Skip to content

Commit ad79758

Browse files
Merge remote-tracking branch 'elastic/master' into 61034-fix
2 parents 0dadb97 + 8da6bba commit ad79758

File tree

8 files changed

+155
-19
lines changed

8 files changed

+155
-19
lines changed

docs/reference/aggregations/pipeline/inference-bucket-aggregation.asciidoc

Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,3 +78,103 @@ include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=inference-config-classification
7878
`prediction_field_type`::
7979
(Optional, string)
8080
include::{es-repo-dir}/ml/ml-shared.asciidoc[tag=inference-config-classification-prediction-field-type]
81+
82+
83+
[[inference-bucket-agg-example]]
84+
==== Example
85+
86+
The following snippet aggregates a web log by `client_ip` and extracts a number
87+
of features via metric and bucket sub-aggregations as input to the {infer}
88+
aggregation configured with a model trained to identify suspicious client IPs:
89+
90+
[source,console]
91+
-------------------------------------------------
92+
GET kibana_sample_data_logs/_search
93+
{
94+
"size": 0,
95+
"aggs": {
96+
"client_ip": { <1>
97+
"composite": {
98+
"sources": [
99+
{
100+
"client_ip": {
101+
"terms": {
102+
"field": "clientip"
103+
}
104+
}
105+
}
106+
]
107+
},
108+
"aggs": { <2>
109+
"url_dc": {
110+
"cardinality": {
111+
"field": "url.keyword"
112+
}
113+
},
114+
"bytes_sum": {
115+
"sum": {
116+
"field": "bytes"
117+
}
118+
},
119+
"geo_src_dc": {
120+
"cardinality": {
121+
"field": "geo.src"
122+
}
123+
},
124+
"geo_dest_dc": {
125+
"cardinality": {
126+
"field": "geo.dest"
127+
}
128+
},
129+
"responses_total": {
130+
"value_count": {
131+
"field": "timestamp"
132+
}
133+
},
134+
"success": {
135+
"filter": {
136+
"term": {
137+
"response": "200"
138+
}
139+
}
140+
},
141+
"error404": {
142+
"filter": {
143+
"term": {
144+
"response": "404"
145+
}
146+
}
147+
},
148+
"error503": {
149+
"filter": {
150+
"term": {
151+
"response": "503"
152+
}
153+
}
154+
},
155+
"malicious_client_ip": { <3>
156+
"inference": {
157+
"model_id": "malicious_clients_model",
158+
"buckets_path": {
159+
"response_count": "responses_total",
160+
"url_dc": "url_dc",
161+
"bytes_sum": "bytes_sum",
162+
"geo_src_dc": "geo_src_dc",
163+
"geo_dest_dc": "geo_dest_dc",
164+
"success": "success._count",
165+
"error404": "error404._count",
166+
"error503": "error503._count"
167+
}
168+
}
169+
}
170+
}
171+
}
172+
}
173+
}
174+
-------------------------------------------------
175+
// TEST[skip:setup kibana sample data]
176+
177+
<1> A composite bucket aggregation that aggregates the data by `client_ip`.
178+
<2> A series of metrics and bucket sub-aggregations.
179+
<3> {infer-cap} bucket aggregation that contains the model ID and maps the
180+
aggregation names to the model's input fields.

plugins/repository-hdfs/src/test/java/org/elasticsearch/repositories/hdfs/HdfsBlobStoreRepositoryTests.java

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,6 @@ protected String repositoryType() {
3939

4040
@Override
4141
protected Settings repositorySettings() {
42-
assumeFalse("https://github.com/elastic/elasticsearch/issues/31498", HdfsRepositoryTests.isJava11());
4342
return Settings.builder()
4443
.put("uri", "hdfs:///")
4544
.put("conf.fs.AbstractFileSystem.hdfs.impl", TestingFs.class.getName())

plugins/repository-hdfs/src/test/java/org/elasticsearch/repositories/hdfs/HdfsRepositoryTests.java

Lines changed: 0 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,6 @@
2121
import com.carrotsearch.randomizedtesting.annotations.ThreadLeakFilters;
2222
import org.elasticsearch.action.admin.cluster.repositories.cleanup.CleanupRepositoryResponse;
2323
import org.elasticsearch.action.support.master.AcknowledgedResponse;
24-
import org.elasticsearch.bootstrap.JavaVersion;
2524
import org.elasticsearch.common.settings.MockSecureSettings;
2625
import org.elasticsearch.common.settings.SecureSettings;
2726
import org.elasticsearch.common.settings.Settings;
@@ -46,16 +45,8 @@ protected SecureSettings credentials() {
4645
return new MockSecureSettings();
4746
}
4847

49-
@Override
50-
public void tearDown() throws Exception {
51-
if (isJava11() == false) {
52-
super.tearDown();
53-
}
54-
}
55-
5648
@Override
5749
protected void createRepository(String repoName) {
58-
assumeFalse("https://github.com/elastic/elasticsearch/issues/31498", isJava11());
5950
AcknowledgedResponse putRepositoryResponse = client().admin().cluster().preparePutRepository(repoName)
6051
.setType("hdfs")
6152
.setSettings(Settings.builder()
@@ -77,8 +68,4 @@ protected void assertCleanupResponse(CleanupRepositoryResponse response, long by
7768
assertThat(response.result().blobs(), equalTo(0L));
7869
}
7970
}
80-
81-
public static boolean isJava11() {
82-
return JavaVersion.current().equals(JavaVersion.parse("11"));
83-
}
8471
}

x-pack/plugin/data-streams/qa/rest/build.gradle

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,4 +17,6 @@ dependencies {
1717
testClusters.integTest {
1818
testDistribution = 'DEFAULT'
1919
setting 'xpack.license.self_generated.type', 'basic'
20+
// disable ILM history, since it disturbs tests using _all
21+
setting 'indices.lifecycle.history_index_enabled', 'false'
2022
}

x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/StringContains.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,14 @@ protected TypeResolution resolveType() {
5858
return isStringAndExact(substring, sourceText(), Expressions.ParamOrdinal.SECOND);
5959
}
6060

61+
public Expression string() {
62+
return string;
63+
}
64+
65+
public Expression substring() {
66+
return substring;
67+
}
68+
6169
@Override
6270
protected Pipe makePipe() {
6371
return new StringContainsFunctionPipe(source(), this,

x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/planner/QueryTranslator.java

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,11 +7,13 @@
77
package org.elasticsearch.xpack.eql.planner;
88

99
import org.elasticsearch.xpack.eql.expression.function.scalar.string.CIDRMatch;
10+
import org.elasticsearch.xpack.eql.expression.function.scalar.string.StringContains;
1011
import org.elasticsearch.xpack.ql.QlIllegalArgumentException;
1112
import org.elasticsearch.xpack.ql.expression.Expression;
1213
import org.elasticsearch.xpack.ql.expression.Expressions;
1314
import org.elasticsearch.xpack.ql.expression.FieldAttribute;
1415
import org.elasticsearch.xpack.ql.expression.function.scalar.ScalarFunction;
16+
import org.elasticsearch.xpack.ql.expression.function.scalar.string.CaseSensitiveScalarFunction;
1517
import org.elasticsearch.xpack.ql.expression.predicate.logical.And;
1618
import org.elasticsearch.xpack.ql.expression.predicate.logical.Or;
1719
import org.elasticsearch.xpack.ql.planner.ExpressionTranslator;
@@ -20,6 +22,7 @@
2022
import org.elasticsearch.xpack.ql.querydsl.query.Query;
2123
import org.elasticsearch.xpack.ql.querydsl.query.ScriptQuery;
2224
import org.elasticsearch.xpack.ql.querydsl.query.TermsQuery;
25+
import org.elasticsearch.xpack.ql.querydsl.query.WildcardQuery;
2326
import org.elasticsearch.xpack.ql.util.CollectionUtils;
2427

2528
import java.util.LinkedHashSet;
@@ -41,6 +44,7 @@ final class QueryTranslator {
4144
new ExpressionTranslators.StringQueries(),
4245
new ExpressionTranslators.Matches(),
4346
new ExpressionTranslators.MultiMatches(),
47+
new CaseSensitiveScalarFunctions(),
4448
new Scalars()
4549
);
4650

@@ -112,4 +116,34 @@ public static Query doTranslate(ScalarFunction f, TranslatorHandler handler) {
112116
return handler.wrapFunctionQuery(f, f, new ScriptQuery(f.source(), f.asScript()));
113117
}
114118
}
119+
120+
public static class CaseSensitiveScalarFunctions extends ExpressionTranslator<CaseSensitiveScalarFunction> {
121+
122+
@Override
123+
protected Query asQuery(CaseSensitiveScalarFunction f, TranslatorHandler handler) {
124+
return f.isCaseSensitive() ? doTranslate(f, handler) : null;
125+
}
126+
127+
public static Query doTranslate(CaseSensitiveScalarFunction f, TranslatorHandler handler) {
128+
Expression field = null;
129+
Expression constant = null;
130+
131+
if (f instanceof StringContains) {
132+
StringContains sc = (StringContains) f;
133+
field = sc.string();
134+
constant = sc.substring();
135+
} else {
136+
return null;
137+
}
138+
139+
if (field instanceof FieldAttribute && constant.foldable()) {
140+
String targetFieldName = handler.nameOf(((FieldAttribute) field).exactAttribute());
141+
String substring = (String) constant.fold();
142+
143+
return new WildcardQuery(f.source(), targetFieldName, "*" + substring + "*");
144+
}
145+
146+
return null;
147+
}
148+
}
115149
}

x-pack/plugin/eql/src/test/resources/mapping-default.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@
5656
"type" : "text",
5757
"fields" : {
5858
"keyword" : {
59-
"type" : "keyword",
59+
"type" : "wildcard",
6060
"ignore_above" : 256
6161
}
6262
}

x-pack/plugin/eql/src/test/resources/queryfolder_tests.txt

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -189,12 +189,18 @@ process where startsWith(user_name, 'A') or startsWith(user_name, 'B')
189189
{"prefix":{"user_name":{"value":"B","boost":1.0}}}],"boost":1.0}}],"boost":1.0}}
190190
;
191191

192-
stringContains-caseSensitive
192+
stringContainsExactField-caseSensitive
193193
process where stringContains(process_name, "foo")
194194
;
195-
"script":{"source":"InternalQlScriptUtils.nullSafeFilter(InternalEqlScriptUtils.stringContains(
196-
InternalQlScriptUtils.docValue(doc,params.v0),params.v1,params.v2))"
197-
"params":{"v0":"process_name","v1":"foo","v2":true}
195+
{"bool":{"must":[{"term":{"event.category":{"value":"process","boost":1.0}}},
196+
{"wildcard":{"process_name":{"wildcard":"*foo*","boost":1.0}}}],"boost":1.0}}
197+
;
198+
199+
stringContainsExactSubField-caseSensitive
200+
process where stringContains(hostname, "foo")
201+
;
202+
{"bool":{"must":[{"term":{"event.category":{"value":"process","boost":1.0}}},
203+
{"wildcard":{"hostname.keyword":{"wildcard":"*foo*","boost":1.0}}}],"boost":1.0}}
198204
;
199205

200206
stringContains-caseInsensitive

0 commit comments

Comments
 (0)