Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EQL: multi-value fields support #76610

Merged
merged 4 commits into from
Aug 17, 2021
Merged

EQL: multi-value fields support #76610

merged 4 commits into from
Aug 17, 2021

Conversation

astefan
Copy link
Contributor

@astefan astefan commented Aug 17, 2021

This introduces multi-value fields support in EQL queries:

  • remove in-place optimizations (ranges, binary comparisons, negation logic)
  • functions support for different values of the same field in multi-use scenarios
  • null handling
  • negation handling
  • backwards compatibility
    A specific use-case that this PR doesn't cover: the string function with a boolean parameter used with complex expressions as argument for string. Example: where string(fieldA > 2 and not fieldB < 2 or not concat(host_name, port) == "abc:123") == "true"

The code in this PR is part of a feature branch developed separately and is made of the following previously approved PRs:

astefan and others added 4 commits August 13, 2021 02:09
@astefan
Add multi-valued fields support. Part 1 (#74567)
1ac2067 
* Add multi-valued fields support. Part 1
- remove in-place optimizations (ranges, binary comparisons, negation
logic)
- functions support for different values of the same field in multi-use
scenarios
- null handling
- negation handling
@astefan
Merge branch 'master' of https://github.com/elastic/elasticsearch int…
4925a88 
…o eql_multi_value_fields
@astefan
EQL: Backwards compatibility support for multi value fields update (#…
6d5c9be 
…76605)

Adds backwards compatibility checks and tests for multi-value fields support
@astefan
Merge branch 'master' of https://github.com/elastic/elasticsearch int…
0da7ee9 
…o eql_multi_value_fields
@elasticmachine elasticmachine added the Team:QL (Deprecated) Meta label for query languages team label Aug 17, 2021
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-ql (Team:QL)

@astefan astefan requested review from Luegg and bpintea August 17, 2021 12:02
Luegg
Luegg approved these changes Aug 17, 2021
View reviewed changes
Copy link
Contributor

@Luegg Luegg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@astefan astefan merged commit 0c2c93e into master Aug 17, 2021
@astefan astefan deleted the eql_multi_value_fields branch August 17, 2021 12:05
astefan added a commit to astefan/elasticsearch that referenced this pull request Aug 17, 2021
@astefan
EQL: mulit-value fields support (elastic#76610)
c729557 
Adds multi-valued fields support:
- remove in-place optimizations (ranges, binary comparisons, negation
logic)
- functions support for different values of the same field in multi-use
scenarios
- null handling
- negation handling
- backwards compatibility checks and tests for multi-value fields support

(cherry picked from commit 0c2c93e)
@astefan astefan mentioned this pull request Aug 17, 2021
Merged
@astefan astefan changed the title EQL: mulit-value fields support EQL: multi-value fields support Aug 17, 2021
astefan added a commit that referenced this pull request Aug 17, 2021
@astefan
EQL: multi-value fields support (#76612)
73adb7e 
* EQL: mulit-value fields support (#76610)

Adds multi-valued fields support:
- remove in-place optimizations (ranges, binary comparisons, negation
logic)
- functions support for different values of the same field in multi-use
scenarios
- null handling
- negation handling
- backwards compatibility checks and tests for multi-value fields support

(cherry picked from commit 0c2c93e)
@jrodewig jrodewig mentioned this pull request Aug 18, 2021
Merged
jrodewig added a commit that referenced this pull request Aug 19, 2021
@jrodewig
[DOCS] EQL: Remove multi-value field limitation (#76663)
f02b10d 
Changes:
* Removes the limitation for multi-value fields.
* Adds a recommendation to avoid complex expressions for Boolean comparisons to the `string` fn.

Relates to #76610.
elasticsearchmachine pushed a commit that referenced this pull request Aug 19, 2021
@jrodewig
[DOCS] EQL: Remove multi-value field limitation (#76663) (#76706)
0e429d2 
Changes:
* Removes the limitation for multi-value fields.
* Adds a recommendation to avoid complex expressions for Boolean comparisons to the `string` fn.

Relates to #76610.
# Conflicts:
#	docs/reference/eql/syntax.asciidoc
elasticsearchmachine pushed a commit that referenced this pull request Aug 19, 2021
@jrodewig
[DOCS] EQL: Remove multi-value field limitation (#76663) (#76707)
5d7fb3c 
Changes:
* Removes the limitation for multi-value fields.
* Adds a recommendation to avoid complex expressions for Boolean comparisons to the `string` fn.

Relates to #76610.
# Conflicts:
#	docs/reference/eql/syntax.asciidoc
danhermann pushed a commit to danhermann/elasticsearch that referenced this pull request Aug 19, 2021
@jrodewig @danhermann
[DOCS] EQL: Remove multi-value field limitation (elastic#76663)
f1c9eb8 
Changes:
* Removes the limitation for multi-value fields.
* Adds a recommendation to avoid complex expressions for Boolean comparisons to the `string` fn.

Relates to elastic#76610.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Luegg Luegg Luegg approved these changes

@bpintea bpintea Awaiting requested review from bpintea

Assignees
No one assigned
Labels
:Analytics/EQL EQL querying >feature Team:QL (Deprecated) Meta label for query languages team v7.15.0 v8.0.0-alpha2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@astefan @elasticmachine @Luegg @jakelandis