PLUS=28
-MINUS=29
-ASTERISK=30
-SLASH=31
-PERCENT=32
-DOT=33
-COMMA=34
-LB=35
-RB=36
-LP=37
-RP=38
-PIPE=39
-STRING=40
-INTEGER_VALUE=41
-DECIMAL_VALUE=42
-IDENTIFIER=43
-DIGIT_IDENTIFIER=44
-QUOTED_IDENTIFIER=45
-SIMPLE_COMMENT=46
-BRACKETED_COMMENT=47
-WS=48
-UNRECOGNIZED=49
-'AND'=1
-'ANY'=2
-'ASC'=3
-'BETWEEN'=4
-'BY'=5
-'CHILD'=6
-'DESCENDANT'=7
-'EVENT'=8
-'FALSE'=9
-'IN'=10
-'JOIN'=11
-'MAXSPAN'=12
-'NOT'=13
-'NULL'=14
-'OF'=15
-'OR'=16
-'SEQUENCE'=17
-'TRUE'=18
-'UNTIL'=19
-'WHERE'=20
-'WITH'=21
-'<'=24
-'<='=25
-'>'=26
-'>='=27
-'+'=28
-'-'=29
-'*'=30
-'/'=31
-'%'=32
-'.'=33
-','=34
-'['=35
-']'=36
-'('=37
-')'=38
-'|'=39
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/AbstractBuilder.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/AbstractBuilder.java
index 93c6728b6ae84..86a81fa41f7f8 100644
--- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/AbstractBuilder.java
+++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/AbstractBuilder.java
@@ -17,6 +17,8 @@
import java.util.ArrayList;
import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
/**
* Base parsing visitor class offering utility methods.
@@ -120,7 +122,60 @@ static String string(TerminalNode node) {
static String unquoteString(String text) {
// remove leading and trailing ' for strings and also eliminate escaped single quotes
- return text == null ? null : text.substring(1, text.length() - 1).replace("''", "'");
+ if (text == null) {
+ return null;
+ }
+
+ // unescaped strings can be interpreted directly
+ if (text.startsWith("?")) {
+ return text.substring(2, text.length() - 1);
+ }
+
+ text = text.substring(1, text.length() - 1);
+ Pattern regex = Pattern.compile("\\\\.");
+ StringBuffer resultString = new StringBuffer();
+ Matcher regexMatcher = regex.matcher(text);
+
+ while (regexMatcher.find()) {
+ String source = regexMatcher.group();
+ String replacement;
+
+ switch (source) {
+ case "\\t":
+ replacement = "\t";
+ break;
+ case "\\b":
+ replacement = "\b";
+ break;
+ case "\\f":
+ replacement = "\f";
+ break;
+ case "\\n":
+ replacement = "\n";
+ break;
+ case "\\r":
+ replacement = "\r";
+ break;
+ case "\\\"":
+ replacement = "\"";
+ break;
+ case "\\'":
+ replacement = "'";
+ break;
+ case "\\\\":
+ // will be interpreted as regex, so we have to escape it
+ replacement = "\\\\";
+ break;
+ default:
+ replacement = source;
+ }
+
+ regexMatcher.appendReplacement(resultString, replacement);
+
+ }
+ regexMatcher.appendTail(resultString);
+
+ return resultString.toString();
}
@Override
@@ -128,4 +183,4 @@ public Object visitTerminal(TerminalNode node) {
Source source = source(node);
throw new ParsingException(source, "Does not know how to handle {}", source.text());
}
-}
\ No newline at end of file
+}
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/CaseInsensitiveStream.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/CaseInsensitiveStream.java
deleted file mode 100644
index 1cfb5198a0c26..0000000000000
--- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/CaseInsensitiveStream.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-package org.elasticsearch.xpack.eql.parser;
-
-import org.antlr.v4.runtime.ANTLRInputStream;
-import org.antlr.v4.runtime.IntStream;
-
-import java.util.Locale;
-
-// extension of ANTLR that does the upper-casing once for the whole stream
-// the ugly part is that it has to duplicate LA method
-
-// This approach is the official solution from the ANTLR authors
-// in that it's both faster and easier than having a dedicated lexer
-// see https://github.com/antlr/antlr4/issues/1002
-class CaseInsensitiveStream extends ANTLRInputStream {
- protected char[] uppedChars;
-
- CaseInsensitiveStream(String input) {
- super(input);
- this.uppedChars = input.toUpperCase(Locale.ROOT).toCharArray();
- }
-
- // this part is copied from ANTLRInputStream
- @Override
- public int LA(int i) {
- if (i == 0) {
- return 0; // undefined
- }
- if (i < 0) {
- i++;
- if ((p + i - 1) < 0) {
- return IntStream.EOF;
- }
- }
-
- if ((p + i - 1) >= n) {
- return IntStream.EOF;
- }
- return uppedChars[p + i - 1];
- }
-}
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseBaseListener.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseBaseListener.java
index 6dcdd9e6141c4..1290235e7a40a 100644
--- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseBaseListener.java
+++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseBaseListener.java
@@ -59,6 +59,18 @@ class EqlBaseBaseListener implements EqlBaseListener {
* The default implementation does nothing.
*/
@Override public void exitQuery(EqlBaseParser.QueryContext ctx) { }
+ /**
+ * {@inheritDoc}
+ *
+ * The default implementation does nothing.
+ */
+ @Override public void enterSequenceParams(EqlBaseParser.SequenceParamsContext ctx) { }
+ /**
+ * {@inheritDoc}
+ *
+ * The default implementation does nothing.
+ */
+ @Override public void exitSequenceParams(EqlBaseParser.SequenceParamsContext ctx) { }
/**
* {@inheritDoc}
*
@@ -112,37 +124,49 @@ class EqlBaseBaseListener implements EqlBaseListener {
*
* The default implementation does nothing.
*/
- @Override public void enterSpan(EqlBaseParser.SpanContext ctx) { }
+ @Override public void enterJoinTerm(EqlBaseParser.JoinTermContext ctx) { }
+ /**
+ * {@inheritDoc}
+ *
+ * The default implementation does nothing.
+ */
+ @Override public void exitJoinTerm(EqlBaseParser.JoinTermContext ctx) { }
/**
* {@inheritDoc}
*
* The default implementation does nothing.
*/
- @Override public void exitSpan(EqlBaseParser.SpanContext ctx) { }
+ @Override public void enterSequenceTerm(EqlBaseParser.SequenceTermContext ctx) { }
/**
* {@inheritDoc}
*
* The default implementation does nothing.
*/
- @Override public void enterMatch(EqlBaseParser.MatchContext ctx) { }
+ @Override public void exitSequenceTerm(EqlBaseParser.SequenceTermContext ctx) { }
/**
* {@inheritDoc}
*
* The default implementation does nothing.
*/
- @Override public void exitMatch(EqlBaseParser.MatchContext ctx) { }
+ @Override public void enterSubquery(EqlBaseParser.SubqueryContext ctx) { }
/**
* {@inheritDoc}
*
* The default implementation does nothing.
*/
- @Override public void enterCondition(EqlBaseParser.ConditionContext ctx) { }
+ @Override public void exitSubquery(EqlBaseParser.SubqueryContext ctx) { }
/**
* {@inheritDoc}
*
* The default implementation does nothing.
*/
- @Override public void exitCondition(EqlBaseParser.ConditionContext ctx) { }
+ @Override public void enterEventQuery(EqlBaseParser.EventQueryContext ctx) { }
+ /**
+ * {@inheritDoc}
+ *
+ * The default implementation does nothing.
+ */
+ @Override public void exitEventQuery(EqlBaseParser.EventQueryContext ctx) { }
/**
* {@inheritDoc}
*
@@ -179,6 +203,18 @@ class EqlBaseBaseListener implements EqlBaseListener {
* The default implementation does nothing.
*/
@Override public void exitBooleanDefault(EqlBaseParser.BooleanDefaultContext ctx) { }
+ /**
+ * {@inheritDoc}
+ *
+ * The default implementation does nothing.
+ */
+ @Override public void enterProcessCheck(EqlBaseParser.ProcessCheckContext ctx) { }
+ /**
+ * {@inheritDoc}
+ *
+ * The default implementation does nothing.
+ */
+ @Override public void exitProcessCheck(EqlBaseParser.ProcessCheckContext ctx) { }
/**
* {@inheritDoc}
*
@@ -395,18 +431,6 @@ class EqlBaseBaseListener implements EqlBaseListener {
* The default implementation does nothing.
*/
@Override public void exitBooleanValue(EqlBaseParser.BooleanValueContext ctx) { }
- /**
- * {@inheritDoc}
- *
- * The default implementation does nothing.
- */
- @Override public void enterQualifiedNames(EqlBaseParser.QualifiedNamesContext ctx) { }
- /**
- * {@inheritDoc}
- *
- * The default implementation does nothing.
- */
- @Override public void exitQualifiedNames(EqlBaseParser.QualifiedNamesContext ctx) { }
/**
* {@inheritDoc}
*
@@ -436,37 +460,13 @@ class EqlBaseBaseListener implements EqlBaseListener {
*
* The default implementation does nothing.
*/
- @Override public void enterQuotedIdentifier(EqlBaseParser.QuotedIdentifierContext ctx) { }
- /**
- * {@inheritDoc}
- *
- * The default implementation does nothing.
- */
- @Override public void exitQuotedIdentifier(EqlBaseParser.QuotedIdentifierContext ctx) { }
- /**
- * {@inheritDoc}
- *
- * The default implementation does nothing.
- */
- @Override public void enterUnquotedIdentifier(EqlBaseParser.UnquotedIdentifierContext ctx) { }
- /**
- * {@inheritDoc}
- *
- * The default implementation does nothing.
- */
- @Override public void exitUnquotedIdentifier(EqlBaseParser.UnquotedIdentifierContext ctx) { }
- /**
- * {@inheritDoc}
- *
- * The default implementation does nothing.
- */
- @Override public void enterDigitIdentifier(EqlBaseParser.DigitIdentifierContext ctx) { }
+ @Override public void enterTimeUnit(EqlBaseParser.TimeUnitContext ctx) { }
/**
* {@inheritDoc}
*
* The default implementation does nothing.
*/
- @Override public void exitDigitIdentifier(EqlBaseParser.DigitIdentifierContext ctx) { }
+ @Override public void exitTimeUnit(EqlBaseParser.TimeUnitContext ctx) { }
/**
* {@inheritDoc}
*
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseBaseVisitor.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseBaseVisitor.java
index 9f1cb859225b6..cd981a4baf101 100644
--- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseBaseVisitor.java
+++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseBaseVisitor.java
@@ -39,6 +39,13 @@ class EqlBaseBaseVisitor extends AbstractParseTreeVisitor implements EqlBa
* {@link #visitChildren} on {@code ctx}.
*/
@Override public T visitQuery(EqlBaseParser.QueryContext ctx) { return visitChildren(ctx); }
+ /**
+ * {@inheritDoc}
+ *
+ * The default implementation returns the result of calling
+ * {@link #visitChildren} on {@code ctx}.
+ */
+ @Override public T visitSequenceParams(EqlBaseParser.SequenceParamsContext ctx) { return visitChildren(ctx); }
/**
* {@inheritDoc}
*
@@ -73,21 +80,28 @@ class EqlBaseBaseVisitor extends AbstractParseTreeVisitor implements EqlBa
* The default implementation returns the result of calling
* {@link #visitChildren} on {@code ctx}.
*/
- @Override public T visitSpan(EqlBaseParser.SpanContext ctx) { return visitChildren(ctx); }
+ @Override public T visitJoinTerm(EqlBaseParser.JoinTermContext ctx) { return visitChildren(ctx); }
+ /**
+ * {@inheritDoc}
+ *
+ * The default implementation returns the result of calling
+ * {@link #visitChildren} on {@code ctx}.
+ */
+ @Override public T visitSequenceTerm(EqlBaseParser.SequenceTermContext ctx) { return visitChildren(ctx); }
/**
* {@inheritDoc}
*
* The default implementation returns the result of calling
* {@link #visitChildren} on {@code ctx}.
*/
- @Override public T visitMatch(EqlBaseParser.MatchContext ctx) { return visitChildren(ctx); }
+ @Override public T visitSubquery(EqlBaseParser.SubqueryContext ctx) { return visitChildren(ctx); }
/**
* {@inheritDoc}
*
* The default implementation returns the result of calling
* {@link #visitChildren} on {@code ctx}.
*/
- @Override public T visitCondition(EqlBaseParser.ConditionContext ctx) { return visitChildren(ctx); }
+ @Override public T visitEventQuery(EqlBaseParser.EventQueryContext ctx) { return visitChildren(ctx); }
/**
* {@inheritDoc}
*
@@ -109,6 +123,13 @@ class EqlBaseBaseVisitor extends AbstractParseTreeVisitor implements EqlBa
* {@link #visitChildren} on {@code ctx}.
*/
@Override public T visitBooleanDefault(EqlBaseParser.BooleanDefaultContext ctx) { return visitChildren(ctx); }
+ /**
+ * {@inheritDoc}
+ *
+ * The default implementation returns the result of calling
+ * {@link #visitChildren} on {@code ctx}.
+ */
+ @Override public T visitProcessCheck(EqlBaseParser.ProcessCheckContext ctx) { return visitChildren(ctx); }
/**
* {@inheritDoc}
*
@@ -235,13 +256,6 @@ class EqlBaseBaseVisitor extends AbstractParseTreeVisitor implements EqlBa
* {@link #visitChildren} on {@code ctx}.
*/
@Override public T visitBooleanValue(EqlBaseParser.BooleanValueContext ctx) { return visitChildren(ctx); }
- /**
- * {@inheritDoc}
- *
- * The default implementation returns the result of calling
- * {@link #visitChildren} on {@code ctx}.
- */
- @Override public T visitQualifiedNames(EqlBaseParser.QualifiedNamesContext ctx) { return visitChildren(ctx); }
/**
* {@inheritDoc}
*
@@ -262,21 +276,7 @@ class EqlBaseBaseVisitor extends AbstractParseTreeVisitor implements EqlBa
* The default implementation returns the result of calling
* {@link #visitChildren} on {@code ctx}.
*/
- @Override public T visitQuotedIdentifier(EqlBaseParser.QuotedIdentifierContext ctx) { return visitChildren(ctx); }
- /**
- * {@inheritDoc}
- *
- * The default implementation returns the result of calling
- * {@link #visitChildren} on {@code ctx}.
- */
- @Override public T visitUnquotedIdentifier(EqlBaseParser.UnquotedIdentifierContext ctx) { return visitChildren(ctx); }
- /**
- * {@inheritDoc}
- *
- * The default implementation returns the result of calling
- * {@link #visitChildren} on {@code ctx}.
- */
- @Override public T visitDigitIdentifier(EqlBaseParser.DigitIdentifierContext ctx) { return visitChildren(ctx); }
+ @Override public T visitTimeUnit(EqlBaseParser.TimeUnitContext ctx) { return visitChildren(ctx); }
/**
* {@inheritDoc}
*
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseLexer.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseLexer.java
index 398f1798f75a7..2fc525ff52796 100644
--- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseLexer.java
+++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseLexer.java
@@ -17,42 +17,39 @@ class EqlBaseLexer extends Lexer {
protected static final PredictionContextCache _sharedContextCache =
new PredictionContextCache();
public static final int
- AND=1, ANY=2, ASC=3, BETWEEN=4, BY=5, CHILD=6, DESCENDANT=7, EVENT=8,
- FALSE=9, IN=10, JOIN=11, MAXSPAN=12, NOT=13, NULL=14, OF=15, OR=16, SEQUENCE=17,
- TRUE=18, UNTIL=19, WHERE=20, WITH=21, EQ=22, NEQ=23, LT=24, LTE=25, GT=26,
- GTE=27, PLUS=28, MINUS=29, ASTERISK=30, SLASH=31, PERCENT=32, DOT=33,
- COMMA=34, LB=35, RB=36, LP=37, RP=38, PIPE=39, STRING=40, INTEGER_VALUE=41,
- DECIMAL_VALUE=42, IDENTIFIER=43, DIGIT_IDENTIFIER=44, QUOTED_IDENTIFIER=45,
- SIMPLE_COMMENT=46, BRACKETED_COMMENT=47, WS=48, UNRECOGNIZED=49;
+ AND=1, BY=2, FALSE=3, FORK=4, IN=5, JOIN=6, MAXSPAN=7, NOT=8, NULL=9,
+ OF=10, OR=11, SEQUENCE=12, TRUE=13, UNTIL=14, WHERE=15, WITH=16, EQ=17,
+ NEQ=18, LT=19, LTE=20, GT=21, GTE=22, PLUS=23, MINUS=24, ASTERISK=25,
+ SLASH=26, PERCENT=27, DOT=28, COMMA=29, LB=30, RB=31, LP=32, RP=33, PIPE=34,
+ ESCAPED_IDENTIFIER=35, STRING=36, INTEGER_VALUE=37, DECIMAL_VALUE=38,
+ IDENTIFIER=39, LINE_COMMENT=40, BRACKETED_COMMENT=41, WS=42;
public static String[] modeNames = {
"DEFAULT_MODE"
};
public static final String[] ruleNames = {
- "AND", "ANY", "ASC", "BETWEEN", "BY", "CHILD", "DESCENDANT", "EVENT",
- "FALSE", "IN", "JOIN", "MAXSPAN", "NOT", "NULL", "OF", "OR", "SEQUENCE",
- "TRUE", "UNTIL", "WHERE", "WITH", "EQ", "NEQ", "LT", "LTE", "GT", "GTE",
- "PLUS", "MINUS", "ASTERISK", "SLASH", "PERCENT", "DOT", "COMMA", "LB",
- "RB", "LP", "RP", "PIPE", "STRING", "INTEGER_VALUE", "DECIMAL_VALUE",
- "IDENTIFIER", "DIGIT_IDENTIFIER", "QUOTED_IDENTIFIER", "EXPONENT", "DIGIT",
- "LETTER", "SIMPLE_COMMENT", "BRACKETED_COMMENT", "WS", "UNRECOGNIZED"
+ "AND", "BY", "FALSE", "FORK", "IN", "JOIN", "MAXSPAN", "NOT", "NULL",
+ "OF", "OR", "SEQUENCE", "TRUE", "UNTIL", "WHERE", "WITH", "EQ", "NEQ",
+ "LT", "LTE", "GT", "GTE", "PLUS", "MINUS", "ASTERISK", "SLASH", "PERCENT",
+ "DOT", "COMMA", "LB", "RB", "LP", "RP", "PIPE", "ESCAPED_IDENTIFIER",
+ "STRING", "INTEGER_VALUE", "DECIMAL_VALUE", "IDENTIFIER", "EXPONENT",
+ "DIGIT", "LETTER", "LINE_COMMENT", "BRACKETED_COMMENT", "WS"
};
private static final String[] _LITERAL_NAMES = {
- null, "'AND'", "'ANY'", "'ASC'", "'BETWEEN'", "'BY'", "'CHILD'", "'DESCENDANT'",
- "'EVENT'", "'FALSE'", "'IN'", "'JOIN'", "'MAXSPAN'", "'NOT'", "'NULL'",
- "'OF'", "'OR'", "'SEQUENCE'", "'TRUE'", "'UNTIL'", "'WHERE'", "'WITH'",
- null, null, "'<'", "'<='", "'>'", "'>='", "'+'", "'-'", "'*'", "'/'",
- "'%'", "'.'", "','", "'['", "']'", "'('", "')'", "'|'"
+ null, "'and'", "'by'", "'false'", "'fork'", "'in'", "'join'", "'maxspan'",
+ "'not'", "'null'", "'of'", "'or'", "'sequence'", "'true'", "'until'",
+ "'where'", "'with'", null, "'!='", "'<'", "'<='", "'>'", "'>='", "'+'",
+ "'-'", "'*'", "'/'", "'%'", "'.'", "','", "'['", "']'", "'('", "')'",
+ "'|'"
};
private static final String[] _SYMBOLIC_NAMES = {
- null, "AND", "ANY", "ASC", "BETWEEN", "BY", "CHILD", "DESCENDANT", "EVENT",
- "FALSE", "IN", "JOIN", "MAXSPAN", "NOT", "NULL", "OF", "OR", "SEQUENCE",
- "TRUE", "UNTIL", "WHERE", "WITH", "EQ", "NEQ", "LT", "LTE", "GT", "GTE",
- "PLUS", "MINUS", "ASTERISK", "SLASH", "PERCENT", "DOT", "COMMA", "LB",
- "RB", "LP", "RP", "PIPE", "STRING", "INTEGER_VALUE", "DECIMAL_VALUE",
- "IDENTIFIER", "DIGIT_IDENTIFIER", "QUOTED_IDENTIFIER", "SIMPLE_COMMENT",
- "BRACKETED_COMMENT", "WS", "UNRECOGNIZED"
+ null, "AND", "BY", "FALSE", "FORK", "IN", "JOIN", "MAXSPAN", "NOT", "NULL",
+ "OF", "OR", "SEQUENCE", "TRUE", "UNTIL", "WHERE", "WITH", "EQ", "NEQ",
+ "LT", "LTE", "GT", "GTE", "PLUS", "MINUS", "ASTERISK", "SLASH", "PERCENT",
+ "DOT", "COMMA", "LB", "RB", "LP", "RP", "PIPE", "ESCAPED_IDENTIFIER",
+ "STRING", "INTEGER_VALUE", "DECIMAL_VALUE", "IDENTIFIER", "LINE_COMMENT",
+ "BRACKETED_COMMENT", "WS"
};
public static final Vocabulary VOCABULARY = new VocabularyImpl(_LITERAL_NAMES, _SYMBOLIC_NAMES);
@@ -109,151 +106,140 @@ public EqlBaseLexer(CharStream input) {
public ATN getATN() { return _ATN; }
public static final String _serializedATN =
- "\3\u0430\ud6d1\u8206\uad2d\u4417\uaef1\u8d80\uaadd\2\63\u01a2\b\1\4\2"+
- "\t\2\4\3\t\3\4\4\t\4\4\5\t\5\4\6\t\6\4\7\t\7\4\b\t\b\4\t\t\t\4\n\t\n\4"+
- "\13\t\13\4\f\t\f\4\r\t\r\4\16\t\16\4\17\t\17\4\20\t\20\4\21\t\21\4\22"+
- "\t\22\4\23\t\23\4\24\t\24\4\25\t\25\4\26\t\26\4\27\t\27\4\30\t\30\4\31"+
- "\t\31\4\32\t\32\4\33\t\33\4\34\t\34\4\35\t\35\4\36\t\36\4\37\t\37\4 \t"+
- " \4!\t!\4\"\t\"\4#\t#\4$\t$\4%\t%\4&\t&\4\'\t\'\4(\t(\4)\t)\4*\t*\4+\t"+
- "+\4,\t,\4-\t-\4.\t.\4/\t/\4\60\t\60\4\61\t\61\4\62\t\62\4\63\t\63\4\64"+
- "\t\64\4\65\t\65\3\2\3\2\3\2\3\2\3\3\3\3\3\3\3\3\3\4\3\4\3\4\3\4\3\5\3"+
- "\5\3\5\3\5\3\5\3\5\3\5\3\5\3\6\3\6\3\6\3\7\3\7\3\7\3\7\3\7\3\7\3\b\3\b"+
- "\3\b\3\b\3\b\3\b\3\b\3\b\3\b\3\b\3\b\3\t\3\t\3\t\3\t\3\t\3\t\3\n\3\n\3"+
- "\n\3\n\3\n\3\n\3\13\3\13\3\13\3\f\3\f\3\f\3\f\3\f\3\r\3\r\3\r\3\r\3\r"+
- "\3\r\3\r\3\r\3\16\3\16\3\16\3\16\3\17\3\17\3\17\3\17\3\17\3\20\3\20\3"+
- "\20\3\21\3\21\3\21\3\22\3\22\3\22\3\22\3\22\3\22\3\22\3\22\3\22\3\23\3"+
- "\23\3\23\3\23\3\23\3\24\3\24\3\24\3\24\3\24\3\24\3\25\3\25\3\25\3\25\3"+
- "\25\3\25\3\26\3\26\3\26\3\26\3\26\3\27\3\27\3\27\5\27\u00e1\n\27\3\30"+
- "\3\30\3\30\3\30\5\30\u00e7\n\30\3\31\3\31\3\32\3\32\3\32\3\33\3\33\3\34"+
- "\3\34\3\34\3\35\3\35\3\36\3\36\3\37\3\37\3 \3 \3!\3!\3\"\3\"\3#\3#\3$"+
- "\3$\3%\3%\3&\3&\3\'\3\'\3(\3(\3)\3)\7)\u010d\n)\f)\16)\u0110\13)\3)\3"+
- ")\3)\7)\u0115\n)\f)\16)\u0118\13)\3)\5)\u011b\n)\3*\6*\u011e\n*\r*\16"+
- "*\u011f\3+\6+\u0123\n+\r+\16+\u0124\3+\3+\7+\u0129\n+\f+\16+\u012c\13"+
- "+\3+\3+\6+\u0130\n+\r+\16+\u0131\3+\6+\u0135\n+\r+\16+\u0136\3+\3+\7+"+
- "\u013b\n+\f+\16+\u013e\13+\5+\u0140\n+\3+\3+\3+\3+\6+\u0146\n+\r+\16+"+
- "\u0147\3+\3+\5+\u014c\n+\3,\3,\5,\u0150\n,\3,\3,\3,\7,\u0155\n,\f,\16"+
- ",\u0158\13,\3-\3-\3-\3-\6-\u015e\n-\r-\16-\u015f\3.\3.\3.\3.\7.\u0166"+
- "\n.\f.\16.\u0169\13.\3.\3.\3/\3/\5/\u016f\n/\3/\6/\u0172\n/\r/\16/\u0173"+
- "\3\60\3\60\3\61\3\61\3\62\3\62\3\62\3\62\7\62\u017e\n\62\f\62\16\62\u0181"+
- "\13\62\3\62\5\62\u0184\n\62\3\62\5\62\u0187\n\62\3\62\3\62\3\63\3\63\3"+
- "\63\3\63\3\63\7\63\u0190\n\63\f\63\16\63\u0193\13\63\3\63\3\63\3\63\3"+
- "\63\3\63\3\64\6\64\u019b\n\64\r\64\16\64\u019c\3\64\3\64\3\65\3\65\3\u0191"+
- "\2\66\3\3\5\4\7\5\t\6\13\7\r\b\17\t\21\n\23\13\25\f\27\r\31\16\33\17\35"+
- "\20\37\21!\22#\23%\24\'\25)\26+\27-\30/\31\61\32\63\33\65\34\67\359\36"+
- ";\37= ?!A\"C#E$G%I&K\'M(O)Q*S+U,W-Y.[/]\2_\2a\2c\60e\61g\62i\63\3\2\n"+
- "\3\2))\3\2$$\4\2BBaa\4\2--//\3\2\62;\3\2C\\\4\2\f\f\17\17\5\2\13\f\17"+
- "\17\"\"\u01bf\2\3\3\2\2\2\2\5\3\2\2\2\2\7\3\2\2\2\2\t\3\2\2\2\2\13\3\2"+
- "\2\2\2\r\3\2\2\2\2\17\3\2\2\2\2\21\3\2\2\2\2\23\3\2\2\2\2\25\3\2\2\2\2"+
- "\27\3\2\2\2\2\31\3\2\2\2\2\33\3\2\2\2\2\35\3\2\2\2\2\37\3\2\2\2\2!\3\2"+
- "\2\2\2#\3\2\2\2\2%\3\2\2\2\2\'\3\2\2\2\2)\3\2\2\2\2+\3\2\2\2\2-\3\2\2"+
- "\2\2/\3\2\2\2\2\61\3\2\2\2\2\63\3\2\2\2\2\65\3\2\2\2\2\67\3\2\2\2\29\3"+
- "\2\2\2\2;\3\2\2\2\2=\3\2\2\2\2?\3\2\2\2\2A\3\2\2\2\2C\3\2\2\2\2E\3\2\2"+
- "\2\2G\3\2\2\2\2I\3\2\2\2\2K\3\2\2\2\2M\3\2\2\2\2O\3\2\2\2\2Q\3\2\2\2\2"+
- "S\3\2\2\2\2U\3\2\2\2\2W\3\2\2\2\2Y\3\2\2\2\2[\3\2\2\2\2c\3\2\2\2\2e\3"+
- "\2\2\2\2g\3\2\2\2\2i\3\2\2\2\3k\3\2\2\2\5o\3\2\2\2\7s\3\2\2\2\tw\3\2\2"+
- "\2\13\177\3\2\2\2\r\u0082\3\2\2\2\17\u0088\3\2\2\2\21\u0093\3\2\2\2\23"+
- "\u0099\3\2\2\2\25\u009f\3\2\2\2\27\u00a2\3\2\2\2\31\u00a7\3\2\2\2\33\u00af"+
- "\3\2\2\2\35\u00b3\3\2\2\2\37\u00b8\3\2\2\2!\u00bb\3\2\2\2#\u00be\3\2\2"+
- "\2%\u00c7\3\2\2\2\'\u00cc\3\2\2\2)\u00d2\3\2\2\2+\u00d8\3\2\2\2-\u00e0"+
- "\3\2\2\2/\u00e6\3\2\2\2\61\u00e8\3\2\2\2\63\u00ea\3\2\2\2\65\u00ed\3\2"+
- "\2\2\67\u00ef\3\2\2\29\u00f2\3\2\2\2;\u00f4\3\2\2\2=\u00f6\3\2\2\2?\u00f8"+
- "\3\2\2\2A\u00fa\3\2\2\2C\u00fc\3\2\2\2E\u00fe\3\2\2\2G\u0100\3\2\2\2I"+
- "\u0102\3\2\2\2K\u0104\3\2\2\2M\u0106\3\2\2\2O\u0108\3\2\2\2Q\u011a\3\2"+
- "\2\2S\u011d\3\2\2\2U\u014b\3\2\2\2W\u014f\3\2\2\2Y\u0159\3\2\2\2[\u0161"+
- "\3\2\2\2]\u016c\3\2\2\2_\u0175\3\2\2\2a\u0177\3\2\2\2c\u0179\3\2\2\2e"+
- "\u018a\3\2\2\2g\u019a\3\2\2\2i\u01a0\3\2\2\2kl\7C\2\2lm\7P\2\2mn\7F\2"+
- "\2n\4\3\2\2\2op\7C\2\2pq\7P\2\2qr\7[\2\2r\6\3\2\2\2st\7C\2\2tu\7U\2\2"+
- "uv\7E\2\2v\b\3\2\2\2wx\7D\2\2xy\7G\2\2yz\7V\2\2z{\7Y\2\2{|\7G\2\2|}\7"+
- "G\2\2}~\7P\2\2~\n\3\2\2\2\177\u0080\7D\2\2\u0080\u0081\7[\2\2\u0081\f"+
- "\3\2\2\2\u0082\u0083\7E\2\2\u0083\u0084\7J\2\2\u0084\u0085\7K\2\2\u0085"+
- "\u0086\7N\2\2\u0086\u0087\7F\2\2\u0087\16\3\2\2\2\u0088\u0089\7F\2\2\u0089"+
- "\u008a\7G\2\2\u008a\u008b\7U\2\2\u008b\u008c\7E\2\2\u008c\u008d\7G\2\2"+
- "\u008d\u008e\7P\2\2\u008e\u008f\7F\2\2\u008f\u0090\7C\2\2\u0090\u0091"+
- "\7P\2\2\u0091\u0092\7V\2\2\u0092\20\3\2\2\2\u0093\u0094\7G\2\2\u0094\u0095"+
- "\7X\2\2\u0095\u0096\7G\2\2\u0096\u0097\7P\2\2\u0097\u0098\7V\2\2\u0098"+
- "\22\3\2\2\2\u0099\u009a\7H\2\2\u009a\u009b\7C\2\2\u009b\u009c\7N\2\2\u009c"+
- "\u009d\7U\2\2\u009d\u009e\7G\2\2\u009e\24\3\2\2\2\u009f\u00a0\7K\2\2\u00a0"+
- "\u00a1\7P\2\2\u00a1\26\3\2\2\2\u00a2\u00a3\7L\2\2\u00a3\u00a4\7Q\2\2\u00a4"+
- "\u00a5\7K\2\2\u00a5\u00a6\7P\2\2\u00a6\30\3\2\2\2\u00a7\u00a8\7O\2\2\u00a8"+
- "\u00a9\7C\2\2\u00a9\u00aa\7Z\2\2\u00aa\u00ab\7U\2\2\u00ab\u00ac\7R\2\2"+
- "\u00ac\u00ad\7C\2\2\u00ad\u00ae\7P\2\2\u00ae\32\3\2\2\2\u00af\u00b0\7"+
- "P\2\2\u00b0\u00b1\7Q\2\2\u00b1\u00b2\7V\2\2\u00b2\34\3\2\2\2\u00b3\u00b4"+
- "\7P\2\2\u00b4\u00b5\7W\2\2\u00b5\u00b6\7N\2\2\u00b6\u00b7\7N\2\2\u00b7"+
- "\36\3\2\2\2\u00b8\u00b9\7Q\2\2\u00b9\u00ba\7H\2\2\u00ba \3\2\2\2\u00bb"+
- "\u00bc\7Q\2\2\u00bc\u00bd\7T\2\2\u00bd\"\3\2\2\2\u00be\u00bf\7U\2\2\u00bf"+
- "\u00c0\7G\2\2\u00c0\u00c1\7S\2\2\u00c1\u00c2\7W\2\2\u00c2\u00c3\7G\2\2"+
- "\u00c3\u00c4\7P\2\2\u00c4\u00c5\7E\2\2\u00c5\u00c6\7G\2\2\u00c6$\3\2\2"+
- "\2\u00c7\u00c8\7V\2\2\u00c8\u00c9\7T\2\2\u00c9\u00ca\7W\2\2\u00ca\u00cb"+
- "\7G\2\2\u00cb&\3\2\2\2\u00cc\u00cd\7W\2\2\u00cd\u00ce\7P\2\2\u00ce\u00cf"+
- "\7V\2\2\u00cf\u00d0\7K\2\2\u00d0\u00d1\7N\2\2\u00d1(\3\2\2\2\u00d2\u00d3"+
- "\7Y\2\2\u00d3\u00d4\7J\2\2\u00d4\u00d5\7G\2\2\u00d5\u00d6\7T\2\2\u00d6"+
- "\u00d7\7G\2\2\u00d7*\3\2\2\2\u00d8\u00d9\7Y\2\2\u00d9\u00da\7K\2\2\u00da"+
- "\u00db\7V\2\2\u00db\u00dc\7J\2\2\u00dc,\3\2\2\2\u00dd\u00e1\7?\2\2\u00de"+
- "\u00df\7?\2\2\u00df\u00e1\7?\2\2\u00e0\u00dd\3\2\2\2\u00e0\u00de\3\2\2"+
- "\2\u00e1.\3\2\2\2\u00e2\u00e3\7>\2\2\u00e3\u00e7\7@\2\2\u00e4\u00e5\7"+
- "#\2\2\u00e5\u00e7\7?\2\2\u00e6\u00e2\3\2\2\2\u00e6\u00e4\3\2\2\2\u00e7"+
- "\60\3\2\2\2\u00e8\u00e9\7>\2\2\u00e9\62\3\2\2\2\u00ea\u00eb\7>\2\2\u00eb"+
- "\u00ec\7?\2\2\u00ec\64\3\2\2\2\u00ed\u00ee\7@\2\2\u00ee\66\3\2\2\2\u00ef"+
- "\u00f0\7@\2\2\u00f0\u00f1\7?\2\2\u00f18\3\2\2\2\u00f2\u00f3\7-\2\2\u00f3"+
- ":\3\2\2\2\u00f4\u00f5\7/\2\2\u00f5<\3\2\2\2\u00f6\u00f7\7,\2\2\u00f7>"+
- "\3\2\2\2\u00f8\u00f9\7\61\2\2\u00f9@\3\2\2\2\u00fa\u00fb\7\'\2\2\u00fb"+
- "B\3\2\2\2\u00fc\u00fd\7\60\2\2\u00fdD\3\2\2\2\u00fe\u00ff\7.\2\2\u00ff"+
- "F\3\2\2\2\u0100\u0101\7]\2\2\u0101H\3\2\2\2\u0102\u0103\7_\2\2\u0103J"+
- "\3\2\2\2\u0104\u0105\7*\2\2\u0105L\3\2\2\2\u0106\u0107\7+\2\2\u0107N\3"+
- "\2\2\2\u0108\u0109\7~\2\2\u0109P\3\2\2\2\u010a\u010e\7)\2\2\u010b\u010d"+
- "\n\2\2\2\u010c\u010b\3\2\2\2\u010d\u0110\3\2\2\2\u010e\u010c\3\2\2\2\u010e"+
- "\u010f\3\2\2\2\u010f\u0111\3\2\2\2\u0110\u010e\3\2\2\2\u0111\u011b\7)"+
- "\2\2\u0112\u0116\7$\2\2\u0113\u0115\n\3\2\2\u0114\u0113\3\2\2\2\u0115"+
- "\u0118\3\2\2\2\u0116\u0114\3\2\2\2\u0116\u0117\3\2\2\2\u0117\u0119\3\2"+
- "\2\2\u0118\u0116\3\2\2\2\u0119\u011b\7$\2\2\u011a\u010a\3\2\2\2\u011a"+
- "\u0112\3\2\2\2\u011bR\3\2\2\2\u011c\u011e\5_\60\2\u011d\u011c\3\2\2\2"+
- "\u011e\u011f\3\2\2\2\u011f\u011d\3\2\2\2\u011f\u0120\3\2\2\2\u0120T\3"+
- "\2\2\2\u0121\u0123\5_\60\2\u0122\u0121\3\2\2\2\u0123\u0124\3\2\2\2\u0124"+
- "\u0122\3\2\2\2\u0124\u0125\3\2\2\2\u0125\u0126\3\2\2\2\u0126\u012a\5C"+
- "\"\2\u0127\u0129\5_\60\2\u0128\u0127\3\2\2\2\u0129\u012c\3\2\2\2\u012a"+
- "\u0128\3\2\2\2\u012a\u012b\3\2\2\2\u012b\u014c\3\2\2\2\u012c\u012a\3\2"+
- "\2\2\u012d\u012f\5C\"\2\u012e\u0130\5_\60\2\u012f\u012e\3\2\2\2\u0130"+
- "\u0131\3\2\2\2\u0131\u012f\3\2\2\2\u0131\u0132\3\2\2\2\u0132\u014c\3\2"+
- "\2\2\u0133\u0135\5_\60\2\u0134\u0133\3\2\2\2\u0135\u0136\3\2\2\2\u0136"+
- "\u0134\3\2\2\2\u0136\u0137\3\2\2\2\u0137\u013f\3\2\2\2\u0138\u013c\5C"+
- "\"\2\u0139\u013b\5_\60\2\u013a\u0139\3\2\2\2\u013b\u013e\3\2\2\2\u013c"+
- "\u013a\3\2\2\2\u013c\u013d\3\2\2\2\u013d\u0140\3\2\2\2\u013e\u013c\3\2"+
- "\2\2\u013f\u0138\3\2\2\2\u013f\u0140\3\2\2\2\u0140\u0141\3\2\2\2\u0141"+
- "\u0142\5]/\2\u0142\u014c\3\2\2\2\u0143\u0145\5C\"\2\u0144\u0146\5_\60"+
- "\2\u0145\u0144\3\2\2\2\u0146\u0147\3\2\2\2\u0147\u0145\3\2\2\2\u0147\u0148"+
- "\3\2\2\2\u0148\u0149\3\2\2\2\u0149\u014a\5]/\2\u014a\u014c\3\2\2\2\u014b"+
- "\u0122\3\2\2\2\u014b\u012d\3\2\2\2\u014b\u0134\3\2\2\2\u014b\u0143\3\2"+
- "\2\2\u014cV\3\2\2\2\u014d\u0150\5a\61\2\u014e\u0150\7a\2\2\u014f\u014d"+
- "\3\2\2\2\u014f\u014e\3\2\2\2\u0150\u0156\3\2\2\2\u0151\u0155\5a\61\2\u0152"+
- "\u0155\5_\60\2\u0153\u0155\t\4\2\2\u0154\u0151\3\2\2\2\u0154\u0152\3\2"+
- "\2\2\u0154\u0153\3\2\2\2\u0155\u0158\3\2\2\2\u0156\u0154\3\2\2\2\u0156"+
- "\u0157\3\2\2\2\u0157X\3\2\2\2\u0158\u0156\3\2\2\2\u0159\u015d\5_\60\2"+
- "\u015a\u015e\5a\61\2\u015b\u015e\5_\60\2\u015c\u015e\t\4\2\2\u015d\u015a"+
- "\3\2\2\2\u015d\u015b\3\2\2\2\u015d\u015c\3\2\2\2\u015e\u015f\3\2\2\2\u015f"+
- "\u015d\3\2\2\2\u015f\u0160\3\2\2\2\u0160Z\3\2\2\2\u0161\u0167\7$\2\2\u0162"+
- "\u0166\n\3\2\2\u0163\u0164\7$\2\2\u0164\u0166\7$\2\2\u0165\u0162\3\2\2"+
- "\2\u0165\u0163\3\2\2\2\u0166\u0169\3\2\2\2\u0167\u0165\3\2\2\2\u0167\u0168"+
- "\3\2\2\2\u0168\u016a\3\2\2\2\u0169\u0167\3\2\2\2\u016a\u016b\7$\2\2\u016b"+
- "\\\3\2\2\2\u016c\u016e\7G\2\2\u016d\u016f\t\5\2\2\u016e\u016d\3\2\2\2"+
- "\u016e\u016f\3\2\2\2\u016f\u0171\3\2\2\2\u0170\u0172\5_\60\2\u0171\u0170"+
- "\3\2\2\2\u0172\u0173\3\2\2\2\u0173\u0171\3\2\2\2\u0173\u0174\3\2\2\2\u0174"+
- "^\3\2\2\2\u0175\u0176\t\6\2\2\u0176`\3\2\2\2\u0177\u0178\t\7\2\2\u0178"+
- "b\3\2\2\2\u0179\u017a\7\61\2\2\u017a\u017b\7\61\2\2\u017b\u017f\3\2\2"+
- "\2\u017c\u017e\n\b\2\2\u017d\u017c\3\2\2\2\u017e\u0181\3\2\2\2\u017f\u017d"+
- "\3\2\2\2\u017f\u0180\3\2\2\2\u0180\u0183\3\2\2\2\u0181\u017f\3\2\2\2\u0182"+
- "\u0184\7\17\2\2\u0183\u0182\3\2\2\2\u0183\u0184\3\2\2\2\u0184\u0186\3"+
- "\2\2\2\u0185\u0187\7\f\2\2\u0186\u0185\3\2\2\2\u0186\u0187\3\2\2\2\u0187"+
- "\u0188\3\2\2\2\u0188\u0189\b\62\2\2\u0189d\3\2\2\2\u018a\u018b\7\61\2"+
- "\2\u018b\u018c\7,\2\2\u018c\u0191\3\2\2\2\u018d\u0190\5e\63\2\u018e\u0190"+
- "\13\2\2\2\u018f\u018d\3\2\2\2\u018f\u018e\3\2\2\2\u0190\u0193\3\2\2\2"+
- "\u0191\u0192\3\2\2\2\u0191\u018f\3\2\2\2\u0192\u0194\3\2\2\2\u0193\u0191"+
- "\3\2\2\2\u0194\u0195\7,\2\2\u0195\u0196\7\61\2\2\u0196\u0197\3\2\2\2\u0197"+
- "\u0198\b\63\2\2\u0198f\3\2\2\2\u0199\u019b\t\t\2\2\u019a\u0199\3\2\2\2"+
- "\u019b\u019c\3\2\2\2\u019c\u019a\3\2\2\2\u019c\u019d\3\2\2\2\u019d\u019e"+
- "\3\2\2\2\u019e\u019f\b\64\2\2\u019fh\3\2\2\2\u01a0\u01a1\13\2\2\2\u01a1"+
- "j\3\2\2\2 \2\u00e0\u00e6\u010e\u0116\u011a\u011f\u0124\u012a\u0131\u0136"+
- "\u013c\u013f\u0147\u014b\u014f\u0154\u0156\u015d\u015f\u0165\u0167\u016e"+
- "\u0173\u017f\u0183\u0186\u018f\u0191\u019c\3\2\3\2";
+ "\3\u0430\ud6d1\u8206\uad2d\u4417\uaef1\u8d80\uaadd\2,\u017f\b\1\4\2\t"+
+ "\2\4\3\t\3\4\4\t\4\4\5\t\5\4\6\t\6\4\7\t\7\4\b\t\b\4\t\t\t\4\n\t\n\4\13"+
+ "\t\13\4\f\t\f\4\r\t\r\4\16\t\16\4\17\t\17\4\20\t\20\4\21\t\21\4\22\t\22"+
+ "\4\23\t\23\4\24\t\24\4\25\t\25\4\26\t\26\4\27\t\27\4\30\t\30\4\31\t\31"+
+ "\4\32\t\32\4\33\t\33\4\34\t\34\4\35\t\35\4\36\t\36\4\37\t\37\4 \t \4!"+
+ "\t!\4\"\t\"\4#\t#\4$\t$\4%\t%\4&\t&\4\'\t\'\4(\t(\4)\t)\4*\t*\4+\t+\4"+
+ ",\t,\4-\t-\4.\t.\3\2\3\2\3\2\3\2\3\3\3\3\3\3\3\4\3\4\3\4\3\4\3\4\3\4\3"+
+ "\5\3\5\3\5\3\5\3\5\3\6\3\6\3\6\3\7\3\7\3\7\3\7\3\7\3\b\3\b\3\b\3\b\3\b"+
+ "\3\b\3\b\3\b\3\t\3\t\3\t\3\t\3\n\3\n\3\n\3\n\3\n\3\13\3\13\3\13\3\f\3"+
+ "\f\3\f\3\r\3\r\3\r\3\r\3\r\3\r\3\r\3\r\3\r\3\16\3\16\3\16\3\16\3\16\3"+
+ "\17\3\17\3\17\3\17\3\17\3\17\3\20\3\20\3\20\3\20\3\20\3\20\3\21\3\21\3"+
+ "\21\3\21\3\21\3\22\3\22\3\22\5\22\u00b1\n\22\3\23\3\23\3\23\3\24\3\24"+
+ "\3\25\3\25\3\25\3\26\3\26\3\27\3\27\3\27\3\30\3\30\3\31\3\31\3\32\3\32"+
+ "\3\33\3\33\3\34\3\34\3\35\3\35\3\36\3\36\3\37\3\37\3 \3 \3!\3!\3\"\3\""+
+ "\3#\3#\3$\3$\7$\u00da\n$\f$\16$\u00dd\13$\3$\3$\3%\3%\3%\3%\7%\u00e5\n"+
+ "%\f%\16%\u00e8\13%\3%\3%\3%\3%\3%\7%\u00ef\n%\f%\16%\u00f2\13%\3%\3%\3"+
+ "%\3%\3%\3%\3%\7%\u00fb\n%\f%\16%\u00fe\13%\3%\3%\3%\3%\3%\3%\3%\7%\u0107"+
+ "\n%\f%\16%\u010a\13%\3%\5%\u010d\n%\3&\6&\u0110\n&\r&\16&\u0111\3\'\6"+
+ "\'\u0115\n\'\r\'\16\'\u0116\3\'\3\'\7\'\u011b\n\'\f\'\16\'\u011e\13\'"+
+ "\3\'\3\'\6\'\u0122\n\'\r\'\16\'\u0123\3\'\6\'\u0127\n\'\r\'\16\'\u0128"+
+ "\3\'\3\'\7\'\u012d\n\'\f\'\16\'\u0130\13\'\5\'\u0132\n\'\3\'\3\'\3\'\3"+
+ "\'\6\'\u0138\n\'\r\'\16\'\u0139\3\'\3\'\5\'\u013e\n\'\3(\3(\5(\u0142\n"+
+ "(\3(\3(\3(\7(\u0147\n(\f(\16(\u014a\13(\3)\3)\5)\u014e\n)\3)\6)\u0151"+
+ "\n)\r)\16)\u0152\3*\3*\3+\3+\3,\3,\3,\3,\7,\u015d\n,\f,\16,\u0160\13,"+
+ "\3,\5,\u0163\n,\3,\5,\u0166\n,\3,\3,\3-\3-\3-\3-\3-\7-\u016f\n-\f-\16"+
+ "-\u0172\13-\3-\3-\3-\3-\3-\3.\6.\u017a\n.\r.\16.\u017b\3.\3.\3\u0170\2"+
+ "/\3\3\5\4\7\5\t\6\13\7\r\b\17\t\21\n\23\13\25\f\27\r\31\16\33\17\35\20"+
+ "\37\21!\22#\23%\24\'\25)\26+\27-\30/\31\61\32\63\33\65\34\67\359\36;\37"+
+ "= ?!A\"C#E$G%I&K\'M(O)Q\2S\2U\2W*Y+[,\3\2\17\3\2bb\n\2$$))^^ddhhppttv"+
+ "v\6\2\f\f\17\17))^^\6\2\f\f\17\17$$^^\5\2\f\f\17\17$$\5\2\f\f\17\17))"+
+ "\4\2BBaa\4\2GGgg\4\2--//\3\2\62;\4\2C\\c|\4\2\f\f\17\17\5\2\13\f\17\17"+
+ "\"\"\u019f\2\3\3\2\2\2\2\5\3\2\2\2\2\7\3\2\2\2\2\t\3\2\2\2\2\13\3\2\2"+
+ "\2\2\r\3\2\2\2\2\17\3\2\2\2\2\21\3\2\2\2\2\23\3\2\2\2\2\25\3\2\2\2\2\27"+
+ "\3\2\2\2\2\31\3\2\2\2\2\33\3\2\2\2\2\35\3\2\2\2\2\37\3\2\2\2\2!\3\2\2"+
+ "\2\2#\3\2\2\2\2%\3\2\2\2\2\'\3\2\2\2\2)\3\2\2\2\2+\3\2\2\2\2-\3\2\2\2"+
+ "\2/\3\2\2\2\2\61\3\2\2\2\2\63\3\2\2\2\2\65\3\2\2\2\2\67\3\2\2\2\29\3\2"+
+ "\2\2\2;\3\2\2\2\2=\3\2\2\2\2?\3\2\2\2\2A\3\2\2\2\2C\3\2\2\2\2E\3\2\2\2"+
+ "\2G\3\2\2\2\2I\3\2\2\2\2K\3\2\2\2\2M\3\2\2\2\2O\3\2\2\2\2W\3\2\2\2\2Y"+
+ "\3\2\2\2\2[\3\2\2\2\3]\3\2\2\2\5a\3\2\2\2\7d\3\2\2\2\tj\3\2\2\2\13o\3"+
+ "\2\2\2\rr\3\2\2\2\17w\3\2\2\2\21\177\3\2\2\2\23\u0083\3\2\2\2\25\u0088"+
+ "\3\2\2\2\27\u008b\3\2\2\2\31\u008e\3\2\2\2\33\u0097\3\2\2\2\35\u009c\3"+
+ "\2\2\2\37\u00a2\3\2\2\2!\u00a8\3\2\2\2#\u00b0\3\2\2\2%\u00b2\3\2\2\2\'"+
+ "\u00b5\3\2\2\2)\u00b7\3\2\2\2+\u00ba\3\2\2\2-\u00bc\3\2\2\2/\u00bf\3\2"+
+ "\2\2\61\u00c1\3\2\2\2\63\u00c3\3\2\2\2\65\u00c5\3\2\2\2\67\u00c7\3\2\2"+
+ "\29\u00c9\3\2\2\2;\u00cb\3\2\2\2=\u00cd\3\2\2\2?\u00cf\3\2\2\2A\u00d1"+
+ "\3\2\2\2C\u00d3\3\2\2\2E\u00d5\3\2\2\2G\u00d7\3\2\2\2I\u010c\3\2\2\2K"+
+ "\u010f\3\2\2\2M\u013d\3\2\2\2O\u0141\3\2\2\2Q\u014b\3\2\2\2S\u0154\3\2"+
+ "\2\2U\u0156\3\2\2\2W\u0158\3\2\2\2Y\u0169\3\2\2\2[\u0179\3\2\2\2]^\7c"+
+ "\2\2^_\7p\2\2_`\7f\2\2`\4\3\2\2\2ab\7d\2\2bc\7{\2\2c\6\3\2\2\2de\7h\2"+
+ "\2ef\7c\2\2fg\7n\2\2gh\7u\2\2hi\7g\2\2i\b\3\2\2\2jk\7h\2\2kl\7q\2\2lm"+
+ "\7t\2\2mn\7m\2\2n\n\3\2\2\2op\7k\2\2pq\7p\2\2q\f\3\2\2\2rs\7l\2\2st\7"+
+ "q\2\2tu\7k\2\2uv\7p\2\2v\16\3\2\2\2wx\7o\2\2xy\7c\2\2yz\7z\2\2z{\7u\2"+
+ "\2{|\7r\2\2|}\7c\2\2}~\7p\2\2~\20\3\2\2\2\177\u0080\7p\2\2\u0080\u0081"+
+ "\7q\2\2\u0081\u0082\7v\2\2\u0082\22\3\2\2\2\u0083\u0084\7p\2\2\u0084\u0085"+
+ "\7w\2\2\u0085\u0086\7n\2\2\u0086\u0087\7n\2\2\u0087\24\3\2\2\2\u0088\u0089"+
+ "\7q\2\2\u0089\u008a\7h\2\2\u008a\26\3\2\2\2\u008b\u008c\7q\2\2\u008c\u008d"+
+ "\7t\2\2\u008d\30\3\2\2\2\u008e\u008f\7u\2\2\u008f\u0090\7g\2\2\u0090\u0091"+
+ "\7s\2\2\u0091\u0092\7w\2\2\u0092\u0093\7g\2\2\u0093\u0094\7p\2\2\u0094"+
+ "\u0095\7e\2\2\u0095\u0096\7g\2\2\u0096\32\3\2\2\2\u0097\u0098\7v\2\2\u0098"+
+ "\u0099\7t\2\2\u0099\u009a\7w\2\2\u009a\u009b\7g\2\2\u009b\34\3\2\2\2\u009c"+
+ "\u009d\7w\2\2\u009d\u009e\7p\2\2\u009e\u009f\7v\2\2\u009f\u00a0\7k\2\2"+
+ "\u00a0\u00a1\7n\2\2\u00a1\36\3\2\2\2\u00a2\u00a3\7y\2\2\u00a3\u00a4\7"+
+ "j\2\2\u00a4\u00a5\7g\2\2\u00a5\u00a6\7t\2\2\u00a6\u00a7\7g\2\2\u00a7 "+
+ "\3\2\2\2\u00a8\u00a9\7y\2\2\u00a9\u00aa\7k\2\2\u00aa\u00ab\7v\2\2\u00ab"+
+ "\u00ac\7j\2\2\u00ac\"\3\2\2\2\u00ad\u00b1\7?\2\2\u00ae\u00af\7?\2\2\u00af"+
+ "\u00b1\7?\2\2\u00b0\u00ad\3\2\2\2\u00b0\u00ae\3\2\2\2\u00b1$\3\2\2\2\u00b2"+
+ "\u00b3\7#\2\2\u00b3\u00b4\7?\2\2\u00b4&\3\2\2\2\u00b5\u00b6\7>\2\2\u00b6"+
+ "(\3\2\2\2\u00b7\u00b8\7>\2\2\u00b8\u00b9\7?\2\2\u00b9*\3\2\2\2\u00ba\u00bb"+
+ "\7@\2\2\u00bb,\3\2\2\2\u00bc\u00bd\7@\2\2\u00bd\u00be\7?\2\2\u00be.\3"+
+ "\2\2\2\u00bf\u00c0\7-\2\2\u00c0\60\3\2\2\2\u00c1\u00c2\7/\2\2\u00c2\62"+
+ "\3\2\2\2\u00c3\u00c4\7,\2\2\u00c4\64\3\2\2\2\u00c5\u00c6\7\61\2\2\u00c6"+
+ "\66\3\2\2\2\u00c7\u00c8\7\'\2\2\u00c88\3\2\2\2\u00c9\u00ca\7\60\2\2\u00ca"+
+ ":\3\2\2\2\u00cb\u00cc\7.\2\2\u00cc<\3\2\2\2\u00cd\u00ce\7]\2\2\u00ce>"+
+ "\3\2\2\2\u00cf\u00d0\7_\2\2\u00d0@\3\2\2\2\u00d1\u00d2\7*\2\2\u00d2B\3"+
+ "\2\2\2\u00d3\u00d4\7+\2\2\u00d4D\3\2\2\2\u00d5\u00d6\7~\2\2\u00d6F\3\2"+
+ "\2\2\u00d7\u00db\7b\2\2\u00d8\u00da\n\2\2\2\u00d9\u00d8\3\2\2\2\u00da"+
+ "\u00dd\3\2\2\2\u00db\u00d9\3\2\2\2\u00db\u00dc\3\2\2\2\u00dc\u00de\3\2"+
+ "\2\2\u00dd\u00db\3\2\2\2\u00de\u00df\7b\2\2\u00dfH\3\2\2\2\u00e0\u00e6"+
+ "\7)\2\2\u00e1\u00e2\7^\2\2\u00e2\u00e5\t\3\2\2\u00e3\u00e5\n\4\2\2\u00e4"+
+ "\u00e1\3\2\2\2\u00e4\u00e3\3\2\2\2\u00e5\u00e8\3\2\2\2\u00e6\u00e4\3\2"+
+ "\2\2\u00e6\u00e7\3\2\2\2\u00e7\u00e9\3\2\2\2\u00e8\u00e6\3\2\2\2\u00e9"+
+ "\u010d\7)\2\2\u00ea\u00f0\7$\2\2\u00eb\u00ec\7^\2\2\u00ec\u00ef\t\3\2"+
+ "\2\u00ed\u00ef\n\5\2\2\u00ee\u00eb\3\2\2\2\u00ee\u00ed\3\2\2\2\u00ef\u00f2"+
+ "\3\2\2\2\u00f0\u00ee\3\2\2\2\u00f0\u00f1\3\2\2\2\u00f1\u00f3\3\2\2\2\u00f2"+
+ "\u00f0\3\2\2\2\u00f3\u010d\7$\2\2\u00f4\u00f5\7A\2\2\u00f5\u00f6\7$\2"+
+ "\2\u00f6\u00fc\3\2\2\2\u00f7\u00f8\7^\2\2\u00f8\u00fb\7$\2\2\u00f9\u00fb"+
+ "\n\6\2\2\u00fa\u00f7\3\2\2\2\u00fa\u00f9\3\2\2\2\u00fb\u00fe\3\2\2\2\u00fc"+
+ "\u00fa\3\2\2\2\u00fc\u00fd\3\2\2\2\u00fd\u00ff\3\2\2\2\u00fe\u00fc\3\2"+
+ "\2\2\u00ff\u010d\7$\2\2\u0100\u0101\7A\2\2\u0101\u0102\7)\2\2\u0102\u0108"+
+ "\3\2\2\2\u0103\u0104\7^\2\2\u0104\u0107\7)\2\2\u0105\u0107\n\7\2\2\u0106"+
+ "\u0103\3\2\2\2\u0106\u0105\3\2\2\2\u0107\u010a\3\2\2\2\u0108\u0106\3\2"+
+ "\2\2\u0108\u0109\3\2\2\2\u0109\u010b\3\2\2\2\u010a\u0108\3\2\2\2\u010b"+
+ "\u010d\7)\2\2\u010c\u00e0\3\2\2\2\u010c\u00ea\3\2\2\2\u010c\u00f4\3\2"+
+ "\2\2\u010c\u0100\3\2\2\2\u010dJ\3\2\2\2\u010e\u0110\5S*\2\u010f\u010e"+
+ "\3\2\2\2\u0110\u0111\3\2\2\2\u0111\u010f\3\2\2\2\u0111\u0112\3\2\2\2\u0112"+
+ "L\3\2\2\2\u0113\u0115\5S*\2\u0114\u0113\3\2\2\2\u0115\u0116\3\2\2\2\u0116"+
+ "\u0114\3\2\2\2\u0116\u0117\3\2\2\2\u0117\u0118\3\2\2\2\u0118\u011c\59"+
+ "\35\2\u0119\u011b\5S*\2\u011a\u0119\3\2\2\2\u011b\u011e\3\2\2\2\u011c"+
+ "\u011a\3\2\2\2\u011c\u011d\3\2\2\2\u011d\u013e\3\2\2\2\u011e\u011c\3\2"+
+ "\2\2\u011f\u0121\59\35\2\u0120\u0122\5S*\2\u0121\u0120\3\2\2\2\u0122\u0123"+
+ "\3\2\2\2\u0123\u0121\3\2\2\2\u0123\u0124\3\2\2\2\u0124\u013e\3\2\2\2\u0125"+
+ "\u0127\5S*\2\u0126\u0125\3\2\2\2\u0127\u0128\3\2\2\2\u0128\u0126\3\2\2"+
+ "\2\u0128\u0129\3\2\2\2\u0129\u0131\3\2\2\2\u012a\u012e\59\35\2\u012b\u012d"+
+ "\5S*\2\u012c\u012b\3\2\2\2\u012d\u0130\3\2\2\2\u012e\u012c\3\2\2\2\u012e"+
+ "\u012f\3\2\2\2\u012f\u0132\3\2\2\2\u0130\u012e\3\2\2\2\u0131\u012a\3\2"+
+ "\2\2\u0131\u0132\3\2\2\2\u0132\u0133\3\2\2\2\u0133\u0134\5Q)\2\u0134\u013e"+
+ "\3\2\2\2\u0135\u0137\59\35\2\u0136\u0138\5S*\2\u0137\u0136\3\2\2\2\u0138"+
+ "\u0139\3\2\2\2\u0139\u0137\3\2\2\2\u0139\u013a\3\2\2\2\u013a\u013b\3\2"+
+ "\2\2\u013b\u013c\5Q)\2\u013c\u013e\3\2\2\2\u013d\u0114\3\2\2\2\u013d\u011f"+
+ "\3\2\2\2\u013d\u0126\3\2\2\2\u013d\u0135\3\2\2\2\u013eN\3\2\2\2\u013f"+
+ "\u0142\5U+\2\u0140\u0142\t\b\2\2\u0141\u013f\3\2\2\2\u0141\u0140\3\2\2"+
+ "\2\u0142\u0148\3\2\2\2\u0143\u0147\5U+\2\u0144\u0147\5S*\2\u0145\u0147"+
+ "\7a\2\2\u0146\u0143\3\2\2\2\u0146\u0144\3\2\2\2\u0146\u0145\3\2\2\2\u0147"+
+ "\u014a\3\2\2\2\u0148\u0146\3\2\2\2\u0148\u0149\3\2\2\2\u0149P\3\2\2\2"+
+ "\u014a\u0148\3\2\2\2\u014b\u014d\t\t\2\2\u014c\u014e\t\n\2\2\u014d\u014c"+
+ "\3\2\2\2\u014d\u014e\3\2\2\2\u014e\u0150\3\2\2\2\u014f\u0151\5S*\2\u0150"+
+ "\u014f\3\2\2\2\u0151\u0152\3\2\2\2\u0152\u0150\3\2\2\2\u0152\u0153\3\2"+
+ "\2\2\u0153R\3\2\2\2\u0154\u0155\t\13\2\2\u0155T\3\2\2\2\u0156\u0157\t"+
+ "\f\2\2\u0157V\3\2\2\2\u0158\u0159\7\61\2\2\u0159\u015a\7\61\2\2\u015a"+
+ "\u015e\3\2\2\2\u015b\u015d\n\r\2\2\u015c\u015b\3\2\2\2\u015d\u0160\3\2"+
+ "\2\2\u015e\u015c\3\2\2\2\u015e\u015f\3\2\2\2\u015f\u0162\3\2\2\2\u0160"+
+ "\u015e\3\2\2\2\u0161\u0163\7\17\2\2\u0162\u0161\3\2\2\2\u0162\u0163\3"+
+ "\2\2\2\u0163\u0165\3\2\2\2\u0164\u0166\7\f\2\2\u0165\u0164\3\2\2\2\u0165"+
+ "\u0166\3\2\2\2\u0166\u0167\3\2\2\2\u0167\u0168\b,\2\2\u0168X\3\2\2\2\u0169"+
+ "\u016a\7\61\2\2\u016a\u016b\7,\2\2\u016b\u0170\3\2\2\2\u016c\u016f\5Y"+
+ "-\2\u016d\u016f\13\2\2\2\u016e\u016c\3\2\2\2\u016e\u016d\3\2\2\2\u016f"+
+ "\u0172\3\2\2\2\u0170\u0171\3\2\2\2\u0170\u016e\3\2\2\2\u0171\u0173\3\2"+
+ "\2\2\u0172\u0170\3\2\2\2\u0173\u0174\7,\2\2\u0174\u0175\7\61\2\2\u0175"+
+ "\u0176\3\2\2\2\u0176\u0177\b-\2\2\u0177Z\3\2\2\2\u0178\u017a\t\16\2\2"+
+ "\u0179\u0178\3\2\2\2\u017a\u017b\3\2\2\2\u017b\u0179\3\2\2\2\u017b\u017c"+
+ "\3\2\2\2\u017c\u017d\3\2\2\2\u017d\u017e\b.\2\2\u017e\\\3\2\2\2\"\2\u00b0"+
+ "\u00db\u00e4\u00e6\u00ee\u00f0\u00fa\u00fc\u0106\u0108\u010c\u0111\u0116"+
+ "\u011c\u0123\u0128\u012e\u0131\u0139\u013d\u0141\u0146\u0148\u014d\u0152"+
+ "\u015e\u0162\u0165\u016e\u0170\u017b\3\2\3\2";
public static final ATN _ATN =
new ATNDeserializer().deserialize(_serializedATN.toCharArray());
static {
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseListener.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseListener.java
index 1a6d2e5742d5d..43cd93d136c44 100644
--- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseListener.java
+++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseListener.java
@@ -47,6 +47,16 @@ interface EqlBaseListener extends ParseTreeListener {
* @param ctx the parse tree
*/
void exitQuery(EqlBaseParser.QueryContext ctx);
+ /**
+ * Enter a parse tree produced by {@link EqlBaseParser#sequenceParams}.
+ * @param ctx the parse tree
+ */
+ void enterSequenceParams(EqlBaseParser.SequenceParamsContext ctx);
+ /**
+ * Exit a parse tree produced by {@link EqlBaseParser#sequenceParams}.
+ * @param ctx the parse tree
+ */
+ void exitSequenceParams(EqlBaseParser.SequenceParamsContext ctx);
/**
* Enter a parse tree produced by {@link EqlBaseParser#sequence}.
* @param ctx the parse tree
@@ -88,35 +98,45 @@ interface EqlBaseListener extends ParseTreeListener {
*/
void exitJoinKeys(EqlBaseParser.JoinKeysContext ctx);
/**
- * Enter a parse tree produced by {@link EqlBaseParser#span}.
+ * Enter a parse tree produced by {@link EqlBaseParser#joinTerm}.
* @param ctx the parse tree
*/
- void enterSpan(EqlBaseParser.SpanContext ctx);
+ void enterJoinTerm(EqlBaseParser.JoinTermContext ctx);
/**
- * Exit a parse tree produced by {@link EqlBaseParser#span}.
+ * Exit a parse tree produced by {@link EqlBaseParser#joinTerm}.
* @param ctx the parse tree
*/
- void exitSpan(EqlBaseParser.SpanContext ctx);
+ void exitJoinTerm(EqlBaseParser.JoinTermContext ctx);
/**
- * Enter a parse tree produced by {@link EqlBaseParser#match}.
+ * Enter a parse tree produced by {@link EqlBaseParser#sequenceTerm}.
* @param ctx the parse tree
*/
- void enterMatch(EqlBaseParser.MatchContext ctx);
+ void enterSequenceTerm(EqlBaseParser.SequenceTermContext ctx);
/**
- * Exit a parse tree produced by {@link EqlBaseParser#match}.
+ * Exit a parse tree produced by {@link EqlBaseParser#sequenceTerm}.
* @param ctx the parse tree
*/
- void exitMatch(EqlBaseParser.MatchContext ctx);
+ void exitSequenceTerm(EqlBaseParser.SequenceTermContext ctx);
/**
- * Enter a parse tree produced by {@link EqlBaseParser#condition}.
+ * Enter a parse tree produced by {@link EqlBaseParser#subquery}.
* @param ctx the parse tree
*/
- void enterCondition(EqlBaseParser.ConditionContext ctx);
+ void enterSubquery(EqlBaseParser.SubqueryContext ctx);
/**
- * Exit a parse tree produced by {@link EqlBaseParser#condition}.
+ * Exit a parse tree produced by {@link EqlBaseParser#subquery}.
* @param ctx the parse tree
*/
- void exitCondition(EqlBaseParser.ConditionContext ctx);
+ void exitSubquery(EqlBaseParser.SubqueryContext ctx);
+ /**
+ * Enter a parse tree produced by {@link EqlBaseParser#eventQuery}.
+ * @param ctx the parse tree
+ */
+ void enterEventQuery(EqlBaseParser.EventQueryContext ctx);
+ /**
+ * Exit a parse tree produced by {@link EqlBaseParser#eventQuery}.
+ * @param ctx the parse tree
+ */
+ void exitEventQuery(EqlBaseParser.EventQueryContext ctx);
/**
* Enter a parse tree produced by {@link EqlBaseParser#expression}.
* @param ctx the parse tree
@@ -151,6 +171,18 @@ interface EqlBaseListener extends ParseTreeListener {
* @param ctx the parse tree
*/
void exitBooleanDefault(EqlBaseParser.BooleanDefaultContext ctx);
+ /**
+ * Enter a parse tree produced by the {@code processCheck}
+ * labeled alternative in {@link EqlBaseParser#booleanExpression}.
+ * @param ctx the parse tree
+ */
+ void enterProcessCheck(EqlBaseParser.ProcessCheckContext ctx);
+ /**
+ * Exit a parse tree produced by the {@code processCheck}
+ * labeled alternative in {@link EqlBaseParser#booleanExpression}.
+ * @param ctx the parse tree
+ */
+ void exitProcessCheck(EqlBaseParser.ProcessCheckContext ctx);
/**
* Enter a parse tree produced by the {@code logicalBinary}
* labeled alternative in {@link EqlBaseParser#booleanExpression}.
@@ -357,16 +389,6 @@ interface EqlBaseListener extends ParseTreeListener {
* @param ctx the parse tree
*/
void exitBooleanValue(EqlBaseParser.BooleanValueContext ctx);
- /**
- * Enter a parse tree produced by {@link EqlBaseParser#qualifiedNames}.
- * @param ctx the parse tree
- */
- void enterQualifiedNames(EqlBaseParser.QualifiedNamesContext ctx);
- /**
- * Exit a parse tree produced by {@link EqlBaseParser#qualifiedNames}.
- * @param ctx the parse tree
- */
- void exitQualifiedNames(EqlBaseParser.QualifiedNamesContext ctx);
/**
* Enter a parse tree produced by {@link EqlBaseParser#qualifiedName}.
* @param ctx the parse tree
@@ -388,41 +410,15 @@ interface EqlBaseListener extends ParseTreeListener {
*/
void exitIdentifier(EqlBaseParser.IdentifierContext ctx);
/**
- * Enter a parse tree produced by the {@code quotedIdentifier}
- * labeled alternative in {@link EqlBaseParser#quoteIdentifier}.
- * @param ctx the parse tree
- */
- void enterQuotedIdentifier(EqlBaseParser.QuotedIdentifierContext ctx);
- /**
- * Exit a parse tree produced by the {@code quotedIdentifier}
- * labeled alternative in {@link EqlBaseParser#quoteIdentifier}.
- * @param ctx the parse tree
- */
- void exitQuotedIdentifier(EqlBaseParser.QuotedIdentifierContext ctx);
- /**
- * Enter a parse tree produced by the {@code unquotedIdentifier}
- * labeled alternative in {@link EqlBaseParser#unquoteIdentifier}.
- * @param ctx the parse tree
- */
- void enterUnquotedIdentifier(EqlBaseParser.UnquotedIdentifierContext ctx);
- /**
- * Exit a parse tree produced by the {@code unquotedIdentifier}
- * labeled alternative in {@link EqlBaseParser#unquoteIdentifier}.
- * @param ctx the parse tree
- */
- void exitUnquotedIdentifier(EqlBaseParser.UnquotedIdentifierContext ctx);
- /**
- * Enter a parse tree produced by the {@code digitIdentifier}
- * labeled alternative in {@link EqlBaseParser#unquoteIdentifier}.
+ * Enter a parse tree produced by {@link EqlBaseParser#timeUnit}.
* @param ctx the parse tree
*/
- void enterDigitIdentifier(EqlBaseParser.DigitIdentifierContext ctx);
+ void enterTimeUnit(EqlBaseParser.TimeUnitContext ctx);
/**
- * Exit a parse tree produced by the {@code digitIdentifier}
- * labeled alternative in {@link EqlBaseParser#unquoteIdentifier}.
+ * Exit a parse tree produced by {@link EqlBaseParser#timeUnit}.
* @param ctx the parse tree
*/
- void exitDigitIdentifier(EqlBaseParser.DigitIdentifierContext ctx);
+ void exitTimeUnit(EqlBaseParser.TimeUnitContext ctx);
/**
* Enter a parse tree produced by the {@code decimalLiteral}
* labeled alternative in {@link EqlBaseParser#number}.
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseParser.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseParser.java
index 8003fc65c9784..1bed5e7169e92 100644
--- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseParser.java
+++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseParser.java
@@ -17,47 +17,44 @@ class EqlBaseParser extends Parser {
protected static final PredictionContextCache _sharedContextCache =
new PredictionContextCache();
public static final int
- AND=1, ANY=2, ASC=3, BETWEEN=4, BY=5, CHILD=6, DESCENDANT=7, EVENT=8,
- FALSE=9, IN=10, JOIN=11, MAXSPAN=12, NOT=13, NULL=14, OF=15, OR=16, SEQUENCE=17,
- TRUE=18, UNTIL=19, WHERE=20, WITH=21, EQ=22, NEQ=23, LT=24, LTE=25, GT=26,
- GTE=27, PLUS=28, MINUS=29, ASTERISK=30, SLASH=31, PERCENT=32, DOT=33,
- COMMA=34, LB=35, RB=36, LP=37, RP=38, PIPE=39, STRING=40, INTEGER_VALUE=41,
- DECIMAL_VALUE=42, IDENTIFIER=43, DIGIT_IDENTIFIER=44, QUOTED_IDENTIFIER=45,
- SIMPLE_COMMENT=46, BRACKETED_COMMENT=47, WS=48, UNRECOGNIZED=49, DELIMITER=50;
+ AND=1, BY=2, FALSE=3, FORK=4, IN=5, JOIN=6, MAXSPAN=7, NOT=8, NULL=9,
+ OF=10, OR=11, SEQUENCE=12, TRUE=13, UNTIL=14, WHERE=15, WITH=16, EQ=17,
+ NEQ=18, LT=19, LTE=20, GT=21, GTE=22, PLUS=23, MINUS=24, ASTERISK=25,
+ SLASH=26, PERCENT=27, DOT=28, COMMA=29, LB=30, RB=31, LP=32, RP=33, PIPE=34,
+ ESCAPED_IDENTIFIER=35, STRING=36, INTEGER_VALUE=37, DECIMAL_VALUE=38,
+ IDENTIFIER=39, LINE_COMMENT=40, BRACKETED_COMMENT=41, WS=42;
public static final int
RULE_singleStatement = 0, RULE_singleExpression = 1, RULE_statement = 2,
- RULE_query = 3, RULE_sequence = 4, RULE_join = 5, RULE_pipe = 6, RULE_joinKeys = 7,
- RULE_span = 8, RULE_match = 9, RULE_condition = 10, RULE_expression = 11,
- RULE_booleanExpression = 12, RULE_predicated = 13, RULE_predicate = 14,
- RULE_valueExpression = 15, RULE_primaryExpression = 16, RULE_functionExpression = 17,
- RULE_constant = 18, RULE_comparisonOperator = 19, RULE_booleanValue = 20,
- RULE_qualifiedNames = 21, RULE_qualifiedName = 22, RULE_identifier = 23,
- RULE_quoteIdentifier = 24, RULE_unquoteIdentifier = 25, RULE_number = 26,
- RULE_string = 27;
+ RULE_query = 3, RULE_sequenceParams = 4, RULE_sequence = 5, RULE_join = 6,
+ RULE_pipe = 7, RULE_joinKeys = 8, RULE_joinTerm = 9, RULE_sequenceTerm = 10,
+ RULE_subquery = 11, RULE_eventQuery = 12, RULE_expression = 13, RULE_booleanExpression = 14,
+ RULE_predicated = 15, RULE_predicate = 16, RULE_valueExpression = 17,
+ RULE_primaryExpression = 18, RULE_functionExpression = 19, RULE_constant = 20,
+ RULE_comparisonOperator = 21, RULE_booleanValue = 22, RULE_qualifiedName = 23,
+ RULE_identifier = 24, RULE_timeUnit = 25, RULE_number = 26, RULE_string = 27;
public static final String[] ruleNames = {
- "singleStatement", "singleExpression", "statement", "query", "sequence",
- "join", "pipe", "joinKeys", "span", "match", "condition", "expression",
- "booleanExpression", "predicated", "predicate", "valueExpression", "primaryExpression",
- "functionExpression", "constant", "comparisonOperator", "booleanValue",
- "qualifiedNames", "qualifiedName", "identifier", "quoteIdentifier", "unquoteIdentifier",
+ "singleStatement", "singleExpression", "statement", "query", "sequenceParams",
+ "sequence", "join", "pipe", "joinKeys", "joinTerm", "sequenceTerm", "subquery",
+ "eventQuery", "expression", "booleanExpression", "predicated", "predicate",
+ "valueExpression", "primaryExpression", "functionExpression", "constant",
+ "comparisonOperator", "booleanValue", "qualifiedName", "identifier", "timeUnit",
"number", "string"
};
private static final String[] _LITERAL_NAMES = {
- null, "'AND'", "'ANY'", "'ASC'", "'BETWEEN'", "'BY'", "'CHILD'", "'DESCENDANT'",
- "'EVENT'", "'FALSE'", "'IN'", "'JOIN'", "'MAXSPAN'", "'NOT'", "'NULL'",
- "'OF'", "'OR'", "'SEQUENCE'", "'TRUE'", "'UNTIL'", "'WHERE'", "'WITH'",
- null, null, "'<'", "'<='", "'>'", "'>='", "'+'", "'-'", "'*'", "'/'",
- "'%'", "'.'", "','", "'['", "']'", "'('", "')'", "'|'"
+ null, "'and'", "'by'", "'false'", "'fork'", "'in'", "'join'", "'maxspan'",
+ "'not'", "'null'", "'of'", "'or'", "'sequence'", "'true'", "'until'",
+ "'where'", "'with'", null, "'!='", "'<'", "'<='", "'>'", "'>='", "'+'",
+ "'-'", "'*'", "'/'", "'%'", "'.'", "','", "'['", "']'", "'('", "')'",
+ "'|'"
};
private static final String[] _SYMBOLIC_NAMES = {
- null, "AND", "ANY", "ASC", "BETWEEN", "BY", "CHILD", "DESCENDANT", "EVENT",
- "FALSE", "IN", "JOIN", "MAXSPAN", "NOT", "NULL", "OF", "OR", "SEQUENCE",
- "TRUE", "UNTIL", "WHERE", "WITH", "EQ", "NEQ", "LT", "LTE", "GT", "GTE",
- "PLUS", "MINUS", "ASTERISK", "SLASH", "PERCENT", "DOT", "COMMA", "LB",
- "RB", "LP", "RP", "PIPE", "STRING", "INTEGER_VALUE", "DECIMAL_VALUE",
- "IDENTIFIER", "DIGIT_IDENTIFIER", "QUOTED_IDENTIFIER", "SIMPLE_COMMENT",
- "BRACKETED_COMMENT", "WS", "UNRECOGNIZED", "DELIMITER"
+ null, "AND", "BY", "FALSE", "FORK", "IN", "JOIN", "MAXSPAN", "NOT", "NULL",
+ "OF", "OR", "SEQUENCE", "TRUE", "UNTIL", "WHERE", "WITH", "EQ", "NEQ",
+ "LT", "LTE", "GT", "GTE", "PLUS", "MINUS", "ASTERISK", "SLASH", "PERCENT",
+ "DOT", "COMMA", "LB", "RB", "LP", "RP", "PIPE", "ESCAPED_IDENTIFIER",
+ "STRING", "INTEGER_VALUE", "DECIMAL_VALUE", "IDENTIFIER", "LINE_COMMENT",
+ "BRACKETED_COMMENT", "WS"
};
public static final Vocabulary VOCABULARY = new VocabularyImpl(_LITERAL_NAMES, _SYMBOLIC_NAMES);
@@ -206,10 +203,6 @@ public static class StatementContext extends ParserRuleContext {
public QueryContext query() {
return getRuleContext(QueryContext.class,0);
}
- public List PIPE() { return getTokens(EqlBaseParser.PIPE); }
- public TerminalNode PIPE(int i) {
- return getToken(EqlBaseParser.PIPE, i);
- }
public List pipe() {
return getRuleContexts(PipeContext.class);
}
@@ -244,19 +237,17 @@ public final StatementContext statement() throws RecognitionException {
{
setState(62);
query();
- setState(67);
+ setState(66);
_errHandler.sync(this);
_la = _input.LA(1);
while (_la==PIPE) {
{
{
setState(63);
- match(PIPE);
- setState(64);
pipe();
}
}
- setState(69);
+ setState(68);
_errHandler.sync(this);
_la = _input.LA(1);
}
@@ -280,8 +271,8 @@ public SequenceContext sequence() {
public JoinContext join() {
return getRuleContext(JoinContext.class,0);
}
- public ConditionContext condition() {
- return getRuleContext(ConditionContext.class,0);
+ public EventQueryContext eventQuery() {
+ return getRuleContext(EventQueryContext.class,0);
}
public QueryContext(ParserRuleContext parent, int invokingState) {
super(parent, invokingState);
@@ -306,29 +297,28 @@ public final QueryContext query() throws RecognitionException {
QueryContext _localctx = new QueryContext(_ctx, getState());
enterRule(_localctx, 6, RULE_query);
try {
- setState(73);
+ setState(72);
switch (_input.LA(1)) {
case SEQUENCE:
enterOuterAlt(_localctx, 1);
{
- setState(70);
+ setState(69);
sequence();
}
break;
case JOIN:
enterOuterAlt(_localctx, 2);
{
- setState(71);
+ setState(70);
join();
}
break;
+ case ESCAPED_IDENTIFIER:
case IDENTIFIER:
- case DIGIT_IDENTIFIER:
- case QUOTED_IDENTIFIER:
enterOuterAlt(_localctx, 3);
{
- setState(72);
- condition();
+ setState(71);
+ eventQuery();
}
break;
default:
@@ -346,17 +336,72 @@ public final QueryContext query() throws RecognitionException {
return _localctx;
}
+ public static class SequenceParamsContext extends ParserRuleContext {
+ public TerminalNode WITH() { return getToken(EqlBaseParser.WITH, 0); }
+ public TerminalNode MAXSPAN() { return getToken(EqlBaseParser.MAXSPAN, 0); }
+ public TerminalNode EQ() { return getToken(EqlBaseParser.EQ, 0); }
+ public TimeUnitContext timeUnit() {
+ return getRuleContext(TimeUnitContext.class,0);
+ }
+ public SequenceParamsContext(ParserRuleContext parent, int invokingState) {
+ super(parent, invokingState);
+ }
+ @Override public int getRuleIndex() { return RULE_sequenceParams; }
+ @Override
+ public void enterRule(ParseTreeListener listener) {
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterSequenceParams(this);
+ }
+ @Override
+ public void exitRule(ParseTreeListener listener) {
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitSequenceParams(this);
+ }
+ @Override
+ public T accept(ParseTreeVisitor visitor) {
+ if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitSequenceParams(this);
+ else return visitor.visitChildren(this);
+ }
+ }
+
+ public final SequenceParamsContext sequenceParams() throws RecognitionException {
+ SequenceParamsContext _localctx = new SequenceParamsContext(_ctx, getState());
+ enterRule(_localctx, 8, RULE_sequenceParams);
+ try {
+ enterOuterAlt(_localctx, 1);
+ {
+ setState(74);
+ match(WITH);
+ {
+ setState(75);
+ match(MAXSPAN);
+ setState(76);
+ match(EQ);
+ setState(77);
+ timeUnit();
+ }
+ }
+ }
+ catch (RecognitionException re) {
+ _localctx.exception = re;
+ _errHandler.reportError(this, re);
+ _errHandler.recover(this, re);
+ }
+ finally {
+ exitRule();
+ }
+ return _localctx;
+ }
+
public static class SequenceContext extends ParserRuleContext {
public JoinKeysContext by;
public TerminalNode SEQUENCE() { return getToken(EqlBaseParser.SEQUENCE, 0); }
- public SpanContext span() {
- return getRuleContext(SpanContext.class,0);
+ public List sequenceTerm() {
+ return getRuleContexts(SequenceTermContext.class);
}
- public List match() {
- return getRuleContexts(MatchContext.class);
+ public SequenceTermContext sequenceTerm(int i) {
+ return getRuleContext(SequenceTermContext.class,i);
}
- public MatchContext match(int i) {
- return getRuleContext(MatchContext.class,i);
+ public SequenceParamsContext sequenceParams() {
+ return getRuleContext(SequenceParamsContext.class,0);
}
public TerminalNode UNTIL() { return getToken(EqlBaseParser.UNTIL, 0); }
public JoinKeysContext joinKeys() {
@@ -383,53 +428,74 @@ public T accept(ParseTreeVisitor visitor) {
public final SequenceContext sequence() throws RecognitionException {
SequenceContext _localctx = new SequenceContext(_ctx, getState());
- enterRule(_localctx, 8, RULE_sequence);
+ enterRule(_localctx, 10, RULE_sequence);
int _la;
try {
enterOuterAlt(_localctx, 1);
{
- setState(75);
+ setState(79);
match(SEQUENCE);
- setState(77);
- _la = _input.LA(1);
- if (_la==BY) {
+ setState(88);
+ switch (_input.LA(1)) {
+ case BY:
{
- setState(76);
+ setState(80);
((SequenceContext)_localctx).by = joinKeys();
+ setState(82);
+ _la = _input.LA(1);
+ if (_la==WITH) {
+ {
+ setState(81);
+ sequenceParams();
+ }
}
- }
- setState(80);
- _la = _input.LA(1);
- if (_la==WITH) {
+ }
+ break;
+ case WITH:
{
- setState(79);
- span();
+ setState(84);
+ sequenceParams();
+ setState(86);
+ _la = _input.LA(1);
+ if (_la==BY) {
+ {
+ setState(85);
+ ((SequenceContext)_localctx).by = joinKeys();
+ }
}
- }
- setState(83);
+ }
+ break;
+ case LB:
+ break;
+ default:
+ throw new NoViableAltException(this);
+ }
+ setState(90);
+ sequenceTerm();
+ setState(92);
_errHandler.sync(this);
_la = _input.LA(1);
do {
{
{
- setState(82);
- match();
+ setState(91);
+ sequenceTerm();
}
}
- setState(85);
+ setState(94);
_errHandler.sync(this);
_la = _input.LA(1);
} while ( _la==LB );
- setState(89);
+ setState(98);
_la = _input.LA(1);
if (_la==UNTIL) {
{
- setState(87);
+ setState(96);
match(UNTIL);
- setState(88);
- match();
+ setState(97);
+ sequenceTerm();
}
}
@@ -449,11 +515,11 @@ public final SequenceContext sequence() throws RecognitionException {
public static class JoinContext extends ParserRuleContext {
public JoinKeysContext by;
public TerminalNode JOIN() { return getToken(EqlBaseParser.JOIN, 0); }
- public List match() {
- return getRuleContexts(MatchContext.class);
+ public List joinTerm() {
+ return getRuleContexts(JoinTermContext.class);
}
- public MatchContext match(int i) {
- return getRuleContext(MatchContext.class,i);
+ public JoinTermContext joinTerm(int i) {
+ return getRuleContext(JoinTermContext.class,i);
}
public TerminalNode UNTIL() { return getToken(EqlBaseParser.UNTIL, 0); }
public JoinKeysContext joinKeys() {
@@ -480,44 +546,46 @@ public T accept(ParseTreeVisitor visitor) {
public final JoinContext join() throws RecognitionException {
JoinContext _localctx = new JoinContext(_ctx, getState());
- enterRule(_localctx, 10, RULE_join);
+ enterRule(_localctx, 12, RULE_join);
int _la;
try {
enterOuterAlt(_localctx, 1);
{
- setState(91);
+ setState(100);
match(JOIN);
- setState(93);
+ setState(102);
_la = _input.LA(1);
if (_la==BY) {
{
- setState(92);
+ setState(101);
((JoinContext)_localctx).by = joinKeys();
}
}
- setState(96);
+ setState(104);
+ joinTerm();
+ setState(106);
_errHandler.sync(this);
_la = _input.LA(1);
do {
{
{
- setState(95);
- match();
+ setState(105);
+ joinTerm();
}
}
- setState(98);
+ setState(108);
_errHandler.sync(this);
_la = _input.LA(1);
} while ( _la==LB );
- setState(102);
+ setState(112);
_la = _input.LA(1);
if (_la==UNTIL) {
{
- setState(100);
+ setState(110);
match(UNTIL);
- setState(101);
- match();
+ setState(111);
+ joinTerm();
}
}
@@ -536,6 +604,7 @@ public final JoinContext join() throws RecognitionException {
public static class PipeContext extends ParserRuleContext {
public Token kind;
+ public TerminalNode PIPE() { return getToken(EqlBaseParser.PIPE, 0); }
public TerminalNode IDENTIFIER() { return getToken(EqlBaseParser.IDENTIFIER, 0); }
public List booleanExpression() {
return getRuleContexts(BooleanExpressionContext.class);
@@ -568,32 +637,34 @@ public T accept(ParseTreeVisitor visitor) {
public final PipeContext pipe() throws RecognitionException {
PipeContext _localctx = new PipeContext(_ctx, getState());
- enterRule(_localctx, 12, RULE_pipe);
+ enterRule(_localctx, 14, RULE_pipe);
int _la;
try {
enterOuterAlt(_localctx, 1);
{
- setState(104);
+ setState(114);
+ match(PIPE);
+ setState(115);
((PipeContext)_localctx).kind = match(IDENTIFIER);
- setState(113);
+ setState(124);
_la = _input.LA(1);
- if ((((_la) & ~0x3f) == 0 && ((1L << _la) & ((1L << FALSE) | (1L << NOT) | (1L << NULL) | (1L << TRUE) | (1L << PLUS) | (1L << MINUS) | (1L << LP) | (1L << STRING) | (1L << INTEGER_VALUE) | (1L << DECIMAL_VALUE) | (1L << IDENTIFIER) | (1L << DIGIT_IDENTIFIER) | (1L << QUOTED_IDENTIFIER))) != 0)) {
+ if ((((_la) & ~0x3f) == 0 && ((1L << _la) & ((1L << FALSE) | (1L << NOT) | (1L << NULL) | (1L << TRUE) | (1L << PLUS) | (1L << MINUS) | (1L << LP) | (1L << ESCAPED_IDENTIFIER) | (1L << STRING) | (1L << INTEGER_VALUE) | (1L << DECIMAL_VALUE) | (1L << IDENTIFIER))) != 0)) {
{
- setState(105);
+ setState(116);
booleanExpression(0);
- setState(110);
+ setState(121);
_errHandler.sync(this);
_la = _input.LA(1);
while (_la==COMMA) {
{
{
- setState(106);
+ setState(117);
match(COMMA);
- setState(107);
+ setState(118);
booleanExpression(0);
}
}
- setState(112);
+ setState(123);
_errHandler.sync(this);
_la = _input.LA(1);
}
@@ -615,8 +686,15 @@ public final PipeContext pipe() throws RecognitionException {
public static class JoinKeysContext extends ParserRuleContext {
public TerminalNode BY() { return getToken(EqlBaseParser.BY, 0); }
- public QualifiedNamesContext qualifiedNames() {
- return getRuleContext(QualifiedNamesContext.class,0);
+ public List expression() {
+ return getRuleContexts(ExpressionContext.class);
+ }
+ public ExpressionContext expression(int i) {
+ return getRuleContext(ExpressionContext.class,i);
+ }
+ public List COMMA() { return getTokens(EqlBaseParser.COMMA); }
+ public TerminalNode COMMA(int i) {
+ return getToken(EqlBaseParser.COMMA, i);
}
public JoinKeysContext(ParserRuleContext parent, int invokingState) {
super(parent, invokingState);
@@ -639,14 +717,31 @@ public T accept(ParseTreeVisitor visitor) {
public final JoinKeysContext joinKeys() throws RecognitionException {
JoinKeysContext _localctx = new JoinKeysContext(_ctx, getState());
- enterRule(_localctx, 14, RULE_joinKeys);
+ enterRule(_localctx, 16, RULE_joinKeys);
+ int _la;
try {
enterOuterAlt(_localctx, 1);
{
- setState(115);
+ setState(126);
match(BY);
- setState(116);
- qualifiedNames();
+ setState(127);
+ expression();
+ setState(132);
+ _errHandler.sync(this);
+ _la = _input.LA(1);
+ while (_la==COMMA) {
+ {
+ {
+ setState(128);
+ match(COMMA);
+ setState(129);
+ expression();
+ }
+ }
+ setState(134);
+ _errHandler.sync(this);
+ _la = _input.LA(1);
+ }
}
}
catch (RecognitionException re) {
@@ -660,44 +755,51 @@ public final JoinKeysContext joinKeys() throws RecognitionException {
return _localctx;
}
- public static class SpanContext extends ParserRuleContext {
- public TerminalNode WITH() { return getToken(EqlBaseParser.WITH, 0); }
- public TerminalNode MAXSPAN() { return getToken(EqlBaseParser.MAXSPAN, 0); }
- public TerminalNode EQ() { return getToken(EqlBaseParser.EQ, 0); }
- public TerminalNode DIGIT_IDENTIFIER() { return getToken(EqlBaseParser.DIGIT_IDENTIFIER, 0); }
- public SpanContext(ParserRuleContext parent, int invokingState) {
+ public static class JoinTermContext extends ParserRuleContext {
+ public JoinKeysContext by;
+ public SubqueryContext subquery() {
+ return getRuleContext(SubqueryContext.class,0);
+ }
+ public JoinKeysContext joinKeys() {
+ return getRuleContext(JoinKeysContext.class,0);
+ }
+ public JoinTermContext(ParserRuleContext parent, int invokingState) {
super(parent, invokingState);
}
- @Override public int getRuleIndex() { return RULE_span; }
+ @Override public int getRuleIndex() { return RULE_joinTerm; }
@Override
public void enterRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterSpan(this);
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterJoinTerm(this);
}
@Override
public void exitRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitSpan(this);
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitJoinTerm(this);
}
@Override
public T accept(ParseTreeVisitor visitor) {
- if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitSpan(this);
+ if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitJoinTerm(this);
else return visitor.visitChildren(this);
}
}
- public final SpanContext span() throws RecognitionException {
- SpanContext _localctx = new SpanContext(_ctx, getState());
- enterRule(_localctx, 16, RULE_span);
+ public final JoinTermContext joinTerm() throws RecognitionException {
+ JoinTermContext _localctx = new JoinTermContext(_ctx, getState());
+ enterRule(_localctx, 18, RULE_joinTerm);
+ int _la;
try {
enterOuterAlt(_localctx, 1);
{
- setState(118);
- match(WITH);
- setState(119);
- match(MAXSPAN);
- setState(120);
- match(EQ);
- setState(121);
- match(DIGIT_IDENTIFIER);
+ setState(135);
+ subquery();
+ setState(137);
+ _la = _input.LA(1);
+ if (_la==BY) {
+ {
+ setState(136);
+ ((JoinTermContext)_localctx).by = joinKeys();
+ }
+ }
+
}
}
catch (RecognitionException re) {
@@ -711,54 +813,73 @@ public final SpanContext span() throws RecognitionException {
return _localctx;
}
- public static class MatchContext extends ParserRuleContext {
+ public static class SequenceTermContext extends ParserRuleContext {
public JoinKeysContext by;
- public TerminalNode LB() { return getToken(EqlBaseParser.LB, 0); }
- public ConditionContext condition() {
- return getRuleContext(ConditionContext.class,0);
+ public SubqueryContext subquery() {
+ return getRuleContext(SubqueryContext.class,0);
}
- public TerminalNode RB() { return getToken(EqlBaseParser.RB, 0); }
+ public TerminalNode FORK() { return getToken(EqlBaseParser.FORK, 0); }
public JoinKeysContext joinKeys() {
return getRuleContext(JoinKeysContext.class,0);
}
- public MatchContext(ParserRuleContext parent, int invokingState) {
+ public TerminalNode EQ() { return getToken(EqlBaseParser.EQ, 0); }
+ public BooleanValueContext booleanValue() {
+ return getRuleContext(BooleanValueContext.class,0);
+ }
+ public SequenceTermContext(ParserRuleContext parent, int invokingState) {
super(parent, invokingState);
}
- @Override public int getRuleIndex() { return RULE_match; }
+ @Override public int getRuleIndex() { return RULE_sequenceTerm; }
@Override
public void enterRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterMatch(this);
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterSequenceTerm(this);
}
@Override
public void exitRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitMatch(this);
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitSequenceTerm(this);
}
@Override
public T accept(ParseTreeVisitor visitor) {
- if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitMatch(this);
+ if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitSequenceTerm(this);
else return visitor.visitChildren(this);
}
}
- public final MatchContext match() throws RecognitionException {
- MatchContext _localctx = new MatchContext(_ctx, getState());
- enterRule(_localctx, 18, RULE_match);
+ public final SequenceTermContext sequenceTerm() throws RecognitionException {
+ SequenceTermContext _localctx = new SequenceTermContext(_ctx, getState());
+ enterRule(_localctx, 20, RULE_sequenceTerm);
int _la;
try {
enterOuterAlt(_localctx, 1);
{
- setState(123);
- match(LB);
- setState(124);
- condition();
- setState(125);
- match(RB);
- setState(127);
+ setState(139);
+ subquery();
+ setState(145);
+ _la = _input.LA(1);
+ if (_la==FORK) {
+ {
+ setState(140);
+ match(FORK);
+ setState(143);
+ _la = _input.LA(1);
+ if (_la==EQ) {
+ {
+ setState(141);
+ match(EQ);
+ setState(142);
+ booleanValue();
+ }
+ }
+
+ }
+ }
+
+ setState(148);
_la = _input.LA(1);
if (_la==BY) {
{
- setState(126);
- ((MatchContext)_localctx).by = joinKeys();
+ setState(147);
+ ((SequenceTermContext)_localctx).by = joinKeys();
}
}
@@ -775,45 +896,95 @@ public final MatchContext match() throws RecognitionException {
return _localctx;
}
- public static class ConditionContext extends ParserRuleContext {
- public QualifiedNameContext event;
+ public static class SubqueryContext extends ParserRuleContext {
+ public TerminalNode LB() { return getToken(EqlBaseParser.LB, 0); }
+ public EventQueryContext eventQuery() {
+ return getRuleContext(EventQueryContext.class,0);
+ }
+ public TerminalNode RB() { return getToken(EqlBaseParser.RB, 0); }
+ public SubqueryContext(ParserRuleContext parent, int invokingState) {
+ super(parent, invokingState);
+ }
+ @Override public int getRuleIndex() { return RULE_subquery; }
+ @Override
+ public void enterRule(ParseTreeListener listener) {
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterSubquery(this);
+ }
+ @Override
+ public void exitRule(ParseTreeListener listener) {
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitSubquery(this);
+ }
+ @Override
+ public T accept(ParseTreeVisitor visitor) {
+ if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitSubquery(this);
+ else return visitor.visitChildren(this);
+ }
+ }
+
+ public final SubqueryContext subquery() throws RecognitionException {
+ SubqueryContext _localctx = new SubqueryContext(_ctx, getState());
+ enterRule(_localctx, 22, RULE_subquery);
+ try {
+ enterOuterAlt(_localctx, 1);
+ {
+ setState(150);
+ match(LB);
+ setState(151);
+ eventQuery();
+ setState(152);
+ match(RB);
+ }
+ }
+ catch (RecognitionException re) {
+ _localctx.exception = re;
+ _errHandler.reportError(this, re);
+ _errHandler.recover(this, re);
+ }
+ finally {
+ exitRule();
+ }
+ return _localctx;
+ }
+
+ public static class EventQueryContext extends ParserRuleContext {
+ public IdentifierContext event;
public TerminalNode WHERE() { return getToken(EqlBaseParser.WHERE, 0); }
public ExpressionContext expression() {
return getRuleContext(ExpressionContext.class,0);
}
- public QualifiedNameContext qualifiedName() {
- return getRuleContext(QualifiedNameContext.class,0);
+ public IdentifierContext identifier() {
+ return getRuleContext(IdentifierContext.class,0);
}
- public ConditionContext(ParserRuleContext parent, int invokingState) {
+ public EventQueryContext(ParserRuleContext parent, int invokingState) {
super(parent, invokingState);
}
- @Override public int getRuleIndex() { return RULE_condition; }
+ @Override public int getRuleIndex() { return RULE_eventQuery; }
@Override
public void enterRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterCondition(this);
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterEventQuery(this);
}
@Override
public void exitRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitCondition(this);
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitEventQuery(this);
}
@Override
public T accept(ParseTreeVisitor visitor) {
- if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitCondition(this);
+ if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitEventQuery(this);
else return visitor.visitChildren(this);
}
}
- public final ConditionContext condition() throws RecognitionException {
- ConditionContext _localctx = new ConditionContext(_ctx, getState());
- enterRule(_localctx, 20, RULE_condition);
+ public final EventQueryContext eventQuery() throws RecognitionException {
+ EventQueryContext _localctx = new EventQueryContext(_ctx, getState());
+ enterRule(_localctx, 24, RULE_eventQuery);
try {
enterOuterAlt(_localctx, 1);
{
- setState(129);
- ((ConditionContext)_localctx).event = qualifiedName();
- setState(130);
+ setState(154);
+ ((EventQueryContext)_localctx).event = identifier();
+ setState(155);
match(WHERE);
- setState(131);
+ setState(156);
expression();
}
}
@@ -853,11 +1024,11 @@ public T accept(ParseTreeVisitor visitor) {
public final ExpressionContext expression() throws RecognitionException {
ExpressionContext _localctx = new ExpressionContext(_ctx, getState());
- enterRule(_localctx, 22, RULE_expression);
+ enterRule(_localctx, 26, RULE_expression);
try {
enterOuterAlt(_localctx, 1);
{
- setState(133);
+ setState(158);
booleanExpression(0);
}
}
@@ -922,6 +1093,28 @@ public T accept(ParseTreeVisitor visitor) {
else return visitor.visitChildren(this);
}
}
+ public static class ProcessCheckContext extends BooleanExpressionContext {
+ public Token relationship;
+ public TerminalNode OF() { return getToken(EqlBaseParser.OF, 0); }
+ public SubqueryContext subquery() {
+ return getRuleContext(SubqueryContext.class,0);
+ }
+ public TerminalNode IDENTIFIER() { return getToken(EqlBaseParser.IDENTIFIER, 0); }
+ public ProcessCheckContext(BooleanExpressionContext ctx) { copyFrom(ctx); }
+ @Override
+ public void enterRule(ParseTreeListener listener) {
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterProcessCheck(this);
+ }
+ @Override
+ public void exitRule(ParseTreeListener listener) {
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitProcessCheck(this);
+ }
+ @Override
+ public T accept(ParseTreeVisitor visitor) {
+ if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitProcessCheck(this);
+ else return visitor.visitChildren(this);
+ }
+ }
public static class LogicalBinaryContext extends BooleanExpressionContext {
public BooleanExpressionContext left;
public Token operator;
@@ -959,71 +1152,72 @@ private BooleanExpressionContext booleanExpression(int _p) throws RecognitionExc
int _parentState = getState();
BooleanExpressionContext _localctx = new BooleanExpressionContext(_ctx, _parentState);
BooleanExpressionContext _prevctx = _localctx;
- int _startState = 24;
- enterRecursionRule(_localctx, 24, RULE_booleanExpression, _p);
+ int _startState = 28;
+ enterRecursionRule(_localctx, 28, RULE_booleanExpression, _p);
try {
int _alt;
enterOuterAlt(_localctx, 1);
{
- setState(139);
- switch (_input.LA(1)) {
- case NOT:
+ setState(167);
+ _errHandler.sync(this);
+ switch ( getInterpreter().adaptivePredict(_input,17,_ctx) ) {
+ case 1:
{
_localctx = new LogicalNotContext(_localctx);
_ctx = _localctx;
_prevctx = _localctx;
- setState(136);
+ setState(161);
match(NOT);
- setState(137);
- booleanExpression(4);
+ setState(162);
+ booleanExpression(5);
}
break;
- case FALSE:
- case NULL:
- case TRUE:
- case PLUS:
- case MINUS:
- case LP:
- case STRING:
- case INTEGER_VALUE:
- case DECIMAL_VALUE:
- case IDENTIFIER:
- case DIGIT_IDENTIFIER:
- case QUOTED_IDENTIFIER:
+ case 2:
+ {
+ _localctx = new ProcessCheckContext(_localctx);
+ _ctx = _localctx;
+ _prevctx = _localctx;
+ setState(163);
+ ((ProcessCheckContext)_localctx).relationship = match(IDENTIFIER);
+ setState(164);
+ match(OF);
+ setState(165);
+ subquery();
+ }
+ break;
+ case 3:
{
_localctx = new BooleanDefaultContext(_localctx);
_ctx = _localctx;
_prevctx = _localctx;
- setState(138);
+ setState(166);
predicated();
}
break;
- default:
- throw new NoViableAltException(this);
}
_ctx.stop = _input.LT(-1);
- setState(149);
+ setState(177);
_errHandler.sync(this);
- _alt = getInterpreter().adaptivePredict(_input,14,_ctx);
+ _alt = getInterpreter().adaptivePredict(_input,19,_ctx);
while ( _alt!=2 && _alt!=org.antlr.v4.runtime.atn.ATN.INVALID_ALT_NUMBER ) {
if ( _alt==1 ) {
if ( _parseListeners!=null ) triggerExitRuleEvent();
_prevctx = _localctx;
{
- setState(147);
+ setState(175);
_errHandler.sync(this);
- switch ( getInterpreter().adaptivePredict(_input,13,_ctx) ) {
+ switch ( getInterpreter().adaptivePredict(_input,18,_ctx) ) {
case 1:
{
_localctx = new LogicalBinaryContext(new BooleanExpressionContext(_parentctx, _parentState));
((LogicalBinaryContext)_localctx).left = _prevctx;
pushNewRecursionContext(_localctx, _startState, RULE_booleanExpression);
- setState(141);
+ setState(169);
if (!(precpred(_ctx, 2))) throw new FailedPredicateException(this, "precpred(_ctx, 2)");
- setState(142);
+ setState(170);
((LogicalBinaryContext)_localctx).operator = match(AND);
- setState(143);
+ setState(171);
((LogicalBinaryContext)_localctx).right = booleanExpression(3);
}
break;
@@ -1032,20 +1226,20 @@ private BooleanExpressionContext booleanExpression(int _p) throws RecognitionExc
_localctx = new LogicalBinaryContext(new BooleanExpressionContext(_parentctx, _parentState));
((LogicalBinaryContext)_localctx).left = _prevctx;
pushNewRecursionContext(_localctx, _startState, RULE_booleanExpression);
- setState(144);
+ setState(172);
if (!(precpred(_ctx, 1))) throw new FailedPredicateException(this, "precpred(_ctx, 1)");
- setState(145);
+ setState(173);
((LogicalBinaryContext)_localctx).operator = match(OR);
- setState(146);
+ setState(174);
((LogicalBinaryContext)_localctx).right = booleanExpression(2);
}
break;
}
}
}
- setState(151);
+ setState(179);
_errHandler.sync(this);
- _alt = getInterpreter().adaptivePredict(_input,14,_ctx);
+ _alt = getInterpreter().adaptivePredict(_input,19,_ctx);
}
}
}
@@ -1088,18 +1282,18 @@ public T accept(ParseTreeVisitor visitor) {
public final PredicatedContext predicated() throws RecognitionException {
PredicatedContext _localctx = new PredicatedContext(_ctx, getState());
- enterRule(_localctx, 26, RULE_predicated);
+ enterRule(_localctx, 30, RULE_predicated);
try {
enterOuterAlt(_localctx, 1);
{
- setState(152);
+ setState(180);
valueExpression(0);
- setState(154);
+ setState(182);
_errHandler.sync(this);
- switch ( getInterpreter().adaptivePredict(_input,15,_ctx) ) {
+ switch ( getInterpreter().adaptivePredict(_input,20,_ctx) ) {
case 1:
{
- setState(153);
+ setState(181);
predicate();
}
break;
@@ -1119,27 +1313,20 @@ public final PredicatedContext predicated() throws RecognitionException {
public static class PredicateContext extends ParserRuleContext {
public Token kind;
- public ValueExpressionContext lower;
- public ValueExpressionContext upper;
- public TerminalNode AND() { return getToken(EqlBaseParser.AND, 0); }
- public TerminalNode BETWEEN() { return getToken(EqlBaseParser.BETWEEN, 0); }
+ public TerminalNode LP() { return getToken(EqlBaseParser.LP, 0); }
public List valueExpression() {
return getRuleContexts(ValueExpressionContext.class);
}
public ValueExpressionContext valueExpression(int i) {
return getRuleContext(ValueExpressionContext.class,i);
}
- public TerminalNode NOT() { return getToken(EqlBaseParser.NOT, 0); }
- public TerminalNode LP() { return getToken(EqlBaseParser.LP, 0); }
public TerminalNode RP() { return getToken(EqlBaseParser.RP, 0); }
public TerminalNode IN() { return getToken(EqlBaseParser.IN, 0); }
+ public TerminalNode NOT() { return getToken(EqlBaseParser.NOT, 0); }
public List COMMA() { return getTokens(EqlBaseParser.COMMA); }
public TerminalNode COMMA(int i) {
return getToken(EqlBaseParser.COMMA, i);
}
- public QueryContext query() {
- return getRuleContext(QueryContext.class,0);
- }
public PredicateContext(ParserRuleContext parent, int invokingState) {
super(parent, invokingState);
}
@@ -1161,94 +1348,44 @@ public T accept(ParseTreeVisitor visitor) {
public final PredicateContext predicate() throws RecognitionException {
PredicateContext _localctx = new PredicateContext(_ctx, getState());
- enterRule(_localctx, 28, RULE_predicate);
+ enterRule(_localctx, 32, RULE_predicate);
int _la;
try {
- setState(187);
- _errHandler.sync(this);
- switch ( getInterpreter().adaptivePredict(_input,20,_ctx) ) {
- case 1:
- enterOuterAlt(_localctx, 1);
+ enterOuterAlt(_localctx, 1);
+ {
+ setState(185);
+ _la = _input.LA(1);
+ if (_la==NOT) {
{
- setState(157);
- _la = _input.LA(1);
- if (_la==NOT) {
- {
- setState(156);
- match(NOT);
- }
+ setState(184);
+ match(NOT);
}
+ }
- setState(159);
- ((PredicateContext)_localctx).kind = match(BETWEEN);
- setState(160);
- ((PredicateContext)_localctx).lower = valueExpression(0);
- setState(161);
- match(AND);
- setState(162);
- ((PredicateContext)_localctx).upper = valueExpression(0);
- }
- break;
- case 2:
- enterOuterAlt(_localctx, 2);
+ setState(187);
+ ((PredicateContext)_localctx).kind = match(IN);
+ setState(188);
+ match(LP);
+ setState(189);
+ valueExpression(0);
+ setState(194);
+ _errHandler.sync(this);
+ _la = _input.LA(1);
+ while (_la==COMMA) {
{
- setState(165);
- _la = _input.LA(1);
- if (_la==NOT) {
- {
- setState(164);
- match(NOT);
- }
- }
-
- setState(167);
- ((PredicateContext)_localctx).kind = match(IN);
- setState(168);
- match(LP);
- setState(169);
+ {
+ setState(190);
+ match(COMMA);
+ setState(191);
valueExpression(0);
- setState(174);
- _errHandler.sync(this);
- _la = _input.LA(1);
- while (_la==COMMA) {
- {
- {
- setState(170);
- match(COMMA);
- setState(171);
- valueExpression(0);
- }
- }
- setState(176);
- _errHandler.sync(this);
- _la = _input.LA(1);
}
- setState(177);
- match(RP);
}
- break;
- case 3:
- enterOuterAlt(_localctx, 3);
- {
- setState(180);
+ setState(196);
+ _errHandler.sync(this);
_la = _input.LA(1);
- if (_la==NOT) {
- {
- setState(179);
- match(NOT);
- }
- }
-
- setState(182);
- ((PredicateContext)_localctx).kind = match(IN);
- setState(183);
- match(LP);
- setState(184);
- query();
- setState(185);
- match(RP);
- }
- break;
+ }
+ setState(197);
+ match(RP);
}
}
catch (RecognitionException re) {
@@ -1381,31 +1518,30 @@ private ValueExpressionContext valueExpression(int _p) throws RecognitionExcepti
int _parentState = getState();
ValueExpressionContext _localctx = new ValueExpressionContext(_ctx, _parentState);
ValueExpressionContext _prevctx = _localctx;
- int _startState = 30;
- enterRecursionRule(_localctx, 30, RULE_valueExpression, _p);
+ int _startState = 34;
+ enterRecursionRule(_localctx, 34, RULE_valueExpression, _p);
int _la;
try {
int _alt;
enterOuterAlt(_localctx, 1);
{
- setState(193);
+ setState(203);
switch (_input.LA(1)) {
case FALSE:
case NULL:
case TRUE:
case LP:
+ case ESCAPED_IDENTIFIER:
case STRING:
case INTEGER_VALUE:
case DECIMAL_VALUE:
case IDENTIFIER:
- case DIGIT_IDENTIFIER:
- case QUOTED_IDENTIFIER:
{
_localctx = new ValueExpressionDefaultContext(_localctx);
_ctx = _localctx;
_prevctx = _localctx;
- setState(190);
+ setState(200);
primaryExpression();
}
break;
@@ -1415,7 +1551,7 @@ private ValueExpressionContext valueExpression(int _p) throws RecognitionExcepti
_localctx = new ArithmeticUnaryContext(_localctx);
_ctx = _localctx;
_prevctx = _localctx;
- setState(191);
+ setState(201);
((ArithmeticUnaryContext)_localctx).operator = _input.LT(1);
_la = _input.LA(1);
if ( !(_la==PLUS || _la==MINUS) ) {
@@ -1423,7 +1559,7 @@ private ValueExpressionContext valueExpression(int _p) throws RecognitionExcepti
} else {
consume();
}
- setState(192);
+ setState(202);
valueExpression(4);
}
break;
@@ -1431,25 +1567,25 @@ private ValueExpressionContext valueExpression(int _p) throws RecognitionExcepti
throw new NoViableAltException(this);
}
_ctx.stop = _input.LT(-1);
- setState(207);
+ setState(217);
_errHandler.sync(this);
- _alt = getInterpreter().adaptivePredict(_input,23,_ctx);
+ _alt = getInterpreter().adaptivePredict(_input,25,_ctx);
while ( _alt!=2 && _alt!=org.antlr.v4.runtime.atn.ATN.INVALID_ALT_NUMBER ) {
if ( _alt==1 ) {
if ( _parseListeners!=null ) triggerExitRuleEvent();
_prevctx = _localctx;
{
- setState(205);
+ setState(215);
_errHandler.sync(this);
- switch ( getInterpreter().adaptivePredict(_input,22,_ctx) ) {
+ switch ( getInterpreter().adaptivePredict(_input,24,_ctx) ) {
case 1:
{
_localctx = new ArithmeticBinaryContext(new ValueExpressionContext(_parentctx, _parentState));
((ArithmeticBinaryContext)_localctx).left = _prevctx;
pushNewRecursionContext(_localctx, _startState, RULE_valueExpression);
- setState(195);
+ setState(205);
if (!(precpred(_ctx, 3))) throw new FailedPredicateException(this, "precpred(_ctx, 3)");
- setState(196);
+ setState(206);
((ArithmeticBinaryContext)_localctx).operator = _input.LT(1);
_la = _input.LA(1);
if ( !((((_la) & ~0x3f) == 0 && ((1L << _la) & ((1L << ASTERISK) | (1L << SLASH) | (1L << PERCENT))) != 0)) ) {
@@ -1457,7 +1593,7 @@ private ValueExpressionContext valueExpression(int _p) throws RecognitionExcepti
} else {
consume();
}
- setState(197);
+ setState(207);
((ArithmeticBinaryContext)_localctx).right = valueExpression(4);
}
break;
@@ -1466,9 +1602,9 @@ private ValueExpressionContext valueExpression(int _p) throws RecognitionExcepti
_localctx = new ArithmeticBinaryContext(new ValueExpressionContext(_parentctx, _parentState));
((ArithmeticBinaryContext)_localctx).left = _prevctx;
pushNewRecursionContext(_localctx, _startState, RULE_valueExpression);
- setState(198);
+ setState(208);
if (!(precpred(_ctx, 2))) throw new FailedPredicateException(this, "precpred(_ctx, 2)");
- setState(199);
+ setState(209);
((ArithmeticBinaryContext)_localctx).operator = _input.LT(1);
_la = _input.LA(1);
if ( !(_la==PLUS || _la==MINUS) ) {
@@ -1476,7 +1612,7 @@ private ValueExpressionContext valueExpression(int _p) throws RecognitionExcepti
} else {
consume();
}
- setState(200);
+ setState(210);
((ArithmeticBinaryContext)_localctx).right = valueExpression(3);
}
break;
@@ -1485,20 +1621,20 @@ private ValueExpressionContext valueExpression(int _p) throws RecognitionExcepti
_localctx = new ComparisonContext(new ValueExpressionContext(_parentctx, _parentState));
((ComparisonContext)_localctx).left = _prevctx;
pushNewRecursionContext(_localctx, _startState, RULE_valueExpression);
- setState(201);
+ setState(211);
if (!(precpred(_ctx, 1))) throw new FailedPredicateException(this, "precpred(_ctx, 1)");
- setState(202);
+ setState(212);
comparisonOperator();
- setState(203);
+ setState(213);
((ComparisonContext)_localctx).right = valueExpression(2);
}
break;
}
}
}
- setState(209);
+ setState(219);
_errHandler.sync(this);
- _alt = getInterpreter().adaptivePredict(_input,23,_ctx);
+ _alt = getInterpreter().adaptivePredict(_input,25,_ctx);
}
}
}
@@ -1605,16 +1741,16 @@ public T accept(ParseTreeVisitor visitor) {
public final PrimaryExpressionContext primaryExpression() throws RecognitionException {
PrimaryExpressionContext _localctx = new PrimaryExpressionContext(_ctx, getState());
- enterRule(_localctx, 32, RULE_primaryExpression);
+ enterRule(_localctx, 36, RULE_primaryExpression);
try {
- setState(217);
+ setState(227);
_errHandler.sync(this);
- switch ( getInterpreter().adaptivePredict(_input,24,_ctx) ) {
+ switch ( getInterpreter().adaptivePredict(_input,26,_ctx) ) {
case 1:
_localctx = new ConstantDefaultContext(_localctx);
enterOuterAlt(_localctx, 1);
{
- setState(210);
+ setState(220);
constant();
}
break;
@@ -1622,7 +1758,7 @@ public final PrimaryExpressionContext primaryExpression() throws RecognitionExce
_localctx = new FunctionContext(_localctx);
enterOuterAlt(_localctx, 2);
{
- setState(211);
+ setState(221);
functionExpression();
}
break;
@@ -1630,7 +1766,7 @@ public final PrimaryExpressionContext primaryExpression() throws RecognitionExce
_localctx = new DereferenceContext(_localctx);
enterOuterAlt(_localctx, 3);
{
- setState(212);
+ setState(222);
qualifiedName();
}
break;
@@ -1638,11 +1774,11 @@ public final PrimaryExpressionContext primaryExpression() throws RecognitionExce
_localctx = new ParenthesizedExpressionContext(_localctx);
enterOuterAlt(_localctx, 4);
{
- setState(213);
+ setState(223);
match(LP);
- setState(214);
+ setState(224);
expression();
- setState(215);
+ setState(225);
match(RP);
}
break;
@@ -1660,11 +1796,10 @@ public final PrimaryExpressionContext primaryExpression() throws RecognitionExce
}
public static class FunctionExpressionContext extends ParserRuleContext {
- public IdentifierContext identifier() {
- return getRuleContext(IdentifierContext.class,0);
- }
+ public Token name;
public TerminalNode LP() { return getToken(EqlBaseParser.LP, 0); }
public TerminalNode RP() { return getToken(EqlBaseParser.RP, 0); }
+ public TerminalNode IDENTIFIER() { return getToken(EqlBaseParser.IDENTIFIER, 0); }
public List expression() {
return getRuleContexts(ExpressionContext.class);
}
@@ -1696,41 +1831,41 @@ public T accept(ParseTreeVisitor visitor) {
public final FunctionExpressionContext functionExpression() throws RecognitionException {
FunctionExpressionContext _localctx = new FunctionExpressionContext(_ctx, getState());
- enterRule(_localctx, 34, RULE_functionExpression);
+ enterRule(_localctx, 38, RULE_functionExpression);
int _la;
try {
enterOuterAlt(_localctx, 1);
{
- setState(219);
- identifier();
- setState(220);
- match(LP);
setState(229);
+ ((FunctionExpressionContext)_localctx).name = match(IDENTIFIER);
+ setState(230);
+ match(LP);
+ setState(239);
_la = _input.LA(1);
- if ((((_la) & ~0x3f) == 0 && ((1L << _la) & ((1L << FALSE) | (1L << NOT) | (1L << NULL) | (1L << TRUE) | (1L << PLUS) | (1L << MINUS) | (1L << LP) | (1L << STRING) | (1L << INTEGER_VALUE) | (1L << DECIMAL_VALUE) | (1L << IDENTIFIER) | (1L << DIGIT_IDENTIFIER) | (1L << QUOTED_IDENTIFIER))) != 0)) {
+ if ((((_la) & ~0x3f) == 0 && ((1L << _la) & ((1L << FALSE) | (1L << NOT) | (1L << NULL) | (1L << TRUE) | (1L << PLUS) | (1L << MINUS) | (1L << LP) | (1L << ESCAPED_IDENTIFIER) | (1L << STRING) | (1L << INTEGER_VALUE) | (1L << DECIMAL_VALUE) | (1L << IDENTIFIER))) != 0)) {
{
- setState(221);
+ setState(231);
expression();
- setState(226);
+ setState(236);
_errHandler.sync(this);
_la = _input.LA(1);
while (_la==COMMA) {
{
{
- setState(222);
+ setState(232);
match(COMMA);
- setState(223);
+ setState(233);
expression();
}
}
- setState(228);
+ setState(238);
_errHandler.sync(this);
_la = _input.LA(1);
}
}
}
- setState(231);
+ setState(241);
match(RP);
}
}
@@ -1774,9 +1909,8 @@ public T accept(ParseTreeVisitor visitor) {
}
}
public static class StringLiteralContext extends ConstantContext {
- public List STRING() { return getTokens(EqlBaseParser.STRING); }
- public TerminalNode STRING(int i) {
- return getToken(EqlBaseParser.STRING, i);
+ public StringContext string() {
+ return getRuleContext(StringContext.class,0);
}
public StringLiteralContext(ConstantContext ctx) { copyFrom(ctx); }
@Override
@@ -1834,16 +1968,15 @@ public T accept(ParseTreeVisitor visitor) {
public final ConstantContext constant() throws RecognitionException {
ConstantContext _localctx = new ConstantContext(_ctx, getState());
- enterRule(_localctx, 36, RULE_constant);
+ enterRule(_localctx, 40, RULE_constant);
try {
- int _alt;
- setState(241);
+ setState(247);
switch (_input.LA(1)) {
case NULL:
_localctx = new NullLiteralContext(_localctx);
enterOuterAlt(_localctx, 1);
{
- setState(233);
+ setState(243);
match(NULL);
}
break;
@@ -1852,7 +1985,7 @@ public final ConstantContext constant() throws RecognitionException {
_localctx = new NumericLiteralContext(_localctx);
enterOuterAlt(_localctx, 2);
{
- setState(234);
+ setState(244);
number();
}
break;
@@ -1861,7 +1994,7 @@ public final ConstantContext constant() throws RecognitionException {
_localctx = new BooleanLiteralContext(_localctx);
enterOuterAlt(_localctx, 3);
{
- setState(235);
+ setState(245);
booleanValue();
}
break;
@@ -1869,26 +2002,8 @@ public final ConstantContext constant() throws RecognitionException {
_localctx = new StringLiteralContext(_localctx);
enterOuterAlt(_localctx, 4);
{
- setState(237);
- _errHandler.sync(this);
- _alt = 1;
- do {
- switch (_alt) {
- case 1:
- {
- {
- setState(236);
- match(STRING);
- }
- }
- break;
- default:
- throw new NoViableAltException(this);
- }
- setState(239);
- _errHandler.sync(this);
- _alt = getInterpreter().adaptivePredict(_input,27,_ctx);
- } while ( _alt!=2 && _alt!=org.antlr.v4.runtime.atn.ATN.INVALID_ALT_NUMBER );
+ setState(246);
+ string();
}
break;
default:
@@ -1934,12 +2049,12 @@ public T accept(ParseTreeVisitor visitor) {
public final ComparisonOperatorContext comparisonOperator() throws RecognitionException {
ComparisonOperatorContext _localctx = new ComparisonOperatorContext(_ctx, getState());
- enterRule(_localctx, 38, RULE_comparisonOperator);
+ enterRule(_localctx, 42, RULE_comparisonOperator);
int _la;
try {
enterOuterAlt(_localctx, 1);
{
- setState(243);
+ setState(249);
_la = _input.LA(1);
if ( !((((_la) & ~0x3f) == 0 && ((1L << _la) & ((1L << EQ) | (1L << NEQ) | (1L << LT) | (1L << LTE) | (1L << GT) | (1L << GTE))) != 0)) ) {
_errHandler.recoverInline(this);
@@ -1983,12 +2098,12 @@ public T accept(ParseTreeVisitor visitor) {
public final BooleanValueContext booleanValue() throws RecognitionException {
BooleanValueContext _localctx = new BooleanValueContext(_ctx, getState());
- enterRule(_localctx, 40, RULE_booleanValue);
+ enterRule(_localctx, 44, RULE_booleanValue);
int _la;
try {
enterOuterAlt(_localctx, 1);
{
- setState(245);
+ setState(251);
_la = _input.LA(1);
if ( !(_la==FALSE || _la==TRUE) ) {
_errHandler.recoverInline(this);
@@ -2008,74 +2123,6 @@ public final BooleanValueContext booleanValue() throws RecognitionException {
return _localctx;
}
- public static class QualifiedNamesContext extends ParserRuleContext {
- public List qualifiedName() {
- return getRuleContexts(QualifiedNameContext.class);
- }
- public QualifiedNameContext qualifiedName(int i) {
- return getRuleContext(QualifiedNameContext.class,i);
- }
- public List COMMA() { return getTokens(EqlBaseParser.COMMA); }
- public TerminalNode COMMA(int i) {
- return getToken(EqlBaseParser.COMMA, i);
- }
- public QualifiedNamesContext(ParserRuleContext parent, int invokingState) {
- super(parent, invokingState);
- }
- @Override public int getRuleIndex() { return RULE_qualifiedNames; }
- @Override
- public void enterRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterQualifiedNames(this);
- }
- @Override
- public void exitRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitQualifiedNames(this);
- }
- @Override
- public T accept(ParseTreeVisitor visitor) {
- if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitQualifiedNames(this);
- else return visitor.visitChildren(this);
- }
- }
-
- public final QualifiedNamesContext qualifiedNames() throws RecognitionException {
- QualifiedNamesContext _localctx = new QualifiedNamesContext(_ctx, getState());
- enterRule(_localctx, 42, RULE_qualifiedNames);
- int _la;
- try {
- enterOuterAlt(_localctx, 1);
- {
- setState(247);
- qualifiedName();
- setState(252);
- _errHandler.sync(this);
- _la = _input.LA(1);
- while (_la==COMMA) {
- {
- {
- setState(248);
- match(COMMA);
- setState(249);
- qualifiedName();
- }
- }
- setState(254);
- _errHandler.sync(this);
- _la = _input.LA(1);
- }
- }
- }
- catch (RecognitionException re) {
- _localctx.exception = re;
- _errHandler.reportError(this, re);
- _errHandler.recover(this, re);
- }
- finally {
- exitRule();
- }
- return _localctx;
- }
-
public static class QualifiedNameContext extends ParserRuleContext {
public List identifier() {
return getRuleContexts(IdentifierContext.class);
@@ -2087,6 +2134,18 @@ public IdentifierContext identifier(int i) {
public TerminalNode DOT(int i) {
return getToken(EqlBaseParser.DOT, i);
}
+ public List LB() { return getTokens(EqlBaseParser.LB); }
+ public TerminalNode LB(int i) {
+ return getToken(EqlBaseParser.LB, i);
+ }
+ public List RB() { return getTokens(EqlBaseParser.RB); }
+ public TerminalNode RB(int i) {
+ return getToken(EqlBaseParser.RB, i);
+ }
+ public List INTEGER_VALUE() { return getTokens(EqlBaseParser.INTEGER_VALUE); }
+ public TerminalNode INTEGER_VALUE(int i) {
+ return getToken(EqlBaseParser.INTEGER_VALUE, i);
+ }
public QualifiedNameContext(ParserRuleContext parent, int invokingState) {
super(parent, invokingState);
}
@@ -2108,31 +2167,61 @@ public T accept(ParseTreeVisitor visitor) {
public final QualifiedNameContext qualifiedName() throws RecognitionException {
QualifiedNameContext _localctx = new QualifiedNameContext(_ctx, getState());
- enterRule(_localctx, 44, RULE_qualifiedName);
+ enterRule(_localctx, 46, RULE_qualifiedName);
+ int _la;
try {
int _alt;
enterOuterAlt(_localctx, 1);
{
- setState(260);
+ setState(253);
+ identifier();
+ setState(265);
_errHandler.sync(this);
- _alt = getInterpreter().adaptivePredict(_input,30,_ctx);
+ _alt = getInterpreter().adaptivePredict(_input,32,_ctx);
while ( _alt!=2 && _alt!=org.antlr.v4.runtime.atn.ATN.INVALID_ALT_NUMBER ) {
if ( _alt==1 ) {
{
- {
- setState(255);
- identifier();
- setState(256);
- match(DOT);
+ setState(263);
+ switch (_input.LA(1)) {
+ case DOT:
+ {
+ setState(254);
+ match(DOT);
+ setState(255);
+ identifier();
+ }
+ break;
+ case LB:
+ {
+ setState(256);
+ match(LB);
+ setState(258);
+ _errHandler.sync(this);
+ _la = _input.LA(1);
+ do {
+ {
+ {
+ setState(257);
+ match(INTEGER_VALUE);
+ }
+ }
+ setState(260);
+ _errHandler.sync(this);
+ _la = _input.LA(1);
+ } while ( _la==INTEGER_VALUE );
+ setState(262);
+ match(RB);
+ }
+ break;
+ default:
+ throw new NoViableAltException(this);
}
}
}
- setState(262);
+ setState(267);
_errHandler.sync(this);
- _alt = getInterpreter().adaptivePredict(_input,30,_ctx);
+ _alt = getInterpreter().adaptivePredict(_input,32,_ctx);
}
- setState(263);
- identifier();
}
}
catch (RecognitionException re) {
@@ -2147,12 +2236,8 @@ public final QualifiedNameContext qualifiedName() throws RecognitionException {
}
public static class IdentifierContext extends ParserRuleContext {
- public QuoteIdentifierContext quoteIdentifier() {
- return getRuleContext(QuoteIdentifierContext.class,0);
- }
- public UnquoteIdentifierContext unquoteIdentifier() {
- return getRuleContext(UnquoteIdentifierContext.class,0);
- }
+ public TerminalNode IDENTIFIER() { return getToken(EqlBaseParser.IDENTIFIER, 0); }
+ public TerminalNode ESCAPED_IDENTIFIER() { return getToken(EqlBaseParser.ESCAPED_IDENTIFIER, 0); }
public IdentifierContext(ParserRuleContext parent, int invokingState) {
super(parent, invokingState);
}
@@ -2174,78 +2259,18 @@ public T accept(ParseTreeVisitor visitor) {
public final IdentifierContext identifier() throws RecognitionException {
IdentifierContext _localctx = new IdentifierContext(_ctx, getState());
- enterRule(_localctx, 46, RULE_identifier);
- try {
- setState(267);
- switch (_input.LA(1)) {
- case QUOTED_IDENTIFIER:
- enterOuterAlt(_localctx, 1);
- {
- setState(265);
- quoteIdentifier();
- }
- break;
- case IDENTIFIER:
- case DIGIT_IDENTIFIER:
- enterOuterAlt(_localctx, 2);
- {
- setState(266);
- unquoteIdentifier();
- }
- break;
- default:
- throw new NoViableAltException(this);
- }
- }
- catch (RecognitionException re) {
- _localctx.exception = re;
- _errHandler.reportError(this, re);
- _errHandler.recover(this, re);
- }
- finally {
- exitRule();
- }
- return _localctx;
- }
-
- public static class QuoteIdentifierContext extends ParserRuleContext {
- public QuoteIdentifierContext(ParserRuleContext parent, int invokingState) {
- super(parent, invokingState);
- }
- @Override public int getRuleIndex() { return RULE_quoteIdentifier; }
-
- public QuoteIdentifierContext() { }
- public void copyFrom(QuoteIdentifierContext ctx) {
- super.copyFrom(ctx);
- }
- }
- public static class QuotedIdentifierContext extends QuoteIdentifierContext {
- public TerminalNode QUOTED_IDENTIFIER() { return getToken(EqlBaseParser.QUOTED_IDENTIFIER, 0); }
- public QuotedIdentifierContext(QuoteIdentifierContext ctx) { copyFrom(ctx); }
- @Override
- public void enterRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterQuotedIdentifier(this);
- }
- @Override
- public void exitRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitQuotedIdentifier(this);
- }
- @Override
- public T accept(ParseTreeVisitor visitor) {
- if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitQuotedIdentifier(this);
- else return visitor.visitChildren(this);
- }
- }
-
- public final QuoteIdentifierContext quoteIdentifier() throws RecognitionException {
- QuoteIdentifierContext _localctx = new QuoteIdentifierContext(_ctx, getState());
- enterRule(_localctx, 48, RULE_quoteIdentifier);
+ enterRule(_localctx, 48, RULE_identifier);
+ int _la;
try {
- _localctx = new QuotedIdentifierContext(_localctx);
enterOuterAlt(_localctx, 1);
{
- setState(269);
- match(QUOTED_IDENTIFIER);
+ setState(268);
+ _la = _input.LA(1);
+ if ( !(_la==ESCAPED_IDENTIFIER || _la==IDENTIFIER) ) {
+ _errHandler.recoverInline(this);
+ } else {
+ consume();
+ }
}
}
catch (RecognitionException re) {
@@ -2259,76 +2284,49 @@ public final QuoteIdentifierContext quoteIdentifier() throws RecognitionExceptio
return _localctx;
}
- public static class UnquoteIdentifierContext extends ParserRuleContext {
- public UnquoteIdentifierContext(ParserRuleContext parent, int invokingState) {
- super(parent, invokingState);
- }
- @Override public int getRuleIndex() { return RULE_unquoteIdentifier; }
-
- public UnquoteIdentifierContext() { }
- public void copyFrom(UnquoteIdentifierContext ctx) {
- super.copyFrom(ctx);
- }
- }
- public static class DigitIdentifierContext extends UnquoteIdentifierContext {
- public TerminalNode DIGIT_IDENTIFIER() { return getToken(EqlBaseParser.DIGIT_IDENTIFIER, 0); }
- public DigitIdentifierContext(UnquoteIdentifierContext ctx) { copyFrom(ctx); }
- @Override
- public void enterRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterDigitIdentifier(this);
- }
- @Override
- public void exitRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitDigitIdentifier(this);
- }
- @Override
- public T accept(ParseTreeVisitor visitor) {
- if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitDigitIdentifier(this);
- else return visitor.visitChildren(this);
+ public static class TimeUnitContext extends ParserRuleContext {
+ public Token unit;
+ public NumberContext number() {
+ return getRuleContext(NumberContext.class,0);
}
- }
- public static class UnquotedIdentifierContext extends UnquoteIdentifierContext {
public TerminalNode IDENTIFIER() { return getToken(EqlBaseParser.IDENTIFIER, 0); }
- public UnquotedIdentifierContext(UnquoteIdentifierContext ctx) { copyFrom(ctx); }
+ public TimeUnitContext(ParserRuleContext parent, int invokingState) {
+ super(parent, invokingState);
+ }
+ @Override public int getRuleIndex() { return RULE_timeUnit; }
@Override
public void enterRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterUnquotedIdentifier(this);
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).enterTimeUnit(this);
}
@Override
public void exitRule(ParseTreeListener listener) {
- if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitUnquotedIdentifier(this);
+ if ( listener instanceof EqlBaseListener ) ((EqlBaseListener)listener).exitTimeUnit(this);
}
@Override
public T accept(ParseTreeVisitor visitor) {
- if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitUnquotedIdentifier(this);
+ if ( visitor instanceof EqlBaseVisitor ) return ((EqlBaseVisitor)visitor).visitTimeUnit(this);
else return visitor.visitChildren(this);
}
}
- public final UnquoteIdentifierContext unquoteIdentifier() throws RecognitionException {
- UnquoteIdentifierContext _localctx = new UnquoteIdentifierContext(_ctx, getState());
- enterRule(_localctx, 50, RULE_unquoteIdentifier);
+ public final TimeUnitContext timeUnit() throws RecognitionException {
+ TimeUnitContext _localctx = new TimeUnitContext(_ctx, getState());
+ enterRule(_localctx, 50, RULE_timeUnit);
+ int _la;
try {
- setState(273);
- switch (_input.LA(1)) {
- case IDENTIFIER:
- _localctx = new UnquotedIdentifierContext(_localctx);
- enterOuterAlt(_localctx, 1);
+ enterOuterAlt(_localctx, 1);
+ {
+ setState(270);
+ number();
+ setState(272);
+ _la = _input.LA(1);
+ if (_la==IDENTIFIER) {
{
setState(271);
- match(IDENTIFIER);
- }
- break;
- case DIGIT_IDENTIFIER:
- _localctx = new DigitIdentifierContext(_localctx);
- enterOuterAlt(_localctx, 2);
- {
- setState(272);
- match(DIGIT_IDENTIFIER);
+ ((TimeUnitContext)_localctx).unit = match(IDENTIFIER);
}
- break;
- default:
- throw new NoViableAltException(this);
+ }
+
}
}
catch (RecognitionException re) {
@@ -2392,13 +2390,13 @@ public final NumberContext number() throws RecognitionException {
NumberContext _localctx = new NumberContext(_ctx, getState());
enterRule(_localctx, 52, RULE_number);
try {
- setState(277);
+ setState(276);
switch (_input.LA(1)) {
case DECIMAL_VALUE:
_localctx = new DecimalLiteralContext(_localctx);
enterOuterAlt(_localctx, 1);
{
- setState(275);
+ setState(274);
match(DECIMAL_VALUE);
}
break;
@@ -2406,7 +2404,7 @@ public final NumberContext number() throws RecognitionException {
_localctx = new IntegerLiteralContext(_localctx);
enterOuterAlt(_localctx, 2);
{
- setState(276);
+ setState(275);
match(INTEGER_VALUE);
}
break;
@@ -2452,7 +2450,7 @@ public final StringContext string() throws RecognitionException {
try {
enterOuterAlt(_localctx, 1);
{
- setState(279);
+ setState(278);
match(STRING);
}
}
@@ -2469,9 +2467,9 @@ public final StringContext string() throws RecognitionException {
public boolean sempred(RuleContext _localctx, int ruleIndex, int predIndex) {
switch (ruleIndex) {
- case 12:
+ case 14:
return booleanExpression_sempred((BooleanExpressionContext)_localctx, predIndex);
- case 15:
+ case 17:
return valueExpression_sempred((ValueExpressionContext)_localctx, predIndex);
}
return true;
@@ -2498,102 +2496,103 @@ private boolean valueExpression_sempred(ValueExpressionContext _localctx, int pr
}
public static final String _serializedATN =
- "\3\u0430\ud6d1\u8206\uad2d\u4417\uaef1\u8d80\uaadd\3\64\u011c\4\2\t\2"+
- "\4\3\t\3\4\4\t\4\4\5\t\5\4\6\t\6\4\7\t\7\4\b\t\b\4\t\t\t\4\n\t\n\4\13"+
- "\t\13\4\f\t\f\4\r\t\r\4\16\t\16\4\17\t\17\4\20\t\20\4\21\t\21\4\22\t\22"+
+ "\3\u0430\ud6d1\u8206\uad2d\u4417\uaef1\u8d80\uaadd\3,\u011b\4\2\t\2\4"+
+ "\3\t\3\4\4\t\4\4\5\t\5\4\6\t\6\4\7\t\7\4\b\t\b\4\t\t\t\4\n\t\n\4\13\t"+
+ "\13\4\f\t\f\4\r\t\r\4\16\t\16\4\17\t\17\4\20\t\20\4\21\t\21\4\22\t\22"+
"\4\23\t\23\4\24\t\24\4\25\t\25\4\26\t\26\4\27\t\27\4\30\t\30\4\31\t\31"+
"\4\32\t\32\4\33\t\33\4\34\t\34\4\35\t\35\3\2\3\2\3\2\3\3\3\3\3\3\3\4\3"+
- "\4\3\4\7\4D\n\4\f\4\16\4G\13\4\3\5\3\5\3\5\5\5L\n\5\3\6\3\6\5\6P\n\6\3"+
- "\6\5\6S\n\6\3\6\6\6V\n\6\r\6\16\6W\3\6\3\6\5\6\\\n\6\3\7\3\7\5\7`\n\7"+
- "\3\7\6\7c\n\7\r\7\16\7d\3\7\3\7\5\7i\n\7\3\b\3\b\3\b\3\b\7\bo\n\b\f\b"+
- "\16\br\13\b\5\bt\n\b\3\t\3\t\3\t\3\n\3\n\3\n\3\n\3\n\3\13\3\13\3\13\3"+
- "\13\5\13\u0082\n\13\3\f\3\f\3\f\3\f\3\r\3\r\3\16\3\16\3\16\3\16\5\16\u008e"+
- "\n\16\3\16\3\16\3\16\3\16\3\16\3\16\7\16\u0096\n\16\f\16\16\16\u0099\13"+
- "\16\3\17\3\17\5\17\u009d\n\17\3\20\5\20\u00a0\n\20\3\20\3\20\3\20\3\20"+
- "\3\20\3\20\5\20\u00a8\n\20\3\20\3\20\3\20\3\20\3\20\7\20\u00af\n\20\f"+
- "\20\16\20\u00b2\13\20\3\20\3\20\3\20\5\20\u00b7\n\20\3\20\3\20\3\20\3"+
- "\20\3\20\5\20\u00be\n\20\3\21\3\21\3\21\3\21\5\21\u00c4\n\21\3\21\3\21"+
- "\3\21\3\21\3\21\3\21\3\21\3\21\3\21\3\21\7\21\u00d0\n\21\f\21\16\21\u00d3"+
- "\13\21\3\22\3\22\3\22\3\22\3\22\3\22\3\22\5\22\u00dc\n\22\3\23\3\23\3"+
- "\23\3\23\3\23\7\23\u00e3\n\23\f\23\16\23\u00e6\13\23\5\23\u00e8\n\23\3"+
- "\23\3\23\3\24\3\24\3\24\3\24\6\24\u00f0\n\24\r\24\16\24\u00f1\5\24\u00f4"+
- "\n\24\3\25\3\25\3\26\3\26\3\27\3\27\3\27\7\27\u00fd\n\27\f\27\16\27\u0100"+
- "\13\27\3\30\3\30\3\30\7\30\u0105\n\30\f\30\16\30\u0108\13\30\3\30\3\30"+
- "\3\31\3\31\5\31\u010e\n\31\3\32\3\32\3\33\3\33\5\33\u0114\n\33\3\34\3"+
- "\34\5\34\u0118\n\34\3\35\3\35\3\35\2\4\32 \36\2\4\6\b\n\f\16\20\22\24"+
- "\26\30\32\34\36 \"$&(*,.\60\62\64\668\2\6\3\2\36\37\3\2 \"\3\2\30\35\4"+
- "\2\13\13\24\24\u0128\2:\3\2\2\2\4=\3\2\2\2\6@\3\2\2\2\bK\3\2\2\2\nM\3"+
- "\2\2\2\f]\3\2\2\2\16j\3\2\2\2\20u\3\2\2\2\22x\3\2\2\2\24}\3\2\2\2\26\u0083"+
- "\3\2\2\2\30\u0087\3\2\2\2\32\u008d\3\2\2\2\34\u009a\3\2\2\2\36\u00bd\3"+
- "\2\2\2 \u00c3\3\2\2\2\"\u00db\3\2\2\2$\u00dd\3\2\2\2&\u00f3\3\2\2\2(\u00f5"+
- "\3\2\2\2*\u00f7\3\2\2\2,\u00f9\3\2\2\2.\u0106\3\2\2\2\60\u010d\3\2\2\2"+
- "\62\u010f\3\2\2\2\64\u0113\3\2\2\2\66\u0117\3\2\2\28\u0119\3\2\2\2:;\5"+
- "\6\4\2;<\7\2\2\3<\3\3\2\2\2=>\5\30\r\2>?\7\2\2\3?\5\3\2\2\2@E\5\b\5\2"+
- "AB\7)\2\2BD\5\16\b\2CA\3\2\2\2DG\3\2\2\2EC\3\2\2\2EF\3\2\2\2F\7\3\2\2"+
- "\2GE\3\2\2\2HL\5\n\6\2IL\5\f\7\2JL\5\26\f\2KH\3\2\2\2KI\3\2\2\2KJ\3\2"+
- "\2\2L\t\3\2\2\2MO\7\23\2\2NP\5\20\t\2ON\3\2\2\2OP\3\2\2\2PR\3\2\2\2QS"+
- "\5\22\n\2RQ\3\2\2\2RS\3\2\2\2SU\3\2\2\2TV\5\24\13\2UT\3\2\2\2VW\3\2\2"+
- "\2WU\3\2\2\2WX\3\2\2\2X[\3\2\2\2YZ\7\25\2\2Z\\\5\24\13\2[Y\3\2\2\2[\\"+
- "\3\2\2\2\\\13\3\2\2\2]_\7\r\2\2^`\5\20\t\2_^\3\2\2\2_`\3\2\2\2`b\3\2\2"+
- "\2ac\5\24\13\2ba\3\2\2\2cd\3\2\2\2db\3\2\2\2de\3\2\2\2eh\3\2\2\2fg\7\25"+
- "\2\2gi\5\24\13\2hf\3\2\2\2hi\3\2\2\2i\r\3\2\2\2js\7-\2\2kp\5\32\16\2l"+
- "m\7$\2\2mo\5\32\16\2nl\3\2\2\2or\3\2\2\2pn\3\2\2\2pq\3\2\2\2qt\3\2\2\2"+
- "rp\3\2\2\2sk\3\2\2\2st\3\2\2\2t\17\3\2\2\2uv\7\7\2\2vw\5,\27\2w\21\3\2"+
- "\2\2xy\7\27\2\2yz\7\16\2\2z{\7\30\2\2{|\7.\2\2|\23\3\2\2\2}~\7%\2\2~\177"+
- "\5\26\f\2\177\u0081\7&\2\2\u0080\u0082\5\20\t\2\u0081\u0080\3\2\2\2\u0081"+
- "\u0082\3\2\2\2\u0082\25\3\2\2\2\u0083\u0084\5.\30\2\u0084\u0085\7\26\2"+
- "\2\u0085\u0086\5\30\r\2\u0086\27\3\2\2\2\u0087\u0088\5\32\16\2\u0088\31"+
- "\3\2\2\2\u0089\u008a\b\16\1\2\u008a\u008b\7\17\2\2\u008b\u008e\5\32\16"+
- "\6\u008c\u008e\5\34\17\2\u008d\u0089\3\2\2\2\u008d\u008c\3\2\2\2\u008e"+
- "\u0097\3\2\2\2\u008f\u0090\f\4\2\2\u0090\u0091\7\3\2\2\u0091\u0096\5\32"+
- "\16\5\u0092\u0093\f\3\2\2\u0093\u0094\7\22\2\2\u0094\u0096\5\32\16\4\u0095"+
- "\u008f\3\2\2\2\u0095\u0092\3\2\2\2\u0096\u0099\3\2\2\2\u0097\u0095\3\2"+
- "\2\2\u0097\u0098\3\2\2\2\u0098\33\3\2\2\2\u0099\u0097\3\2\2\2\u009a\u009c"+
- "\5 \21\2\u009b\u009d\5\36\20\2\u009c\u009b\3\2\2\2\u009c\u009d\3\2\2\2"+
- "\u009d\35\3\2\2\2\u009e\u00a0\7\17\2\2\u009f\u009e\3\2\2\2\u009f\u00a0"+
- "\3\2\2\2\u00a0\u00a1\3\2\2\2\u00a1\u00a2\7\6\2\2\u00a2\u00a3\5 \21\2\u00a3"+
- "\u00a4\7\3\2\2\u00a4\u00a5\5 \21\2\u00a5\u00be\3\2\2\2\u00a6\u00a8\7\17"+
- "\2\2\u00a7\u00a6\3\2\2\2\u00a7\u00a8\3\2\2\2\u00a8\u00a9\3\2\2\2\u00a9"+
- "\u00aa\7\f\2\2\u00aa\u00ab\7\'\2\2\u00ab\u00b0\5 \21\2\u00ac\u00ad\7$"+
- "\2\2\u00ad\u00af\5 \21\2\u00ae\u00ac\3\2\2\2\u00af\u00b2\3\2\2\2\u00b0"+
- "\u00ae\3\2\2\2\u00b0\u00b1\3\2\2\2\u00b1\u00b3\3\2\2\2\u00b2\u00b0\3\2"+
- "\2\2\u00b3\u00b4\7(\2\2\u00b4\u00be\3\2\2\2\u00b5\u00b7\7\17\2\2\u00b6"+
- "\u00b5\3\2\2\2\u00b6\u00b7\3\2\2\2\u00b7\u00b8\3\2\2\2\u00b8\u00b9\7\f"+
- "\2\2\u00b9\u00ba\7\'\2\2\u00ba\u00bb\5\b\5\2\u00bb\u00bc\7(\2\2\u00bc"+
- "\u00be\3\2\2\2\u00bd\u009f\3\2\2\2\u00bd\u00a7\3\2\2\2\u00bd\u00b6\3\2"+
- "\2\2\u00be\37\3\2\2\2\u00bf\u00c0\b\21\1\2\u00c0\u00c4\5\"\22\2\u00c1"+
- "\u00c2\t\2\2\2\u00c2\u00c4\5 \21\6\u00c3\u00bf\3\2\2\2\u00c3\u00c1\3\2"+
- "\2\2\u00c4\u00d1\3\2\2\2\u00c5\u00c6\f\5\2\2\u00c6\u00c7\t\3\2\2\u00c7"+
- "\u00d0\5 \21\6\u00c8\u00c9\f\4\2\2\u00c9\u00ca\t\2\2\2\u00ca\u00d0\5 "+
- "\21\5\u00cb\u00cc\f\3\2\2\u00cc\u00cd\5(\25\2\u00cd\u00ce\5 \21\4\u00ce"+
- "\u00d0\3\2\2\2\u00cf\u00c5\3\2\2\2\u00cf\u00c8\3\2\2\2\u00cf\u00cb\3\2"+
- "\2\2\u00d0\u00d3\3\2\2\2\u00d1\u00cf\3\2\2\2\u00d1\u00d2\3\2\2\2\u00d2"+
- "!\3\2\2\2\u00d3\u00d1\3\2\2\2\u00d4\u00dc\5&\24\2\u00d5\u00dc\5$\23\2"+
- "\u00d6\u00dc\5.\30\2\u00d7\u00d8\7\'\2\2\u00d8\u00d9\5\30\r\2\u00d9\u00da"+
- "\7(\2\2\u00da\u00dc\3\2\2\2\u00db\u00d4\3\2\2\2\u00db\u00d5\3\2\2\2\u00db"+
- "\u00d6\3\2\2\2\u00db\u00d7\3\2\2\2\u00dc#\3\2\2\2\u00dd\u00de\5\60\31"+
- "\2\u00de\u00e7\7\'\2\2\u00df\u00e4\5\30\r\2\u00e0\u00e1\7$\2\2\u00e1\u00e3"+
- "\5\30\r\2\u00e2\u00e0\3\2\2\2\u00e3\u00e6\3\2\2\2\u00e4\u00e2\3\2\2\2"+
- "\u00e4\u00e5\3\2\2\2\u00e5\u00e8\3\2\2\2\u00e6\u00e4\3\2\2\2\u00e7\u00df"+
- "\3\2\2\2\u00e7\u00e8\3\2\2\2\u00e8\u00e9\3\2\2\2\u00e9\u00ea\7(\2\2\u00ea"+
- "%\3\2\2\2\u00eb\u00f4\7\20\2\2\u00ec\u00f4\5\66\34\2\u00ed\u00f4\5*\26"+
- "\2\u00ee\u00f0\7*\2\2\u00ef\u00ee\3\2\2\2\u00f0\u00f1\3\2\2\2\u00f1\u00ef"+
- "\3\2\2\2\u00f1\u00f2\3\2\2\2\u00f2\u00f4\3\2\2\2\u00f3\u00eb\3\2\2\2\u00f3"+
- "\u00ec\3\2\2\2\u00f3\u00ed\3\2\2\2\u00f3\u00ef\3\2\2\2\u00f4\'\3\2\2\2"+
- "\u00f5\u00f6\t\4\2\2\u00f6)\3\2\2\2\u00f7\u00f8\t\5\2\2\u00f8+\3\2\2\2"+
- "\u00f9\u00fe\5.\30\2\u00fa\u00fb\7$\2\2\u00fb\u00fd\5.\30\2\u00fc\u00fa"+
- "\3\2\2\2\u00fd\u0100\3\2\2\2\u00fe\u00fc\3\2\2\2\u00fe\u00ff\3\2\2\2\u00ff"+
- "-\3\2\2\2\u0100\u00fe\3\2\2\2\u0101\u0102\5\60\31\2\u0102\u0103\7#\2\2"+
- "\u0103\u0105\3\2\2\2\u0104\u0101\3\2\2\2\u0105\u0108\3\2\2\2\u0106\u0104"+
- "\3\2\2\2\u0106\u0107\3\2\2\2\u0107\u0109\3\2\2\2\u0108\u0106\3\2\2\2\u0109"+
- "\u010a\5\60\31\2\u010a/\3\2\2\2\u010b\u010e\5\62\32\2\u010c\u010e\5\64"+
- "\33\2\u010d\u010b\3\2\2\2\u010d\u010c\3\2\2\2\u010e\61\3\2\2\2\u010f\u0110"+
- "\7/\2\2\u0110\63\3\2\2\2\u0111\u0114\7-\2\2\u0112\u0114\7.\2\2\u0113\u0111"+
- "\3\2\2\2\u0113\u0112\3\2\2\2\u0114\65\3\2\2\2\u0115\u0118\7,\2\2\u0116"+
- "\u0118\7+\2\2\u0117\u0115\3\2\2\2\u0117\u0116\3\2\2\2\u0118\67\3\2\2\2"+
- "\u0119\u011a\7*\2\2\u011a9\3\2\2\2$EKORW[_dhps\u0081\u008d\u0095\u0097"+
- "\u009c\u009f\u00a7\u00b0\u00b6\u00bd\u00c3\u00cf\u00d1\u00db\u00e4\u00e7"+
- "\u00f1\u00f3\u00fe\u0106\u010d\u0113\u0117";
+ "\4\7\4C\n\4\f\4\16\4F\13\4\3\5\3\5\3\5\5\5K\n\5\3\6\3\6\3\6\3\6\3\6\3"+
+ "\7\3\7\3\7\5\7U\n\7\3\7\3\7\5\7Y\n\7\5\7[\n\7\3\7\3\7\6\7_\n\7\r\7\16"+
+ "\7`\3\7\3\7\5\7e\n\7\3\b\3\b\5\bi\n\b\3\b\3\b\6\bm\n\b\r\b\16\bn\3\b\3"+
+ "\b\5\bs\n\b\3\t\3\t\3\t\3\t\3\t\7\tz\n\t\f\t\16\t}\13\t\5\t\177\n\t\3"+
+ "\n\3\n\3\n\3\n\7\n\u0085\n\n\f\n\16\n\u0088\13\n\3\13\3\13\5\13\u008c"+
+ "\n\13\3\f\3\f\3\f\3\f\5\f\u0092\n\f\5\f\u0094\n\f\3\f\5\f\u0097\n\f\3"+
+ "\r\3\r\3\r\3\r\3\16\3\16\3\16\3\16\3\17\3\17\3\20\3\20\3\20\3\20\3\20"+
+ "\3\20\3\20\5\20\u00aa\n\20\3\20\3\20\3\20\3\20\3\20\3\20\7\20\u00b2\n"+
+ "\20\f\20\16\20\u00b5\13\20\3\21\3\21\5\21\u00b9\n\21\3\22\5\22\u00bc\n"+
+ "\22\3\22\3\22\3\22\3\22\3\22\7\22\u00c3\n\22\f\22\16\22\u00c6\13\22\3"+
+ "\22\3\22\3\23\3\23\3\23\3\23\5\23\u00ce\n\23\3\23\3\23\3\23\3\23\3\23"+
+ "\3\23\3\23\3\23\3\23\3\23\7\23\u00da\n\23\f\23\16\23\u00dd\13\23\3\24"+
+ "\3\24\3\24\3\24\3\24\3\24\3\24\5\24\u00e6\n\24\3\25\3\25\3\25\3\25\3\25"+
+ "\7\25\u00ed\n\25\f\25\16\25\u00f0\13\25\5\25\u00f2\n\25\3\25\3\25\3\26"+
+ "\3\26\3\26\3\26\5\26\u00fa\n\26\3\27\3\27\3\30\3\30\3\31\3\31\3\31\3\31"+
+ "\3\31\6\31\u0105\n\31\r\31\16\31\u0106\3\31\7\31\u010a\n\31\f\31\16\31"+
+ "\u010d\13\31\3\32\3\32\3\33\3\33\5\33\u0113\n\33\3\34\3\34\5\34\u0117"+
+ "\n\34\3\35\3\35\3\35\2\4\36$\36\2\4\6\b\n\f\16\20\22\24\26\30\32\34\36"+
+ " \"$&(*,.\60\62\64\668\2\7\3\2\31\32\3\2\33\35\3\2\23\30\4\2\5\5\17\17"+
+ "\4\2%%))\u0129\2:\3\2\2\2\4=\3\2\2\2\6@\3\2\2\2\bJ\3\2\2\2\nL\3\2\2\2"+
+ "\fQ\3\2\2\2\16f\3\2\2\2\20t\3\2\2\2\22\u0080\3\2\2\2\24\u0089\3\2\2\2"+
+ "\26\u008d\3\2\2\2\30\u0098\3\2\2\2\32\u009c\3\2\2\2\34\u00a0\3\2\2\2\36"+
+ "\u00a9\3\2\2\2 \u00b6\3\2\2\2\"\u00bb\3\2\2\2$\u00cd\3\2\2\2&\u00e5\3"+
+ "\2\2\2(\u00e7\3\2\2\2*\u00f9\3\2\2\2,\u00fb\3\2\2\2.\u00fd\3\2\2\2\60"+
+ "\u00ff\3\2\2\2\62\u010e\3\2\2\2\64\u0110\3\2\2\2\66\u0116\3\2\2\28\u0118"+
+ "\3\2\2\2:;\5\6\4\2;<\7\2\2\3<\3\3\2\2\2=>\5\34\17\2>?\7\2\2\3?\5\3\2\2"+
+ "\2@D\5\b\5\2AC\5\20\t\2BA\3\2\2\2CF\3\2\2\2DB\3\2\2\2DE\3\2\2\2E\7\3\2"+
+ "\2\2FD\3\2\2\2GK\5\f\7\2HK\5\16\b\2IK\5\32\16\2JG\3\2\2\2JH\3\2\2\2JI"+
+ "\3\2\2\2K\t\3\2\2\2LM\7\22\2\2MN\7\t\2\2NO\7\23\2\2OP\5\64\33\2P\13\3"+
+ "\2\2\2QZ\7\16\2\2RT\5\22\n\2SU\5\n\6\2TS\3\2\2\2TU\3\2\2\2U[\3\2\2\2V"+
+ "X\5\n\6\2WY\5\22\n\2XW\3\2\2\2XY\3\2\2\2Y[\3\2\2\2ZR\3\2\2\2ZV\3\2\2\2"+
+ "Z[\3\2\2\2[\\\3\2\2\2\\^\5\26\f\2]_\5\26\f\2^]\3\2\2\2_`\3\2\2\2`^\3\2"+
+ "\2\2`a\3\2\2\2ad\3\2\2\2bc\7\20\2\2ce\5\26\f\2db\3\2\2\2de\3\2\2\2e\r"+
+ "\3\2\2\2fh\7\b\2\2gi\5\22\n\2hg\3\2\2\2hi\3\2\2\2ij\3\2\2\2jl\5\24\13"+
+ "\2km\5\24\13\2lk\3\2\2\2mn\3\2\2\2nl\3\2\2\2no\3\2\2\2or\3\2\2\2pq\7\20"+
+ "\2\2qs\5\24\13\2rp\3\2\2\2rs\3\2\2\2s\17\3\2\2\2tu\7$\2\2u~\7)\2\2v{\5"+
+ "\36\20\2wx\7\37\2\2xz\5\36\20\2yw\3\2\2\2z}\3\2\2\2{y\3\2\2\2{|\3\2\2"+
+ "\2|\177\3\2\2\2}{\3\2\2\2~v\3\2\2\2~\177\3\2\2\2\177\21\3\2\2\2\u0080"+
+ "\u0081\7\4\2\2\u0081\u0086\5\34\17\2\u0082\u0083\7\37\2\2\u0083\u0085"+
+ "\5\34\17\2\u0084\u0082\3\2\2\2\u0085\u0088\3\2\2\2\u0086\u0084\3\2\2\2"+
+ "\u0086\u0087\3\2\2\2\u0087\23\3\2\2\2\u0088\u0086\3\2\2\2\u0089\u008b"+
+ "\5\30\r\2\u008a\u008c\5\22\n\2\u008b\u008a\3\2\2\2\u008b\u008c\3\2\2\2"+
+ "\u008c\25\3\2\2\2\u008d\u0093\5\30\r\2\u008e\u0091\7\6\2\2\u008f\u0090"+
+ "\7\23\2\2\u0090\u0092\5.\30\2\u0091\u008f\3\2\2\2\u0091\u0092\3\2\2\2"+
+ "\u0092\u0094\3\2\2\2\u0093\u008e\3\2\2\2\u0093\u0094\3\2\2\2\u0094\u0096"+
+ "\3\2\2\2\u0095\u0097\5\22\n\2\u0096\u0095\3\2\2\2\u0096\u0097\3\2\2\2"+
+ "\u0097\27\3\2\2\2\u0098\u0099\7 \2\2\u0099\u009a\5\32\16\2\u009a\u009b"+
+ "\7!\2\2\u009b\31\3\2\2\2\u009c\u009d\5\62\32\2\u009d\u009e\7\21\2\2\u009e"+
+ "\u009f\5\34\17\2\u009f\33\3\2\2\2\u00a0\u00a1\5\36\20\2\u00a1\35\3\2\2"+
+ "\2\u00a2\u00a3\b\20\1\2\u00a3\u00a4\7\n\2\2\u00a4\u00aa\5\36\20\7\u00a5"+
+ "\u00a6\7)\2\2\u00a6\u00a7\7\f\2\2\u00a7\u00aa\5\30\r\2\u00a8\u00aa\5 "+
+ "\21\2\u00a9\u00a2\3\2\2\2\u00a9\u00a5\3\2\2\2\u00a9\u00a8\3\2\2\2\u00aa"+
+ "\u00b3\3\2\2\2\u00ab\u00ac\f\4\2\2\u00ac\u00ad\7\3\2\2\u00ad\u00b2\5\36"+
+ "\20\5\u00ae\u00af\f\3\2\2\u00af\u00b0\7\r\2\2\u00b0\u00b2\5\36\20\4\u00b1"+
+ "\u00ab\3\2\2\2\u00b1\u00ae\3\2\2\2\u00b2\u00b5\3\2\2\2\u00b3\u00b1\3\2"+
+ "\2\2\u00b3\u00b4\3\2\2\2\u00b4\37\3\2\2\2\u00b5\u00b3\3\2\2\2\u00b6\u00b8"+
+ "\5$\23\2\u00b7\u00b9\5\"\22\2\u00b8\u00b7\3\2\2\2\u00b8\u00b9\3\2\2\2"+
+ "\u00b9!\3\2\2\2\u00ba\u00bc\7\n\2\2\u00bb\u00ba\3\2\2\2\u00bb\u00bc\3"+
+ "\2\2\2\u00bc\u00bd\3\2\2\2\u00bd\u00be\7\7\2\2\u00be\u00bf\7\"\2\2\u00bf"+
+ "\u00c4\5$\23\2\u00c0\u00c1\7\37\2\2\u00c1\u00c3\5$\23\2\u00c2\u00c0\3"+
+ "\2\2\2\u00c3\u00c6\3\2\2\2\u00c4\u00c2\3\2\2\2\u00c4\u00c5\3\2\2\2\u00c5"+
+ "\u00c7\3\2\2\2\u00c6\u00c4\3\2\2\2\u00c7\u00c8\7#\2\2\u00c8#\3\2\2\2\u00c9"+
+ "\u00ca\b\23\1\2\u00ca\u00ce\5&\24\2\u00cb\u00cc\t\2\2\2\u00cc\u00ce\5"+
+ "$\23\6\u00cd\u00c9\3\2\2\2\u00cd\u00cb\3\2\2\2\u00ce\u00db\3\2\2\2\u00cf"+
+ "\u00d0\f\5\2\2\u00d0\u00d1\t\3\2\2\u00d1\u00da\5$\23\6\u00d2\u00d3\f\4"+
+ "\2\2\u00d3\u00d4\t\2\2\2\u00d4\u00da\5$\23\5\u00d5\u00d6\f\3\2\2\u00d6"+
+ "\u00d7\5,\27\2\u00d7\u00d8\5$\23\4\u00d8\u00da\3\2\2\2\u00d9\u00cf\3\2"+
+ "\2\2\u00d9\u00d2\3\2\2\2\u00d9\u00d5\3\2\2\2\u00da\u00dd\3\2\2\2\u00db"+
+ "\u00d9\3\2\2\2\u00db\u00dc\3\2\2\2\u00dc%\3\2\2\2\u00dd\u00db\3\2\2\2"+
+ "\u00de\u00e6\5*\26\2\u00df\u00e6\5(\25\2\u00e0\u00e6\5\60\31\2\u00e1\u00e2"+
+ "\7\"\2\2\u00e2\u00e3\5\34\17\2\u00e3\u00e4\7#\2\2\u00e4\u00e6\3\2\2\2"+
+ "\u00e5\u00de\3\2\2\2\u00e5\u00df\3\2\2\2\u00e5\u00e0\3\2\2\2\u00e5\u00e1"+
+ "\3\2\2\2\u00e6\'\3\2\2\2\u00e7\u00e8\7)\2\2\u00e8\u00f1\7\"\2\2\u00e9"+
+ "\u00ee\5\34\17\2\u00ea\u00eb\7\37\2\2\u00eb\u00ed\5\34\17\2\u00ec\u00ea"+
+ "\3\2\2\2\u00ed\u00f0\3\2\2\2\u00ee\u00ec\3\2\2\2\u00ee\u00ef\3\2\2\2\u00ef"+
+ "\u00f2\3\2\2\2\u00f0\u00ee\3\2\2\2\u00f1\u00e9\3\2\2\2\u00f1\u00f2\3\2"+
+ "\2\2\u00f2\u00f3\3\2\2\2\u00f3\u00f4\7#\2\2\u00f4)\3\2\2\2\u00f5\u00fa"+
+ "\7\13\2\2\u00f6\u00fa\5\66\34\2\u00f7\u00fa\5.\30\2\u00f8\u00fa\58\35"+
+ "\2\u00f9\u00f5\3\2\2\2\u00f9\u00f6\3\2\2\2\u00f9\u00f7\3\2\2\2\u00f9\u00f8"+
+ "\3\2\2\2\u00fa+\3\2\2\2\u00fb\u00fc\t\4\2\2\u00fc-\3\2\2\2\u00fd\u00fe"+
+ "\t\5\2\2\u00fe/\3\2\2\2\u00ff\u010b\5\62\32\2\u0100\u0101\7\36\2\2\u0101"+
+ "\u010a\5\62\32\2\u0102\u0104\7 \2\2\u0103\u0105\7\'\2\2\u0104\u0103\3"+
+ "\2\2\2\u0105\u0106\3\2\2\2\u0106\u0104\3\2\2\2\u0106\u0107\3\2\2\2\u0107"+
+ "\u0108\3\2\2\2\u0108\u010a\7!\2\2\u0109\u0100\3\2\2\2\u0109\u0102\3\2"+
+ "\2\2\u010a\u010d\3\2\2\2\u010b\u0109\3\2\2\2\u010b\u010c\3\2\2\2\u010c"+
+ "\61\3\2\2\2\u010d\u010b\3\2\2\2\u010e\u010f\t\6\2\2\u010f\63\3\2\2\2\u0110"+
+ "\u0112\5\66\34\2\u0111\u0113\7)\2\2\u0112\u0111\3\2\2\2\u0112\u0113\3"+
+ "\2\2\2\u0113\65\3\2\2\2\u0114\u0117\7(\2\2\u0115\u0117\7\'\2\2\u0116\u0114"+
+ "\3\2\2\2\u0116\u0115\3\2\2\2\u0117\67\3\2\2\2\u0118\u0119\7&\2\2\u0119"+
+ "9\3\2\2\2%DJTXZ`dhnr{~\u0086\u008b\u0091\u0093\u0096\u00a9\u00b1\u00b3"+
+ "\u00b8\u00bb\u00c4\u00cd\u00d9\u00db\u00e5\u00ee\u00f1\u00f9\u0106\u0109"+
+ "\u010b\u0112\u0116";
public static final ATN _ATN =
new ATNDeserializer().deserialize(_serializedATN.toCharArray());
static {
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseVisitor.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseVisitor.java
index 22425b849dc31..ec386d12c1c38 100644
--- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseVisitor.java
+++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlBaseVisitor.java
@@ -34,6 +34,12 @@ interface EqlBaseVisitor extends ParseTreeVisitor {
* @return the visitor result
*/
T visitQuery(EqlBaseParser.QueryContext ctx);
+ /**
+ * Visit a parse tree produced by {@link EqlBaseParser#sequenceParams}.
+ * @param ctx the parse tree
+ * @return the visitor result
+ */
+ T visitSequenceParams(EqlBaseParser.SequenceParamsContext ctx);
/**
* Visit a parse tree produced by {@link EqlBaseParser#sequence}.
* @param ctx the parse tree
@@ -59,23 +65,29 @@ interface EqlBaseVisitor extends ParseTreeVisitor {
*/
T visitJoinKeys(EqlBaseParser.JoinKeysContext ctx);
/**
- * Visit a parse tree produced by {@link EqlBaseParser#span}.
+ * Visit a parse tree produced by {@link EqlBaseParser#joinTerm}.
* @param ctx the parse tree
* @return the visitor result
*/
- T visitSpan(EqlBaseParser.SpanContext ctx);
+ T visitJoinTerm(EqlBaseParser.JoinTermContext ctx);
/**
- * Visit a parse tree produced by {@link EqlBaseParser#match}.
+ * Visit a parse tree produced by {@link EqlBaseParser#sequenceTerm}.
* @param ctx the parse tree
* @return the visitor result
*/
- T visitMatch(EqlBaseParser.MatchContext ctx);
+ T visitSequenceTerm(EqlBaseParser.SequenceTermContext ctx);
/**
- * Visit a parse tree produced by {@link EqlBaseParser#condition}.
+ * Visit a parse tree produced by {@link EqlBaseParser#subquery}.
* @param ctx the parse tree
* @return the visitor result
*/
- T visitCondition(EqlBaseParser.ConditionContext ctx);
+ T visitSubquery(EqlBaseParser.SubqueryContext ctx);
+ /**
+ * Visit a parse tree produced by {@link EqlBaseParser#eventQuery}.
+ * @param ctx the parse tree
+ * @return the visitor result
+ */
+ T visitEventQuery(EqlBaseParser.EventQueryContext ctx);
/**
* Visit a parse tree produced by {@link EqlBaseParser#expression}.
* @param ctx the parse tree
@@ -96,6 +108,13 @@ interface EqlBaseVisitor extends ParseTreeVisitor {
* @return the visitor result
*/
T visitBooleanDefault(EqlBaseParser.BooleanDefaultContext ctx);
+ /**
+ * Visit a parse tree produced by the {@code processCheck}
+ * labeled alternative in {@link EqlBaseParser#booleanExpression}.
+ * @param ctx the parse tree
+ * @return the visitor result
+ */
+ T visitProcessCheck(EqlBaseParser.ProcessCheckContext ctx);
/**
* Visit a parse tree produced by the {@code logicalBinary}
* labeled alternative in {@link EqlBaseParser#booleanExpression}.
@@ -217,12 +236,6 @@ interface EqlBaseVisitor extends ParseTreeVisitor {
* @return the visitor result
*/
T visitBooleanValue(EqlBaseParser.BooleanValueContext ctx);
- /**
- * Visit a parse tree produced by {@link EqlBaseParser#qualifiedNames}.
- * @param ctx the parse tree
- * @return the visitor result
- */
- T visitQualifiedNames(EqlBaseParser.QualifiedNamesContext ctx);
/**
* Visit a parse tree produced by {@link EqlBaseParser#qualifiedName}.
* @param ctx the parse tree
@@ -236,26 +249,11 @@ interface EqlBaseVisitor extends ParseTreeVisitor {
*/
T visitIdentifier(EqlBaseParser.IdentifierContext ctx);
/**
- * Visit a parse tree produced by the {@code quotedIdentifier}
- * labeled alternative in {@link EqlBaseParser#quoteIdentifier}.
- * @param ctx the parse tree
- * @return the visitor result
- */
- T visitQuotedIdentifier(EqlBaseParser.QuotedIdentifierContext ctx);
- /**
- * Visit a parse tree produced by the {@code unquotedIdentifier}
- * labeled alternative in {@link EqlBaseParser#unquoteIdentifier}.
- * @param ctx the parse tree
- * @return the visitor result
- */
- T visitUnquotedIdentifier(EqlBaseParser.UnquotedIdentifierContext ctx);
- /**
- * Visit a parse tree produced by the {@code digitIdentifier}
- * labeled alternative in {@link EqlBaseParser#unquoteIdentifier}.
+ * Visit a parse tree produced by {@link EqlBaseParser#timeUnit}.
* @param ctx the parse tree
* @return the visitor result
*/
- T visitDigitIdentifier(EqlBaseParser.DigitIdentifierContext ctx);
+ T visitTimeUnit(EqlBaseParser.TimeUnitContext ctx);
/**
* Visit a parse tree produced by the {@code decimalLiteral}
* labeled alternative in {@link EqlBaseParser#number}.
diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlParser.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlParser.java
index b73a9d3005646..1f82b63e01de3 100644
--- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlParser.java
+++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlParser.java
@@ -6,7 +6,6 @@
package org.elasticsearch.xpack.eql.parser;
import org.antlr.v4.runtime.BaseErrorListener;
-import org.antlr.v4.runtime.CommonToken;
import org.antlr.v4.runtime.CommonTokenStream;
import org.antlr.v4.runtime.DiagnosticErrorListener;
import org.antlr.v4.runtime.Parser;
@@ -17,9 +16,9 @@
import org.antlr.v4.runtime.atn.ATNConfigSet;
import org.antlr.v4.runtime.atn.PredictionMode;
import org.antlr.v4.runtime.dfa.DFA;
-import org.antlr.v4.runtime.misc.Pair;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
+import org.antlr.v4.runtime.ANTLRInputStream;
import org.elasticsearch.xpack.ql.expression.Expression;
import java.util.Arrays;
@@ -35,7 +34,7 @@ public class EqlParser {
private static final Logger log = LogManager.getLogger();
- private final boolean DEBUG = true;
+ private final boolean DEBUG = false;
/**
* Parses an EQL statement into execution plan
@@ -56,11 +55,11 @@ public Expression createExpression(String expression) {
return invokeParser(expression, EqlBaseParser::singleExpression, AstBuilder::expression);
}
- private T invokeParser(String sql,
+ private T invokeParser(String eql,
Function parseFunction,
BiFunction visitor) {
try {
- EqlBaseLexer lexer = new EqlBaseLexer(new CaseInsensitiveStream(sql));
+ EqlBaseLexer lexer = new EqlBaseLexer(new ANTLRInputStream(eql));
lexer.removeErrorListeners();
lexer.addErrorListener(ERROR_LISTENER);
@@ -96,8 +95,8 @@ private T invokeParser(String sql,
return visitor.apply(new AstBuilder(), tree);
} catch (StackOverflowError e) {
- throw new ParsingException("SQL statement is too large, " +
- "causing stack overflow when generating the parsing tree: [{}]", sql);
+ throw new ParsingException("EQL statement is too large, " +
+ "causing stack overflow when generating the parsing tree: [{}]", eql);
}
}
@@ -126,28 +125,101 @@ private class PostProcessor extends EqlBaseBaseListener {
this.ruleNames = ruleNames;
}
+
+ @Override
+ public void exitFunctionExpression(EqlBaseParser.FunctionExpressionContext context) {
+ Token token = context.name;
+ String functionName = token.getText();
+
+ switch (functionName) {
+ case "add":
+ case "between":
+ case "cidrMatch":
+ case "concat":
+ case "divide":
+ case "endsWith":
+ case "indexOf":
+ case "length":
+ case "match":
+ case "modulo":
+ case "multiply":
+ case "number":
+ case "startsWith":
+ case "string":
+ case "stringContains":
+ case "substring":
+ case "subtract":
+ case "wildcard":
+ break;
+
+ case "arrayContains":
+ case "arrayCount":
+ case "arraySearch":
+ throw new ParsingException(
+ "unsupported function " + functionName,
+ null,
+ token.getLine(),
+ token.getCharPositionInLine());
+
+ default:
+ throw new ParsingException(
+ "unknown function " + functionName,
+ null,
+ token.getLine(),
+ token.getCharPositionInLine());
+ }
+ }
+
@Override
- public void exitDigitIdentifier(EqlBaseParser.DigitIdentifierContext context) {
- Token token = context.DIGIT_IDENTIFIER().getSymbol();
+ public void exitJoin(EqlBaseParser.JoinContext context) {
+ Token token = context.JOIN().getSymbol();
throw new ParsingException(
- "identifiers must not start with a digit; please use double quotes",
- null,
- token.getLine(),
- token.getCharPositionInLine());
+ "join is not supported",
+ null,
+ token.getLine(),
+ token.getCharPositionInLine());
+ }
+
+ @Override
+ public void exitPipe(EqlBaseParser.PipeContext context) {
+ Token token = context.PIPE().getSymbol();
+ throw new ParsingException(
+ "pipes are not supported",
+ null,
+ token.getLine(),
+ token.getCharPositionInLine());
}
@Override
- public void exitQuotedIdentifier(EqlBaseParser.QuotedIdentifierContext context) {
- // Remove quotes
- context.getParent().removeLastChild();
-
- Token token = (Token) context.getChild(0).getPayload();
- context.getParent().addChild(new CommonToken(
- new Pair<>(token.getTokenSource(), token.getInputStream()),
- EqlBaseLexer.IDENTIFIER,
- token.getChannel(),
- token.getStartIndex() + 1,
- token.getStopIndex() - 1));
+ public void exitProcessCheck(EqlBaseParser.ProcessCheckContext context) {
+ Token token = context.relationship;
+ throw new ParsingException(
+ "process relationships are not supported",
+ null,
+ token.getLine(),
+ token.getCharPositionInLine());
+ }
+
+ @Override
+ public void exitSequence(EqlBaseParser.SequenceContext context) {
+ Token token = context.SEQUENCE().getSymbol();
+ throw new ParsingException(
+ "sequence is not supported",
+ null,
+ token.getLine(),
+ token.getCharPositionInLine());
+ }
+
+ @Override
+ public void exitQualifiedName(EqlBaseParser.QualifiedNameContext context) {
+ if (context.INTEGER_VALUE().size() > 0) {
+ Token firstIndex = context.INTEGER_VALUE(0).getSymbol();
+ throw new ParsingException(
+ "array indexes are not supported",
+ null,
+ firstIndex.getLine(),
+ firstIndex.getCharPositionInLine());
+ }
}
}
@@ -158,4 +230,4 @@ public void syntaxError(Recognizer recognizer, Object offendingSymbol, int
throw new ParsingException(message, e, line, charPositionInLine);
}
};
-}
\ No newline at end of file
+}
diff --git a/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/parser/GrammarTests.java b/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/parser/GrammarTests.java
index 03138e952f6b8..d2f9f5ae856bf 100644
--- a/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/parser/GrammarTests.java
+++ b/x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/parser/GrammarTests.java
@@ -28,24 +28,57 @@
*/
public class GrammarTests extends ESTestCase {
- public void testGrammar() throws Exception {
+ public void testStrings() throws Exception {
+ assertEquals("hello\"world", AstBuilder.unquoteString("'hello\"world'"));
+ assertEquals("hello'world", AstBuilder.unquoteString("\"hello'world\""));
+ assertEquals("hello\nworld", AstBuilder.unquoteString("'hello\\nworld'"));
+ assertEquals("hello\\\nworld", AstBuilder.unquoteString("'hello\\\\\\nworld'"));
+ assertEquals("hello\\\"world", AstBuilder.unquoteString("'hello\\\\\\\"world'"));
+
+ // test for unescaped strings: ?"...." or ?'....'
+ assertEquals("hello\"world", AstBuilder.unquoteString("?'hello\"world'"));
+ assertEquals("hello\\\"world", AstBuilder.unquoteString("?'hello\\\"world'"));
+ assertEquals("hello'world", AstBuilder.unquoteString("?\"hello'world\""));
+ assertEquals("hello\\nworld", AstBuilder.unquoteString("?'hello\\nworld'"));
+ assertEquals("hello\\\\nworld", AstBuilder.unquoteString("?'hello\\\\nworld'"));
+ assertEquals("hello\\\\\\nworld", AstBuilder.unquoteString("?'hello\\\\\\nworld'"));
+ assertEquals("hello\\\\\\\"world", AstBuilder.unquoteString("?'hello\\\\\\\"world'"));
+ }
+
+ public void testSupportedQueries() throws Exception {
EqlParser parser = new EqlParser();
- List> lines = readQueries("/grammar-queries.eql");
+ List> lines = readQueries("/queries-supported.eql");
for (Tuple line : lines) {
String q = line.v1();
+
try {
parser.createStatement(q);
} catch (ParsingException pe) {
if (pe.getErrorMessage().startsWith("Does not know how to handle")) {
// ignore for now
- }
- else {
+ } else {
throw new ParsingException(new Source(pe.getLineNumber() + line.v2() - 1, pe.getColumnNumber(), q),
- pe.getErrorMessage() + " inside statement <{}>", q);
+ pe.getErrorMessage() + " inside statement <{}>", q);
}
}
}
}
+ public void testUnsupportedQueries() throws Exception {
+ EqlParser parser = new EqlParser();
+ List> lines = readQueries("/queries-unsupported.eql");
+ for (Tuple line : lines) {
+ String q = line.v1();
+ ParsingException pe = expectThrows(
+ ParsingException.class,
+ "Query not identified as unsupported: " + q,
+ () -> parser.createStatement(q));
+
+ if (!pe.getErrorMessage().contains("supported")) {
+ throw new ParsingException(new Source(pe.getLineNumber() + line.v2() - 1, pe.getColumnNumber(), q),
+ pe.getErrorMessage() + " inside statement <{}>", q);
+ }
+ }
+ }
private static List> readQueries(String source) throws Exception {
URL url = GrammarTests.class.getResource(source);
@@ -67,6 +100,8 @@ private static List> readQueries(String source) throws Ex
query.setLength(query.length() - 1);
queries.add(new Tuple<>(query.toString(), lineNumber));
query.setLength(0);
+ } else {
+ query.append("\n");
}
}
lineNumber++;
diff --git a/x-pack/plugin/eql/src/test/resources/grammar-queries.eql b/x-pack/plugin/eql/src/test/resources/grammar-queries.eql
deleted file mode 100644
index 2df66243e12c0..0000000000000
--- a/x-pack/plugin/eql/src/test/resources/grammar-queries.eql
+++ /dev/null
@@ -1,95 +0,0 @@
-process where process_name == "svchost.exe" and command_line != "* -k *";
-process where process_name in ('ipconfig.exe', 'netstat.exe', 'systeminfo.exe', 'route.exe');
-process where subtype.create and wildcard(command_line, "*.ost *", "*.pst *")
-;
-
-process where subtype.create and
- process_name == "attrib.exe" and command_line == "* +h*"
-;
-
-file where file_name == "*Library/Preferences/*.plist";
-
-
-//
-// Pipes
-//
-
-process where true | count;
-process where true | count process_name;
-process where true | count parent_process_name, process_name;
-process where true | unique process_name;
-process where true | unique process_name, command_line;
-
-
-network where true
-| unique destination_address, destination_port
-| filter timestamp_utc >= "2018-05-01";
-
-
-process where true | unique_count process_name | filter count < 5;
-
-process where process_name == "powershell.exe"
-| unique command_line
-| head 50
-;
-
-security where event_id == 4624
-| tail 10
-;
-
-file where true | sort file_name
-;
-
-network where total_out_bytes > 100000000
-| sort total_out_bytes
-| tail 5
-;
-
-//
-// Sequences
-//
-
-sequence by user_name
- [process where process_name == "whoami"]
- [process where process_name == "hostname"]
- [process where process_name == "ifconfig"]
-;
-
-sequence with maxspan=30s
- [network where destination_port==3389 and event_subtype_full="*_accept_event*"]
- [security where event_id in (4624, 4625) and logon_type == 10]
-;
-
-sequence with maxspan=30s
- [network where destination_port==3389 and event_subtype_full="*_accept_event"] by source_address
- [security where event_id in (4624, 4625) and logon_type == 10] by ip_address
-;
-
-sequence with maxspan=5m
- [ file where file_name == "*.exe"] by user_name, file_path
- [ process where true] by user_name, process_path
-;
-
-sequence by user_name with maxspan=5m
- [ file where file_name == "*.exe"] by file_path
- [ process where true] by process_path
-;
-
-//
-// Joins
-//
-
-join by source_ip, destination_ip
- [network where destination_port == 3389] // RDP
- [network where destination_port == 135] // RPC
- [network where destination_port == 445] // SMB
-;
-
-join by pid
- [process where true]
- [network where true]
- [registry where true]
- [file where true]
-
-until [process where event_subtype_full == "termination_event"]
-;
\ No newline at end of file
diff --git a/x-pack/plugin/eql/src/test/resources/queries-supported.eql b/x-pack/plugin/eql/src/test/resources/queries-supported.eql
new file mode 100644
index 0000000000000..8326d558ba47a
--- /dev/null
+++ b/x-pack/plugin/eql/src/test/resources/queries-supported.eql
@@ -0,0 +1,332 @@
+process where process_name == "svchost.exe" and command_line != "* -k *";
+process where process_name in ('ipconfig.exe', 'netstat.exe', 'systeminfo.exe', 'route.exe');
+process where subtype.create and wildcard(command_line, "*.ost *", "*.pst *")
+;
+
+process where subtype.create and
+ process_name == "attrib.exe" and command_line == "* +h*"
+;
+
+file where file_name == "*Library/Preferences/*.plist";
+
+/* UNIT TESTS FROM
+ * https://github.com/endgameinc/eql/blob/master/tests/test_parser.py
+ */
+
+file where true;
+
+file where true and true;
+
+file where false or true;
+
+registry where not pid;
+
+process where process_name == "net.exe" and command_line == "* user*.exe";
+
+process where command_line == "~!@#$%^&*();'[]{}\\|<>?,./:\"-= ' ";
+
+process where
+
+ pid == 4;
+
+process where process_name in ("net.exe", "cmd.exe", "at.exe");
+
+process where command_line == "*.exe *admin*" or command_line == "* a b*";
+
+process where pid in (1,2,3,4,5,6,7,8) and abc == 100 and def == 200 and ghi == 300 and jkl == x;
+
+process where ppid != pid;
+
+image_load where not x != y;
+
+image_load where not x == y;
+
+image_load where not not not not x < y;
+
+image_load where not x <= y;
+
+image_load where not x >= y;
+
+image_load where not x > y;
+
+process where _leadingUnderscore == 100;
+
+network where 1 * 2 + 3 * 4 + 10 / 2 == 2 + 12 + 5;
+
+file where 1 - -2;
+
+file where 1 + (-2);
+
+file where 1 * (-2);
+
+file where 3 * -length(file_path);
+
+network where a * b + c * d + e / f == g + h + i;
+
+network where a * (b + c * d) + e / f == g + h + i;
+
+process where pid == 4 or pid == 5 or pid == 6 or pid == 7 or pid == 8;
+
+network where pid == 0 or pid == 4 or (ppid == 0 or ppid = 4) or (abc == defgh) and process_name == "*" ;
+
+network where pid = 4;
+
+
+registry where a.b;
+
+registry where a.b.c.d.e;
+
+
+
+
+process where a > 100000000000000000000000000000000;
+
+
+
+/* TESTS FROM
+ * https://raw.githubusercontent.com/endgameinc/eql/master/eql/etc/test_queries.toml
+ */
+process where serial_event_id = 1;
+
+process where serial_event_id < 4;
+
+
+process where false;
+
+process where missing_field != null;
+
+process where process_name == "impossible name" or (serial_event_id < 4.5 and serial_event_id >= 3.1)
+;
+
+
+process where serial_event_id<=8 and serial_event_id > 7
+;
+
+process where exit_code >= 0;
+
+process where 0 <= exit_code;
+
+process where exit_code <= 0;
+
+process where exit_code < 1;
+
+process where exit_code > -1;
+
+process where -1 < exit_code;
+
+process where exit_code > 0;
+
+process where exit_code < 0;
+
+process where 0 < exit_code;
+
+process where 0 > exit_code;
+
+process where (serial_event_id<=8 and serial_event_id > 7) and (opcode=3 and opcode>2);
+
+process where (serial_event_id<9 and serial_event_id >= 7) or (opcode == pid);
+
+
+
+registry where key_path == "*\\MACHINE\\SAM\\SAM\\*\\Account\\Us*ers\\00*03E9\\F";
+
+process where process_path == "*\\red_ttp\\wininit.*" and opcode in (0,1,2,3,4);
+
+
+file where file_path="*\\red_ttp\\winin*.*"
+ and opcode in (0,1,2) and user_name="vagrant"
+;
+
+file where file_path="*\\red_ttp\\winin*.*"
+ and opcode not in (0,1,2) and user_name="vagrant"
+;
+
+file where file_path="*\\red_ttp\\winin*.*"
+ and opcode not in (3, 4, 5, 6 ,7) and user_name="vagrant"
+;
+
+file where file_name in ("wininit.exe", "lsass.exe") and opcode == 2
+;
+
+
+process where opcode in (1,3) and process_name in (parent_process_name, "SYSTEM")
+;
+
+
+process where fake_field == "*";
+
+
+registry where invalid_field_name != null;
+
+registry where length(bad_field) > 0
+;
+
+process where opcode == 1
+ and process_name in ("net.exe", "net1.exe")
+ and not (parent_process_name == "net.exe"
+ and process_name == "net1.exe")
+ and command_line == "*group *admin*" and command_line != "* /add*";
+
+
+
+process where process_name = "python.exe";
+
+process where command_line == "*%*" ;
+
+process where command_line == "*%*%*" ;
+
+process where command_line == "%*%*" ;
+
+
+process where match(?'.*?net1\s+localgroup\s+.*?', command_line)
+;
+
+process where match(?'.*?net1\s+\w+\s+.*?', command_line)
+;
+
+process where match(?'.*?net1\s+\w{4,15}\s+.*?', command_line)
+;
+
+process where match(?'.*?net1\s+\w{4,15}\s+.*?', command_line)
+;
+
+process where match(?'.*?net1\s+[localgrup]{4,15}\s+.*?', command_line)
+;
+
+file where opcode=0 and startsWith(file_name, 'exploRER.')
+;
+
+file where opcode=0 and startsWith(file_name, 'expLORER.exe')
+;
+
+file where opcode=0 and endsWith(file_name, 'loREr.exe');
+
+file where opcode=0 and startsWith(file_name, 'explORER.EXE');
+
+file where opcode=0 and startsWith('explorer.exeaaaaaaaa', file_name);
+
+file where opcode=0 and serial_event_id = 88 and startsWith('explorer.exeaAAAA', 'EXPLORER.exe');
+
+file where opcode=0 and stringContains('ABCDEFGHIexplorer.exeJKLMNOP', file_name)
+;
+
+file where opcode=0 and indexOf(file_name, 'plore') == 2 and not indexOf(file_name, '.pf')
+;
+
+file where opcode=0 and indexOf(file_name, 'explorer.') and indexOf(file_name, 'plore', 100)
+;
+
+file where opcode=0 and indexOf(file_name, 'plorer.', 0) == 2;
+
+file where opcode=0 and indexOf(file_name, 'plorer.', 2);
+
+file where opcode=0 and indexOf(file_name, 'plorer.', 4);
+
+file where opcode=0 and indexOf(file_name, 'thing that never happened');
+
+file where opcode=0 and indexOf(file_name, 'plorer.', 2) == 2;
+
+file where opcode=0 and indexOf(file_name, 'explorer.', 0) == 0;
+
+file where serial_event_id=88 and substring(file_name, 0, 4) == 'expl'
+;
+
+file where serial_event_id=88 and substring(file_name, 1, 3) == 'xp'
+;
+
+file where serial_event_id=88 and substring(file_name, -4) == '.exe'
+;
+
+file where serial_event_id=88 and substring(file_name, -4, -1) == '.ex'
+;
+
+process where add(serial_event_id, 0) == 1 and add(0, 1) == serial_event_id;
+
+process where subtract(serial_event_id, -5) == 6;
+
+process where multiply(6, serial_event_id) == 30 and divide(30, 4.0) == 7.5;
+
+process where modulo(11, add(serial_event_id, 1)) == serial_event_id;
+
+process where serial_event_id == number('5');
+
+process where serial_event_id == number('0x32', 16);
+
+process where serial_event_id == number('32', 16);
+
+process where number(serial_event_id) == number(5);
+
+process where concat(serial_event_id, ':', process_name, opcode) == '5:winINIT.exe3'
+;
+
+
+// undocumented function -- removing support
+// network where safe(divide(process_name, process_name))
+//;
+
+file where serial_event_id == 82 and (true == (process_name in ('svchost.EXE', 'bad.exe', 'bad2.exe')))
+;
+
+
+file where serial_event_id - 1 == 81;
+
+file where serial_event_id + 1 == 83;
+
+file where serial_event_id * 2 == 164;
+
+file where serial_event_id / 2 == 41;
+
+file where serial_event_id % 40 == 2;
+
+process where between(process_name, "s", "e") == "yst"
+;
+
+process where between(process_name, "s", "e", false) == "yst"
+;
+
+process where between(process_name, "s", "e", false, true) == "yst"
+;
+
+process where between(process_name, "s", "e", false, true) == "t"
+;
+
+process where between(process_name, "S", "e", false, true) == "yst"
+;
+
+process where between(process_name, "s", "e", true) == "ystem Idle Proc"
+;
+
+file where between(file_path, "dev", ".json", false) == "\\testlogs\\something"
+;
+
+file where between(file_path, "dev", ".json", true) == "\\testlogs\\something"
+;
+
+network where cidrMatch(source_address, "10.6.48.157/8")
+;
+
+network where cidrMatch(source_address, "192.168.0.0/16")
+;
+
+network where cidrMatch(source_address, "192.168.0.0/16", "10.6.48.157/8")
+
+;
+
+network where cidrMatch(source_address, "0.0.0.0/0")
+;
+
+process where length(between(process_name, 'g', 'e')) > 0
+;
+
+process where length(between(process_name, 'g', 'z')) > 0
+;
+
+
+// additional queries added for the elasticsearch specific implementation
+// dots will still be interpreted by ES per usual
+something where `my-hyphenated-field` == "value";
+something where `my-hyphenated-field.with.nested.dots` == "value";
+something where `@timestamp` == "2020-01-01 00:00:00";
+something where `some escaped identifier` == "blah";
+something where `some escaped identifier` == "blah";
+something where `some.escaped.identifier` == "blah";
diff --git a/x-pack/plugin/eql/src/test/resources/queries-unsupported.eql b/x-pack/plugin/eql/src/test/resources/queries-unsupported.eql
new file mode 100644
index 0000000000000..08d0d1582750d
--- /dev/null
+++ b/x-pack/plugin/eql/src/test/resources/queries-unsupported.eql
@@ -0,0 +1,700 @@
+
+//
+// Pipes
+//
+
+process where true | count;
+process where true | count process_name;
+process where true | count parent_process_name, process_name;
+process where true | unique process_name;
+process where true | unique process_name, command_line;
+
+
+network where true
+| unique destination_address, destination_port
+| filter timestamp_utc >= "2018-05-01";
+
+
+process where true | unique_count process_name | filter count < 5;
+
+process where process_name == "powershell.exe"
+| unique command_line
+| head 50
+;
+
+security where event_id == 4624
+| tail 10
+;
+
+file where true | sort file_name
+;
+
+network where total_out_bytes > 100000000
+| sort total_out_bytes
+| tail 5
+;
+
+//
+// Sequences
+//
+
+sequence by user_name
+ [process where process_name == "whoami"]
+ [process where process_name == "hostname"]
+ [process where process_name == "ifconfig"]
+;
+
+sequence with maxspan=30s
+ [network where destination_port==3389 and event_subtype_full="*_accept_event*"]
+ [security where event_id in (4624, 4625) and logon_type == 10]
+;
+
+sequence with maxspan=30s
+ [network where destination_port==3389 and event_subtype_full="*_accept_event"] by source_address
+ [security where event_id in (4624, 4625) and logon_type == 10] by ip_address
+;
+
+sequence with maxspan=5m
+ [file where file_name == "*.exe"] by user_name, file_path
+ [process where true] by user_name, process_path
+;
+
+sequence by user_name with maxspan=5m
+ [file where file_name == "*.exe"] by file_path
+ [process where true] by process_path
+;
+
+//
+// Joins
+//
+
+join by source_ip, destination_ip
+ [network where destination_port == 3389] // RDP
+ [network where destination_port == 135] // RPC
+ [network where destination_port == 445] // SMB
+;
+
+join by pid
+ [process where true]
+ [network where true]
+ [registry where true]
+ [file where true]
+
+until [process where event_subtype_full == "termination_event"]
+;
+
+
+
+
+
+process where descendant of [process where process_name == "lsass.exe"] and process_name == "cmd.exe";
+
+ join [process where process_name == "*"] [file where file_path == "*"
+ ];
+
+ join by pid [process where name == "*"] [file where path == "*"] until [process where opcode == 2];
+
+sequence [process where name == "*"] [file where path == "*"] until [process where opcode == 2];
+
+sequence by pid [process where name == "*"] [file where path == "*"] until [process where opcode == 2];
+
+ join [process where process_name == "*"] by process_path [file where file_path == "*"] by image_path;
+
+sequence [process where process_name == "*"] by process_path [file where file_path == "*"] by image_path;
+
+sequence by pid [process where process_name == "*"] [file where file_path == "*"];
+
+sequence by pid with maxspan=200 [process where process_name == "*" ] [file where file_path == "*"];
+
+sequence by pid with maxspan=2s [process where process_name == "*" ] [file where file_path == "*"];
+
+sequence by pid with maxspan=2sec [process where process_name == "*" ] [file where file_path == "*"];
+
+sequence by pid with maxspan=2seconds [process where process_name == "*" ] [file where file_path == "*"];
+
+sequence with maxspan=2.5m [process where x == x] by pid [file where file_path == "*"] by ppid;
+
+sequence by pid with maxspan=2.0h [process where process_name == "*"] [file where file_path == "*"];
+
+sequence by pid with maxspan=2.0h [process where process_name == "*"] [file where file_path == "*"];
+
+sequence by pid with maxspan=1.0075d [process where process_name == "*"] [file where file_path == "*"];
+
+dns where pid == 100 | head 100 | tail 50 | unique pid;
+
+network where pid == 100 | unique command_line | count;
+
+security where user_domain == "endgame" | count user_name, a, b | tail 5;
+
+process where 1==1 | count user_name, unique_pid, concat(field2,a,bc);
+
+process where 1==1 | unique user_name, concat(field2,a,bc), field2;
+
+
+
+process where true | filter true;
+
+process where 1==1 | filter abc == def;
+
+process where 1==1 | filter abc == def and 1 != 2;
+
+process where 1==1 | count process_name | filter percent > 0.5;
+
+
+
+
+
+
+any where true | unique a, b, c | sort a, b, c | count;
+
+any where true | unique a, b, c | sort a, b, c | count;
+
+any where true | unique a, b, c | sort a,b,c | count;
+
+file where child of [registry where true];
+
+file where event of [registry where true];
+
+file where event of [registry where true];
+
+file where descendant of [registry where true];
+
+sequence by field1 [file where true] by f1 [process where true] by f1;
+
+sequence by a,b,c,d [file where true] by f1,f2 [process where true] by f1,f2;
+
+sequence [file where 1] by f1,f2 [process where 1] by f1,f2 until [process where 1] by f1,f2;
+
+sequence by f [file where true] by a,b [process where true] by c,d until [process where 1] by e,f;
+
+//sequence by unique_pid [process where true] [file where true] fork;
+
+sequence by unique_pid [process where true] [file where true] fork=true;
+
+// no longer supported
+//sequence by unique_pid [process where true] [file where true] fork=1;
+
+sequence by unique_pid [process where true] [file where true] fork=false;
+
+// no longer supported
+// sequence by unique_pid [process where true] [file where true] fork=0 [network where true];
+sequence by unique_pid [process where true] [file where true] fork [network where true];
+
+
+// no longer supported
+// sequence by unique_pid [process where true] [file where true] fork=0;
+sequence by unique_pid [process where true] [file where true] fork=true;
+
+
+
+
+
+
+/* TESTS FROM
+ * https://raw.githubusercontent.com/endgameinc/eql/master/eql/etc/test_queries.toml
+ */
+
+process where true | head 6;
+process where bad_field == null | head 5;
+
+process where serial_event_id <= 8 and serial_event_id > 7
+| filter serial_event_id == 8;
+
+process where true
+| filter serial_event_id <= 10
+| filter serial_event_id > 6;
+
+process where true
+| filter serial_event_id <= 10
+| filter serial_event_id > 6
+| head 2;
+
+process where true
+| head 1000
+| filter serial_event_id <= 10
+| filter serial_event_id > 6
+| tail 2
+;
+
+
+process where not (exit_code > -1)
+ and serial_event_id in (58, 64, 69, 74, 80, 85, 90, 93, 94)
+| head 10
+;
+
+
+process where not (exit_code > -1) | head 7;
+
+process where not (-1 < exit_code) | head 7;
+
+
+process where process_name == "VMACTHLP.exe" and unique_pid == 12 | filter true;
+
+
+
+process where process_name in ("python.exe", "SMSS.exe", "explorer.exe")
+| unique process_name;
+
+process where process_name in ("python.exe", "smss.exe", "Explorer.exe")
+| unique length(process_name);
+
+process where process_name in ("python.exe", "smss.exe", "explorer.exe")
+| unique length(process_name) == length("python.exe");
+
+process where process_name in ("Python.exe", "smss.exe", "explorer.exe")
+| unique process_name != "python.exe";
+
+process where process_name in ("python.exe", "smss.exe", "explorer.exe")
+| unique process_name
+| head 2
+| tail 1;
+
+process where process_name in ("python.exe", "smss.exe", "explorer.exe")
+| unique process_name
+| tail 2
+| head 1;
+
+process where process_name in ("python.exe", "smss.exe")
+| unique process_name, parent_process_name;
+
+process where process_name in ("python.exe", "smss.exe")
+| unique process_name, parent_process_name;
+
+process where process_name in ("python.exe", "smss.exe")
+| head 5
+| unique process_name, parent_process_name;
+
+
+
+
+file where file_name == "csrss.exe" and opcode=0
+ and descendant of [process where opcode in (1,3) and process_name="cmd.exe"]
+;
+
+process where opcode=1 and process_name == "csrss.exe"
+ and descendant of [file where file_name == "csrss.exe" and opcode=0]
+;
+
+process where opcode=1 and process_name == "smss.exe"
+ and descendant of [
+ file where file_name == "csrss.exe" and opcode=0
+ and descendant of [
+ process where opcode in(1,3) and process_name="cmd.exe"
+ ]
+ ]
+;
+
+
+
+file where true
+| tail 3;
+
+
+
+file where true
+| tail 4
+| sort file_path;
+
+process where true
+| head 5
+| sort md5, event_subtype_full, process_name;
+
+process where true
+| head 5
+| sort md5, event_subtype_full, null_field, process_name;
+
+process where true
+| head 5
+| sort md5, event_subtype_full, null_field, process_name;
+
+process where true
+| head 5
+| sort md5, event_subtype_full, null_field, process_name
+| head 2;
+
+process where true
+| head 5
+| sort md5, event_subtype_full, null_field, process_name
+| sort serial_event_id;
+
+sequence
+ [process where serial_event_id = 1]
+ [process where serial_event_id = 2]
+;
+
+sequence
+ [process where serial_event_id < 5]
+ [process where serial_event_id = 5]
+;
+
+sequence
+ [process where serial_event_id=1] by unique_pid
+ [process where true] by unique_ppid;
+
+sequence
+ [process where serial_event_id<3] by unique_pid
+ [process where true] by unique_ppid
+;
+
+sequence
+ [process where serial_event_id<3] by unique_pid * 2
+ [process where true] by unique_ppid * 2
+;
+
+sequence
+ [process where serial_event_id<3] by unique_pid * 2, length(unique_pid), string(unique_pid)
+ [process where true] by unique_ppid * 2, length(unique_ppid), string(unique_ppid)
+;
+
+sequence
+ [file where event_subtype_full == "file_create_event"] by file_path
+ [process where opcode == 1] by process_path
+ [process where opcode == 2] by process_path
+ [file where event_subtype_full == "file_delete_event"] by file_path
+| head 4
+| tail 2;
+
+sequence with maxspan=1d
+ [file where event_subtype_full == "file_create_event"] by file_path
+ [process where opcode == 1] by process_path
+ [process where opcode == 2] by process_path
+ [file where event_subtype_full == "file_delete_event"] by file_path
+| head 4
+| tail 2;
+
+sequence with maxspan=1h
+ [file where event_subtype_full == "file_create_event"] by file_path
+ [process where opcode == 1] by process_path
+ [process where opcode == 2] by process_path
+ [file where event_subtype_full == "file_delete_event"] by file_path
+| head 4
+| tail 2;
+
+sequence with maxspan=1m
+ [file where event_subtype_full == "file_create_event"] by file_path
+ [process where opcode == 1] by process_path
+ [process where opcode == 2] by process_path
+ [file where event_subtype_full == "file_delete_event"] by file_path
+| head 4
+| tail 2;
+
+sequence with maxspan=10s
+ [file where event_subtype_full == "file_create_event"] by file_path
+ [process where opcode == 1] by process_path
+ [process where opcode == 2] by process_path
+ [file where event_subtype_full == "file_delete_event"] by file_path
+| head 4
+| tail 2;
+
+sequence with maxspan=0.5s
+ [file where event_subtype_full == "file_create_event"] by file_path
+ [process where opcode == 1] by process_path
+ [process where opcode == 2] by process_path
+ [file where event_subtype_full == "file_delete_event"] by file_path
+| head 4
+| tail 2;
+
+sequence
+ [process where serial_event_id < 5]
+ [process where serial_event_id < 5]
+;
+
+sequence
+ [file where opcode=0 and file_name="svchost.exe"] by unique_pid
+ [process where opcode == 1] by unique_ppid
+;
+
+sequence
+ [file where opcode=0] by unique_pid
+ [file where opcode=0] by unique_pid
+| head 1;
+
+sequence
+ [file where opcode=0] by unique_pid
+ [file where opcode=0] by unique_pid
+| filter events[1].serial_event_id == 92;
+
+sequence
+ [file where opcode=0 and file_name="*.exe"] by unique_pid
+ [file where opcode=0 and file_name="*.exe"] by unique_pid
+until [process where opcode=5000] by unique_ppid
+| head 1;
+
+sequence
+ [file where opcode=0 and file_name="*.exe"] by unique_pid
+ [file where opcode=0 and file_name="*.exe"] by unique_pid
+until [process where opcode=1] by unique_ppid
+| head 1;
+
+join
+ [file where opcode=0 and file_name="*.exe"] by unique_pid
+ [file where opcode=2 and file_name="*.exe"] by unique_pid
+until [process where opcode=1] by unique_ppid
+| head 1;
+
+join by user_name
+ [process where opcode in (1,3) and process_name="smss.exe"]
+ [process where opcode in (1,3) and process_name == "python.exe"]
+;
+
+join by unique_pid
+ [process where opcode=1]
+ [file where opcode=0 and file_name="svchost.exe"]
+ [file where opcode == 0 and file_name == "lsass.exe"];
+
+join by string(unique_pid)
+ [process where opcode=1]
+ [file where opcode=0 and file_name="svchost.exe"]
+ [file where opcode == 0 and file_name == "lsass.exe"];
+
+join by unique_pid
+ [process where opcode=1]
+ [file where opcode=0 and file_name="svchost.exe"]
+ [file where opcode == 0 and file_name == "lsass.exe"]
+until [file where opcode == 2];
+
+join by string(unique_pid), unique_pid, unique_pid * 2
+ [process where opcode=1]
+ [file where opcode=0 and file_name="svchost.exe"]
+ [file where opcode == 0 and file_name == "lsass.exe"]
+until [file where opcode == 2];
+
+join
+ [file where opcode=0 and file_name="svchost.exe"] by unique_pid
+ [process where opcode == 1] by unique_ppid
+;
+
+join by unique_pid
+ [process where opcode in (1,3) and process_name="python.exe"]
+ [file where file_name == "*.exe"];
+
+join by user_name
+ [process where opcode in (1,3) and process_name="python.exe"]
+ [process where opcode in (1,3) and process_name == "smss.exe"]
+;
+
+join
+ [process where opcode in (1,3) and process_name="python.exe"]
+ [process where opcode in (1,3) and process_name == "smss.exe"]
+;
+
+
+any where true
+| unique event_type_full;
+
+
+
+process where opcode=1 and process_name in ("services.exe", "smss.exe", "lsass.exe")
+ and descendant of [process where process_name == "cmd.exe" ];
+
+process where process_name in ("services.exe", "smss.exe", "lsass.exe")
+ and descendant of [process where process_name == "cmd.exe" ];
+
+process where opcode=2 and process_name in ("services.exe", "smss.exe", "lsass.exe")
+ and descendant of [process where process_name == "cmd.exe" ];
+
+process where process_name="svchost.exe"
+ and child of [file where file_name="svchost.exe" and opcode=0];
+
+process where process_name="svchost.exe"
+ and not child of [file where file_name="svchost.exe" and opcode=0]
+| head 3;
+
+process where process_name="lsass.exe"
+ and child of [
+ process where process_name="python.exe"
+ and child of [process where process_name="cmd.exe"]
+ ]
+;
+
+file where child of [
+process where child of [
+ process where child of [process where process_name="*wsmprovhost.exe"]
+ ]
+]
+| tail 1;
+
+file where process_name = "python.exe"
+| unique unique_pid;
+
+file where event of [process where process_name = "python.exe" ]
+| unique unique_pid;
+
+
+
+
+
+process where event of [process where process_name = "python.exe" ];
+
+sequence
+ [file where file_name="lsass.exe"] by file_path,process_path
+ [process where true] by process_path,parent_process_path
+;
+
+sequence by user_name
+ [file where file_name="lsass.exe"] by file_path, process_path
+ [process where true] by process_path, parent_process_path
+;
+
+sequence by pid
+ [file where file_name="lsass.exe"] by file_path,process_path
+ [process where true] by process_path,parent_process_path
+;
+
+sequence by user_name
+ [file where opcode=0] by file_path
+ [process where opcode=1] by process_path
+ [process where opcode=2] by process_path
+ [file where opcode=2] by file_path
+| tail 1;
+
+sequence by user_name
+ [file where opcode=0] by pid,file_path
+ [file where opcode=2] by pid,file_path
+until [process where opcode=2] by ppid,process_path
+;
+
+sequence by user_name
+ [file where opcode=0] by pid,file_path
+ [file where opcode=2] by pid,file_path
+until [process where opcode=5] by ppid,process_path
+| head 2;
+
+sequence by pid
+ [file where opcode=0] by file_path
+ [process where opcode=1] by process_path
+ [process where opcode=2] by process_path
+ [file where opcode=2] by file_path
+| tail 1;
+
+join by user_name
+ [file where true] by pid,file_path
+ [process where true] by ppid,process_path
+| head 2;
+
+sequence
+ [process where true] by unique_pid
+ [file where true] fork=true by unique_pid
+ [process where true] by unique_ppid
+| head 4;
+
+
+
+
+process where 'net.EXE' == original_file_name
+| filter process_name="net*.exe"
+;
+
+process where process_name == original_file_name
+| filter process_name='net*.exe'
+;
+
+process where original_file_name == process_name
+| filter length(original_file_name) > 0
+;
+
+
+
+process where process_name != original_file_name
+| filter length(original_file_name) > 0;
+
+
+
+
+sequence by unique_pid [process where opcode=1 and process_name == 'msbuild.exe'] [network where true];
+
+process where fake_field != "*"
+| head 4;
+
+process where not (fake_field == "*")
+| head 4;
+
+any where process_name == "svchost.exe"
+| unique_count event_type_full, process_name;
+
+any where process_name == "svchost.exe"
+| sort event_type_full, serial_event_id
+| unique_count event_type_full, process_name;
+
+any where process_name == "svchost.exe"
+| unique_count event_type_full, opcode
+| filter count == 7;
+
+any where process_name == "svchost.exe"
+| unique_count event_type_full, opcode
+| filter percent >= .5
+;
+
+
+// array functions
+registry where arrayContains(bytes_written_string_list, 'En-uS');
+registry where arrayContains(bytes_written_string_list, 'En');
+
+
+network where mysterious_field
+ and arraySearch(mysterious_field.subarray, s, true)
+;
+
+registry where arraySearch(bytes_written_string_list, a, a == 'en-us');
+
+registry where arraySearch(bytes_written_string_list, a, endsWith(a, '-us'));
+
+
+network where mysterious_field and arraySearch(mysterious_field.subarray, s, false)
+;
+
+network where mysterious_field and arraySearch(mysterious_field.subarray, s, s.a == 's0-*')
+;
+
+network where mysterious_field and arraySearch(mysterious_field.subarray, s, s.a != 's0-*')
+;
+
+network where mysterious_field
+ and arraySearch(mysterious_field.subarray, sub1,
+ arraySearch(sub1.c, nested, nested.x.y == '*'))
+;
+
+network where mysterious_field
+ and arraySearch(mysterious_field.subarray, sub1,
+ sub1.a == 's0-a' and arraySearch(sub1.c, nested, nested.z == 's0-c1-x-z'))
+;
+
+network where mysterious_field
+ and arraySearch(mysterious_field.subarray, sub1,
+ sub1.a == 's0-a' and arraySearch(sub1.c, nested, nested.z == sub1.cross_match))
+;
+
+network where mysterious_field
+ and arraySearch(mysterious_field.subarray, sub1,
+ arraySearch(sub1.c, nested, nested.x.y == mysterious_field.outer_cross_match))
+;
+
+
+registry where arrayCount(bytes_written_string_list, s, s == '*-us') == 1
+;
+
+registry where arrayCount(bytes_written_string_list, s, s == '*en*') == 2
+;
+
+registry where arrayContains(bytes_written_string_list, "missing", "en-US")
+;
+
+// array fields
+
+registry where length(bytes_written_string_list) == 2 and bytes_written_string_list[1] == "EN";
+registry where length(bytes_written_string_list) > 0 and bytes_written_string_list[0] == 'EN-us'
+;
+
+registry where bytes_written_string_list[0] == 'EN-us'
+;
+
+registry where bytes_written_string_list[1] == 'EN'
+;
+
+
+registry where a[0];
+registry where a.b.c[0];
+registry where a[0].b;
+registry where a[0][1].b;
+registry where a[0].b[1];
+registry where topField.subField[100].subsubField == 0;