[Event Log] use @timestamp field for queries

resolves #64275 Changes the fields used to query the event log by time range to use the `@timestamp` field. Also allow `@timestamp` as a sort option, and make it the default sort option.
elastic · Apr 24, 2020 · bf79d27 · bf79d27
1 parent a4e740e
commit bf79d27
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 9 deletions.
diff --git a/x-pack/plugins/event_log/server/es/cluster_client_adapter.test.ts b/x-pack/plugins/event_log/server/es/cluster_client_adapter.test.ts
@@ -222,7 +222,7 @@ describe('queryEventsBySavedObject', () => {
       body: {
         from: 0,
         size: 10,
-        sort: { 'event.start': { order: 'asc' } },
+        sort: { '@timestamp': { order: 'asc' } },
         query: {
           bool: {
             must: [
@@ -336,7 +336,7 @@ describe('queryEventsBySavedObject', () => {
               },
               {
                 range: {
-                  'event.start': {
+                  '@timestamp': {
                     gte: start,
                   },
                 },
@@ -405,14 +405,14 @@ describe('queryEventsBySavedObject', () => {
               },
               {
                 range: {
-                  'event.start': {
+                  '@timestamp': {
                     gte: start,
                   },
                 },
               },
               {
                 range: {
-                  'event.end': {
+                  '@timestamp': {
                     lte: end,
                   },
                 },

diff --git a/x-pack/plugins/event_log/server/es/cluster_client_adapter.ts b/x-pack/plugins/event_log/server/es/cluster_client_adapter.ts
@@ -166,14 +166,14 @@ export class ClusterClientAdapter {
                   },
                   start && {
                     range: {
-                      'event.start': {
+                      '@timestamp': {
                         gte: start,
                       },
                     },
                   },
                   end && {
                     range: {
-                      'event.end': {
+                      '@timestamp': {
                         lte: end,
                       },
                     },

diff --git a/x-pack/plugins/event_log/server/event_log_client.test.ts b/x-pack/plugins/event_log/server/event_log_client.test.ts
@@ -112,7 +112,7 @@ describe('EventLogStart', () => {
         {
           page: 1,
           per_page: 10,
-          sort_field: 'event.start',
+          sort_field: '@timestamp',
           sort_order: 'asc',
         }
       );
@@ -193,7 +193,7 @@ describe('EventLogStart', () => {
         {
           page: 1,
           per_page: 10,
-          sort_field: 'event.start',
+          sort_field: '@timestamp',
           sort_order: 'asc',
           start,
           end,

diff --git a/x-pack/plugins/event_log/server/event_log_client.ts b/x-pack/plugins/event_log/server/event_log_client.ts
@@ -36,6 +36,7 @@ export const findOptionsSchema = schema.object({
   end: optionalDateFieldSchema,
   sort_field: schema.oneOf(
     [
+      schema.literal('@timestamp'),
       schema.literal('event.start'),
       schema.literal('event.end'),
       schema.literal('event.provider'),
@@ -44,7 +45,7 @@ export const findOptionsSchema = schema.object({
       schema.literal('message'),
     ],
     {
-      defaultValue: 'event.start',
+      defaultValue: '@timestamp',
     }
   ),
   sort_order: schema.oneOf([schema.literal('asc'), schema.literal('desc')], {