Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Endpoint to test Grok pattern #104394

Merged
merged 29 commits into from
Jan 24, 2024
Merged

Endpoint to test Grok pattern #104394

merged 29 commits into from
Jan 24, 2024

Conversation

jan-elastic
Copy link
Contributor

@jan-elastic jan-elastic commented Jan 16, 2024
edited
Loading

Example use:

GET _text_structure/test_grok_pattern
{
  "grok_pattern": "<%{INT:field}>%{INT:field2}: .*?: %{SYSLOGTIMESTAMP:timestamp}.*?: %.*?: .*? .*? .*? .*?%{IP:ipaddress}/%{INT:field3}, .*? .*?%{IP:ipaddress2}, .*?/%{BASE16NUM:field5} .*?/%{INT:field4}/%{NUMBER:field6}.*",
  "text": [
    "<190>38357577: KfsdOLA2-AR002: Apr 18 08:44:02.434 GMT: %PFR_MC-6-ROUTE_EVENT_INFO: Route changed Prefix 10.192.46.0/23, BR 10.121.32.255, i/f Gi0/0/0.899, Reason None, OOP Reason Timer Expired"
  ]
}

Response:

{
  "matches": [
    {
      "matched": true,
      "fields": {
        "field": [
          {
            "match": "190",
            "offset": 1,
            "length": 3
          }
        ],
        "field2": [
          {
            "match": "38357577",
            "offset": 5,
            "length": 8
          }
        ],
        "timestamp": [
          {
            "match": "Apr 18 08:44:02.434",
            "offset": 31,
            "length": 19
          }
        ],
        "ipaddress": [
          {
            "match": "10.192.46.0",
            "offset": 105,
            "length": 11
          }
        ],
        "field3": [
          {
            "match": "23",
            "offset": 117,
            "length": 2
          }
        ],
        "ipaddress2": [
          {
            "match": "10.121.32.255",
            "offset": 124,
            "length": 13
          }
        ],
        "field5": [
          {
            "match": "f",
            "offset": 141,
            "length": 1
          }
        ],
        "field4": [
          {
            "match": "0",
            "offset": 147,
            "length": 1
          }
        ],
        "field6": [
          {
            "match": "0.899",
            "offset": 149,
            "length": 5
          }
        ]
      }
    }
  ]
}

@jan-elastic jan-elastic added >enhancement :ml Machine learning Team:ML Meta label for the ML team labels Jan 16, 2024
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/ml-core (Team:ML)

@elasticsearchmachine
Copy link
Collaborator

Hi @jan-elastic, I've created a changelog YAML for you.

droberts195
droberts195 reviewed Jan 18, 2024
View reviewed changes
Copy link
Contributor

@droberts195 droberts195 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like it's on the right track.

I left some minor comments, and also we still have the open question about how variable the response format should be.

docs/changelog/104394.yaml Outdated Show resolved Hide resolved
rest-api-spec/src/main/resources/rest-api-spec/api/text_structure.test_grok_pattern.json Outdated Show resolved Hide resolved
...e/src/main/java/org/elasticsearch/xpack/core/textstructure/action/TestGrokPatternAction.java Show resolved Hide resolved
...e/src/main/java/org/elasticsearch/xpack/core/textstructure/action/TestGrokPatternAction.java Outdated Show resolved Hide resolved
...e/src/main/java/org/elasticsearch/xpack/core/textstructure/action/TestGrokPatternAction.java Outdated Show resolved Hide resolved
...e/src/main/java/org/elasticsearch/xpack/core/textstructure/action/TestGrokPatternAction.java Show resolved Hide resolved
...ain/java/org/elasticsearch/xpack/textstructure/transport/TransportTestGrokPatternAction.java Outdated Show resolved Hide resolved
...e/src/main/java/org/elasticsearch/xpack/core/textstructure/action/TestGrokPatternAction.java Outdated Show resolved Hide resolved
@droberts195
Copy link
Contributor

@elastic/es-data-management this PR changes the Grok class, so you may want to have a look. The changes there look sensible to me - they are adding a possibility for callers to be told not just matches but also positions, but without changing the outputs to existing methods. But if you have any concerns about this please let us know.

droberts195
droberts195 approved these changes Jan 23, 2024
View reviewed changes
Copy link
Contributor

@droberts195 droberts195 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

szabosteve
szabosteve approved these changes Jan 23, 2024
View reviewed changes
Copy link
Contributor

@szabosteve szabosteve left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for shepherding the docs, LGTM!

@jan-elastic jan-elastic merged commit 5dec83f into main Jan 24, 2024
16 checks passed
@jan-elastic jan-elastic deleted the test_grok_pattern branch January 24, 2024 08:36
@henningandersen henningandersen mentioned this pull request Jan 24, 2024
Closed
DaveCTurner added a commit to DaveCTurner/elasticsearch that referenced this pull request Jan 24, 2024
@DaveCTurner
TestGrokPatternAction is local-only
71d0b52 
Misc tidy-up following elastic#104394:

- This action only runs on the coordinating node, no need to define wire
  serialization for its request/response types.

- No need to subclass `ActionType`, nor to define how to receive
  responses from remote clusters.

- Moves to executing an `AbstractRunnable` to be sure to handle all
  failures (including threadpool rejections) properly.
@DaveCTurner DaveCTurner mentioned this pull request Jan 24, 2024
Merged
elasticsearchmachine pushed a commit that referenced this pull request Jan 24, 2024
@DaveCTurner
TestGrokPatternAction is local-only (#104710)
8363437 
Misc tidy-up following #104394:

- This action only runs on the coordinating node, no need to define wire
  serialization for its request/response types.

- No need to subclass `ActionType`, nor to define how to receive
  responses from remote clusters.

- Moves to executing an `AbstractRunnable` to be sure to handle all
  failures (including threadpool rejections) properly.
henningandersen pushed a commit to henningandersen/elasticsearch that referenced this pull request Jan 25, 2024
@DaveCTurner @henningandersen
TestGrokPatternAction is local-only (elastic#104710)
e6db5b0 
Misc tidy-up following elastic#104394:

- This action only runs on the coordinating node, no need to define wire
  serialization for its request/response types.

- No need to subclass `ActionType`, nor to define how to receive
  responses from remote clusters.

- Moves to executing an `AbstractRunnable` to be sure to handle all
  failures (including threadpool rejections) properly.
@jgowdyelastic jgowdyelastic mentioned this pull request Jan 30, 2024
Merged
jgowdyelastic added a commit to elastic/kibana that referenced this pull request Feb 8, 2024
@jgowdyelastic @kibanamachine @szabosteve
[ML] Adds grok highlighting to the file data visualizer (#175913)
0bca3c0 
Adds grokpattern highlighting to the file data visualizer for
semi-structured text files.
The first 5 lines of the file are displayed with inline highlighting.
Hovering the mouse over displays a tooltip with the field name and type.


![image](https://github.com/elastic/kibana/assets/22172091/7b50aeca-0255-4413-93ef-e44976e798f4)


If for whatever reason the highlighting fails, we switch back to the raw
text.

@szabosteve and @peteharverson I'm not 100% happy with the labels on the
tabs, `Highlighted text` and `Raw text`. So suggestions are welcome.



Relates to elastic/elasticsearch#104394

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: István Zoltán Szabó <[email protected]>
fkanout pushed a commit to fkanout/kibana that referenced this pull request Feb 8, 2024
@jgowdyelastic @kibanamachine
@szabosteve @fkanout
[ML] Adds grok highlighting to the file data visualizer (elastic#175913)
fd4571b 
Adds grokpattern highlighting to the file data visualizer for
semi-structured text files.
The first 5 lines of the file are displayed with inline highlighting.
Hovering the mouse over displays a tooltip with the field name and type.


![image](https://github.com/elastic/kibana/assets/22172091/7b50aeca-0255-4413-93ef-e44976e798f4)


If for whatever reason the highlighting fails, we switch back to the raw
text.

@szabosteve and @peteharverson I'm not 100% happy with the labels on the
tabs, `Highlighted text` and `Raw text`. So suggestions are welcome.



Relates to elastic/elasticsearch#104394

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: István Zoltán Szabó <[email protected]>
CoenWarmer pushed a commit to CoenWarmer/kibana that referenced this pull request Feb 15, 2024
@jgowdyelastic @kibanamachine
@szabosteve @CoenWarmer
[ML] Adds grok highlighting to the file data visualizer (elastic#175913)
b6fd584 
Adds grokpattern highlighting to the file data visualizer for
semi-structured text files.
The first 5 lines of the file are displayed with inline highlighting.
Hovering the mouse over displays a tooltip with the field name and type.


![image](https://github.com/elastic/kibana/assets/22172091/7b50aeca-0255-4413-93ef-e44976e798f4)


If for whatever reason the highlighting fails, we switch back to the raw
text.

@szabosteve and @peteharverson I'm not 100% happy with the labels on the
tabs, `Highlighted text` and `Raw text`. So suggestions are welcome.



Relates to elastic/elasticsearch#104394

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: István Zoltán Szabó <[email protected]>
fkanout pushed a commit to fkanout/kibana that referenced this pull request Mar 4, 2024
@jgowdyelastic @kibanamachine
@szabosteve @fkanout
[ML] Adds grok highlighting to the file data visualizer (elastic#175913)
cc0c42b 
Adds grokpattern highlighting to the file data visualizer for
semi-structured text files.
The first 5 lines of the file are displayed with inline highlighting.
Hovering the mouse over displays a tooltip with the field name and type.


![image](https://github.com/elastic/kibana/assets/22172091/7b50aeca-0255-4413-93ef-e44976e798f4)


If for whatever reason the highlighting fails, we switch back to the raw
text.

@szabosteve and @peteharverson I'm not 100% happy with the labels on the
tabs, `Highlighted text` and `Raw text`. So suggestions are welcome.



Relates to elastic/elasticsearch#104394

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: István Zoltán Szabó <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lcawl lcawl lcawl left review comments

@szabosteve szabosteve szabosteve approved these changes

@droberts195 droberts195 droberts195 approved these changes

Assignees
No one assigned
Labels
>enhancement :ml Machine learning Team:ML Meta label for the ML team v8.13.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jan-elastic @elasticsearchmachine @droberts195 @szabosteve @lcawl