Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EQL: Plug query params into the AstBuilder #51886

Merged
merged 5 commits into from
Feb 5, 2020

Conversation

costin
Copy link
Member

@costin costin commented Feb 4, 2020

As the eventType is customizable, plug that into the parser based on the
given request.

Add basic field resolution inside the Analyzer and a basic Verifier to
check for any unresolved fields
As the eventType is customizable, plug that into the parser based on the
given request.
@costin costin added the :Analytics/EQL EQL querying label Feb 4, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-search (:Search/EQL)

@costin
Copy link
Member Author

costin commented Feb 4, 2020

Only the last commit count - the PR is raised against #51872 (which hasn't been merged yet in master).

private RequestDefaults() {}

public static final String FIELD_TIMESTAMP = "@timestamp";
public static final String FIELD_EVENT_TYPE = "event_type";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think event.category is the best fit, but we can come back to this in another issue/PR.

Copy link
Contributor

@astefan astefan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@costin
Copy link
Member Author

costin commented Feb 5, 2020

@elasticmachine merge upstream

@costin costin merged commit 5b4a3a3 into elastic:master Feb 5, 2020
@costin costin deleted the eql/param-event_type branch February 5, 2020 13:07
costin added a commit that referenced this pull request Feb 5, 2020
* EQL: Plug query params into the AstBuilder (#51886)

As the eventType is customizable, plug that into the parser based on the
given request.

(cherry picked from commit 5b4a3a3)

* EQL: Add field resolution and verification (#51872)

Add basic field resolution inside the Analyzer and a basic Verifier to
check for any unresolved fields.

(cherry picked from commit 7087358)

* EQL: Introduce basic execution pipeline (#51809)

Add main classes that form the 'execution' pipeline are added - most of
them have no functionality; the purpose of this PR is to add flesh out
the contract between the various moving parts so that work can start on
them independently.

(cherry picked from commit 9a1bae5)

* EQL: Add AstBuilder to convert to QL tree (#51558)

* EQL: Add AstBuilder visitors
* EQL: Add tests for wildcards and sets
* EQL: Fix licensing
* EQL: Fix ExpressionTests.java license
* EQL: Cleanup imports
* EQL: PR feedback and remove LiteralBuilder
* EQL: Split off logical plan from expressions
* EQL: Remove stray import
* EQL: Add predicate handling for set checks
* EQL: Remove commented out dead code
* EQL: Remove wildcard test, wait until analyzer

(cherry picked from commit a462700)

* EQL grammar updates and tests (#49658)

* EQL: Additional tests and grammar updates
* EQL: Add backtick escaped identifiers
* EQL: Adding keywords to language
* EQL: Add checks for unsupported syntax
* EQL: Testing updates and PR feedback
* EQL: Add string escapes
* EQL: Cleanup grammar for identifier
* EQL: Remove tabs from .eql tests

(cherry picked from commit 6f1890b)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
:Analytics/EQL EQL querying
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants