-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EQL: Change default indices options #63192
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -83,6 +83,20 @@ setup: | |
- match: {hits.sequences.1.events.0._id: "2"} | ||
- match: {hits.sequences.1.events.1._id: "3"} | ||
|
||
--- | ||
"Execute EQL sequence by default ignores unavailable indices" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. missing |
||
- do: | ||
eql.search: | ||
index: eql_test,non_existing | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @matriv the integration test against non-existing indices There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I meant to query against only unavailable indices, just for completeness. |
||
body: | ||
query: 'sequence by valid [process where user == "SYSTEM"] [process where true]' | ||
- match: {timed_out: false} | ||
- match: {hits.total.value: 1} | ||
- match: {hits.total.relation: "eq"} | ||
- match: {hits.sequences.0.join_keys.0: true} | ||
- match: {hits.sequences.0.events.0._id: "2"} | ||
- match: {hits.sequences.0.events.1._id: "3"} | ||
|
||
--- | ||
"Execute EQL sequence with boolean key.": | ||
- do: | ||
|
@@ -96,7 +110,6 @@ setup: | |
- match: {hits.sequences.0.join_keys.0: true} | ||
- match: {hits.sequences.0.events.0._id: "2"} | ||
- match: {hits.sequences.0.events.1._id: "3"} | ||
|
||
--- | ||
"Execute some EQL in async mode": | ||
- do: | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -89,8 +89,8 @@ private void testCase(String user, String other) throws Exception { | |
} | ||
ResponseException exc = expectThrows(ResponseException.class, | ||
() -> submitAsyncEqlSearch("index-" + other, "*", TimeValue.timeValueSeconds(10), user)); | ||
assertThat(exc.getResponse().getStatusLine().getStatusCode(), equalTo(403)); | ||
assertThat(exc.getMessage(), containsString("unauthorized")); | ||
assertThat(exc.getResponse().getStatusLine().getStatusCode(), equalTo(404)); | ||
//assertThat(exc.getMessage(), containsString("unauthorized")); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @imotov not sure why this fails now... Essentially by changing the index option There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think it is because we ignore unavailable indices and ended up with no indices at all, which leads to 404. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. And previously we did not ignore them but because we couldn't get access to them to verify their existence we got the 403...Make sense. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Should we remove it then? |
||
} | ||
|
||
static String extractResponseId(Response response) throws IOException { | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@astefan the change inside EQL high-level rest client.