Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Event Log] use @timestamp field for queries #64391

Merged
merged 1 commit into from
Apr 28, 2020
Merged

[Event Log] use @timestamp field for queries #64391

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions x-pack/plugins/event_log/server/es/cluster_client_adapter.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,7 +226,7 @@ describe('queryEventsBySavedObject', () => {
body: {
from: 0,
size: 10,
sort: { 'event.start': { order: 'asc' } },
sort: { '@timestamp': { order: 'asc' } },
query: {
bool: {
must: [
Expand Down Expand Up @@ -340,7 +340,7 @@ describe('queryEventsBySavedObject', () => {
},
{
range: {
'event.start': {
'@timestamp': {
gte: start,
},
},
Expand Down Expand Up @@ -409,14 +409,14 @@ describe('queryEventsBySavedObject', () => {
},
{
range: {
'event.start': {
'@timestamp': {
gte: start,
},
},
},
{
range: {
'event.end': {
'@timestamp': {
lte: end,
},
},
Expand Down
4 changes: 2 additions & 2 deletions x-pack/plugins/event_log/server/es/cluster_client_adapter.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -176,14 +176,14 @@ export class ClusterClientAdapter {
},
start && {
range: {
'event.start': {
'@timestamp': {
gte: start,
},
},
},
end && {
range: {
'event.end': {
'@timestamp': {
lte: end,
},
},
Expand Down
4 changes: 2 additions & 2 deletions x-pack/plugins/event_log/server/event_log_client.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ describe('EventLogStart', () => {
{
page: 1,
per_page: 10,
sort_field: 'event.start',
sort_field: '@timestamp',
sort_order: 'asc',
}
);
Expand Down Expand Up @@ -193,7 +193,7 @@ describe('EventLogStart', () => {
{
page: 1,
per_page: 10,
sort_field: 'event.start',
sort_field: '@timestamp',
sort_order: 'asc',
start,
end,
Expand Down
3 changes: 2 additions & 1 deletion x-pack/plugins/event_log/server/event_log_client.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ export const findOptionsSchema = schema.object({
end: optionalDateFieldSchema,
sort_field: schema.oneOf(
[
schema.literal('@timestamp'),
schema.literal('event.start'),
schema.literal('event.end'),
schema.literal('event.provider'),
Expand All @@ -44,7 +45,7 @@ export const findOptionsSchema = schema.object({
schema.literal('message'),
],
{
defaultValue: 'event.start',
defaultValue: '@timestamp',
}
),
sort_order: schema.oneOf([schema.literal('asc'), schema.literal('desc')], {
Expand Down
51 changes: 16 additions & 35 deletions x-pack/test/plugin_api_integration/test_suites/event_log/public_api_integration.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
import { merge, omit, times, chunk, isEmpty } from 'lodash';
import uuid from 'uuid';
import expect from '@kbn/expect/expect.js';
import moment, { Moment } from 'moment';
import moment from 'moment';
import { FtrProviderContext } from '../../ftr_provider_context';
import { IEvent } from '../../../../plugins/event_log/server';
import { IValidatedEvent } from '../../../../plugins/event_log/server/types';
Expand Down Expand Up @@ -43,10 +43,8 @@ export default function({ getService }: FtrProviderContext) {
it('should support pagination for events', async () => {
const id = uuid.v4();

const timestamp = moment();
const [firstExpectedEvent, ...expectedEvents] = times(6, () =>
fakeEvent(id, fakeEventTiming(timestamp.add(1, 's')))
);
const [firstExpectedEvent, ...expectedEvents] = times(6, () => fakeEvent(id));

// run one first to create the SO and avoid clashes
await logTestEvent(id, firstExpectedEvent);
await Promise.all(expectedEvents.map(event => logTestEvent(id, event)));
Expand Down Expand Up @@ -82,10 +80,7 @@ export default function({ getService }: FtrProviderContext) {
it('should support sorting by event end', async () => {
const id = uuid.v4();

const timestamp = moment();
const [firstExpectedEvent, ...expectedEvents] = times(6, () =>
fakeEvent(id, fakeEventTiming(timestamp.add(1, 's')))
);
const [firstExpectedEvent, ...expectedEvents] = times(6, () => fakeEvent(id));
// run one first to create the SO and avoid clashes
await logTestEvent(id, firstExpectedEvent);
await Promise.all(expectedEvents.map(event => logTestEvent(id, event)));
Expand All @@ -106,21 +101,24 @@ export default function({ getService }: FtrProviderContext) {
it('should support date ranges for events', async () => {
const id = uuid.v4();

const timestamp = moment();

const firstEvent = fakeEvent(id, fakeEventTiming(timestamp));
// write a document that shouldn't be found in the inclusive date range search
const firstEvent = fakeEvent(id);
await logTestEvent(id, firstEvent);
await delay(100);

const start = timestamp.add(1, 's').toISOString();
// wait a second, get the start time for the date range search
await delay(1000);
const start = new Date().toISOString();

const expectedEvents = times(6, () => fakeEvent(id, fakeEventTiming(timestamp.add(1, 's'))));
// write the documents that we should be found in the date range searches
const expectedEvents = times(6, () => fakeEvent(id));
await Promise.all(expectedEvents.map(event => logTestEvent(id, event)));

const end = timestamp.add(1, 's').toISOString();
// get the end time for the date range search
const end = new Date().toISOString();

await delay(100);
const lastEvent = fakeEvent(id, fakeEventTiming(timestamp.add(1, 's')));
// write a document that shouldn't be found in the inclusive date range search
await delay(1000);
const lastEvent = fakeEvent(id);
await logTestEvent(id, lastEvent);

await retry.try(async () => {
Expand Down Expand Up @@ -195,29 +193,12 @@ export default function({ getService }: FtrProviderContext) {
.expect(200);
}

function fakeEventTiming(start: Moment): Partial<IEvent> {
return {
event: {
start: start.toISOString(),
end: start
.clone()
.add(500, 'milliseconds')
.toISOString(),
},
};
}

function fakeEvent(id: string, overrides: Partial<IEvent> = {}): IEvent {
const start = moment().toISOString();
const end = moment().toISOString();
return merge(
{
event: {
provider: 'event_log_fixture',
action: 'test',
start,
end,
duration: 1000000,
},
kibana: {
saved_objects: [
Expand Down
3 changes: 2 additions & 1 deletion x-pack/test/plugin_api_integration/test_suites/event_log/service_api_integration.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
import uuid from 'uuid';
import expect from '@kbn/expect/expect.js';
import { IEvent } from '../../../../plugins/event_log/server';
import { FtrProviderContext } from '../../ftr_provider_context';
Expand Down Expand Up @@ -97,7 +98,7 @@ export default function({ getService }: FtrProviderContext) {
await registerProviderActions('provider4', ['action1', 'action2']);
}

const eventId = '1';
const eventId = uuid.v4();
const event: IEvent = {
event: { action: 'action1', provider: 'provider4' },
kibana: { saved_objects: [{ type: 'event_log_test', id: eventId }] },
Expand Down