forked from elastic/elasticsearch
-
Notifications
You must be signed in to change notification settings - Fork 0
/
templates_5x_spec.rb
98 lines (79 loc) · 3.53 KB
/
templates_5x_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
require_relative "../../../spec/es_spec_helper"
if ESHelper.es_version_satisfies?(">= 5")
describe "index template expected behavior for 5.x", :integration => true do
subject! do
require "logstash/outputs/elasticsearch"
settings = {
"manage_template" => true,
"template_overwrite" => true,
"hosts" => "#{get_host_port()}"
}
next LogStash::Outputs::ElasticSearch.new(settings)
end
before :each do
# Delete all templates first.
require "elasticsearch"
# Clean ES of data before we start.
@es = get_client
@es.indices.delete_template(:name => "*")
# This can fail if there are no indexes, ignore failure.
@es.indices.delete(:index => "*") rescue nil
subject.register
subject.multi_receive([
LogStash::Event.new("message" => "sample message here"),
LogStash::Event.new("somemessage" => { "message" => "sample nested message here" }),
LogStash::Event.new("somevalue" => 100),
LogStash::Event.new("somevalue" => 10),
LogStash::Event.new("somevalue" => 1),
LogStash::Event.new("country" => "us"),
LogStash::Event.new("country" => "at"),
LogStash::Event.new("geoip" => { "location" => [ 0.0, 0.0 ] })
])
@es.indices.refresh
# Wait or fail until everything's indexed.
Stud::try(20.times) do
r = @es.search
expect(r["hits"]["total"]).to eq(8)
end
end
it "permits phrase searching on string fields" do
results = @es.search(:q => "message:\"sample message\"")
expect(results["hits"]["total"]).to eq(1)
expect(results["hits"]["hits"][0]["_source"]["message"]).to eq("sample message here")
end
it "numbers dynamically map to a numeric type and permit range queries" do
results = @es.search(:q => "somevalue:[5 TO 105]")
expect(results["hits"]["total"]).to eq(2)
values = results["hits"]["hits"].collect { |r| r["_source"]["somevalue"] }
expect(values).to include(10)
expect(values).to include(100)
expect(values).to_not include(1)
end
it "does not create .keyword field for top-level message field" do
results = @es.search(:q => "message.keyword:\"sample message here\"")
expect(results["hits"]["total"]).to eq(0)
end
it "creates .keyword field for nested message fields" do
results = @es.search(:q => "somemessage.message.keyword:\"sample nested message here\"")
expect(results["hits"]["total"]).to eq(1)
end
it "creates .keyword field from any string field which is not_analyzed" do
results = @es.search(:q => "country.keyword:\"us\"")
expect(results["hits"]["total"]).to eq(1)
expect(results["hits"]["hits"][0]["_source"]["country"]).to eq("us")
# partial or terms should not work.
results = @es.search(:q => "country.keyword:\"u\"")
expect(results["hits"]["total"]).to eq(0)
end
it "make [geoip][location] a geo_point" do
expect(@es.indices.get_template(name: "logstash")["logstash"]["mappings"][get_mapping_name]["properties"]["geoip"]["properties"]["location"]["type"]).to eq("geo_point")
end
it "aggregate .keyword results correctly " do
results = @es.search(:body => { "aggregations" => { "my_agg" => { "terms" => { "field" => "country.keyword" } } } })["aggregations"]["my_agg"]
terms = results["buckets"].collect { |b| b["key"] }
expect(terms).to include("us")
# 'at' is a stopword, make sure stopwords are not ignored.
expect(terms).to include("at")
end
end
end