elastic-esql 0.1.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/elastic/esql.rb +61 -9
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ee4efdbcbcfd0ced3cc7d373b9fe58719f3434c995a75112ce5c2740509b8840
|
|
4
|
+
data.tar.gz: 4c11d6fd4dfd95b27e34bd189904c83abf469ac06c06a3672d170bac1ae1e30f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3fa05ddee1fceb1f300e3c16ca6b8ab32fead629bf20e50d6f406694cdc97400d8bef450e0ef050dd86a95bbd9c1bf69b2384ca641b0605e2048eb86e66b549d
|
|
7
|
+
data.tar.gz: cb732b90ceb859d05872705bf777886d9b8a844bd82d7cbf5351203516b78e304f427ed727d1a8576966f87f999447fae9a880b6d7a5ea6d4b7efe3d60cd0cc5
|
data/lib/elastic/esql.rb
CHANGED
|
@@ -21,19 +21,25 @@ require_relative 'dissect'
|
|
|
21
21
|
require_relative 'drop'
|
|
22
22
|
require_relative 'enrich'
|
|
23
23
|
require_relative 'eval'
|
|
24
|
+
require_relative 'functions'
|
|
24
25
|
require_relative 'grok'
|
|
25
|
-
require_relative 'limit'
|
|
26
26
|
require_relative 'keep'
|
|
27
|
+
require_relative 'limit'
|
|
28
|
+
require_relative 'lookup_join'
|
|
29
|
+
require_relative 'metadata'
|
|
27
30
|
require_relative 'rename'
|
|
28
31
|
require_relative 'row'
|
|
29
32
|
require_relative 'show'
|
|
30
33
|
require_relative 'sort'
|
|
34
|
+
require_relative 'stats'
|
|
35
|
+
require_relative 'ts'
|
|
31
36
|
require_relative 'where'
|
|
32
37
|
|
|
33
38
|
module Elastic
|
|
34
39
|
# @example
|
|
35
40
|
# Elastic::ESQL.from('sample_data').sort_descending('@timestamp').limit(3).to_s
|
|
36
41
|
# # => FROM 'sample_data' | SORT @timestamp desc | LIMIT 3
|
|
42
|
+
# rubocop:disable Metrics/ClassLength
|
|
37
43
|
class ESQL
|
|
38
44
|
include ChangePoint
|
|
39
45
|
include Custom
|
|
@@ -43,16 +49,23 @@ module Elastic
|
|
|
43
49
|
include Grok
|
|
44
50
|
include Keep
|
|
45
51
|
include Limit
|
|
52
|
+
include LookupJoin
|
|
53
|
+
include Metadata
|
|
46
54
|
include Rename
|
|
47
55
|
include Row
|
|
48
56
|
include Show
|
|
49
57
|
include Sort
|
|
58
|
+
include Stats
|
|
59
|
+
include TS
|
|
50
60
|
include Where
|
|
51
|
-
|
|
61
|
+
|
|
62
|
+
SOURCE_COMMANDS = [:from, :row, :show, :ts].freeze
|
|
52
63
|
|
|
53
64
|
def initialize
|
|
54
65
|
@query = {}
|
|
55
66
|
@custom = []
|
|
67
|
+
@metadata = []
|
|
68
|
+
@lookup_joins = []
|
|
56
69
|
end
|
|
57
70
|
|
|
58
71
|
# Function to build the ES|QL formatted query and return it as a String.
|
|
@@ -62,16 +75,14 @@ module Elastic
|
|
|
62
75
|
raise ArgumentError, 'No source command found' unless source_command_present?
|
|
63
76
|
|
|
64
77
|
@query[:enrich] = @enriches.join('| ') if @enriches
|
|
65
|
-
string_query =
|
|
66
|
-
|
|
67
|
-
end.join(' | ')
|
|
68
|
-
|
|
78
|
+
string_query = build_string_query
|
|
79
|
+
string_query.concat(build_lookup_joins) unless @lookup_joins.empty?
|
|
69
80
|
string_query.concat(" #{@custom.join(' ')}") unless @custom.empty?
|
|
70
81
|
string_query
|
|
71
82
|
end
|
|
72
83
|
|
|
73
|
-
# Creates a new Enrich object to chain with +on+ and +with+. If other
|
|
74
|
-
# Enrich object, it
|
|
84
|
+
# Creates a new Enrich object to chain with +on+ and +with+. If other method is chained to the
|
|
85
|
+
# Enrich object, it calls it upon the ESQL object that instantiated it, and returns it.
|
|
75
86
|
# @return [Elastic::Enrich]
|
|
76
87
|
def enrich(policy)
|
|
77
88
|
@enriches ||= []
|
|
@@ -105,6 +116,10 @@ module Elastic
|
|
|
105
116
|
new.row(*params)
|
|
106
117
|
end
|
|
107
118
|
|
|
119
|
+
def self.ts(*params)
|
|
120
|
+
new.ts(*params)
|
|
121
|
+
end
|
|
122
|
+
|
|
108
123
|
# Instance method to allow to update +from+ with +esql.from('different_source')+.
|
|
109
124
|
# @param [String] index_pattern A list of indices, data streams or aliases. Supports wildcards and date math.
|
|
110
125
|
def from(index_pattern)
|
|
@@ -118,6 +133,22 @@ module Elastic
|
|
|
118
133
|
query
|
|
119
134
|
end
|
|
120
135
|
|
|
136
|
+
# rubocop:disable Naming/MethodName, Naming/BinaryOperatorParameterName
|
|
137
|
+
def self.🐔(message)
|
|
138
|
+
"ROW CHICKEN(\"#{message}\")"
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
def 🐔(message)
|
|
142
|
+
self.class.🐔(message)
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
alias chicken 🐔
|
|
146
|
+
|
|
147
|
+
class << self
|
|
148
|
+
alias chicken 🐔
|
|
149
|
+
end
|
|
150
|
+
# rubocop:enable Naming/MethodName, Naming/BinaryOperatorParameterName
|
|
151
|
+
|
|
121
152
|
private
|
|
122
153
|
|
|
123
154
|
# Function for eval, row, and other functions that have one or more columns with values specified
|
|
@@ -134,7 +165,7 @@ module Elastic
|
|
|
134
165
|
# Error raised when a function expects a Hash and something else is passed in, with explanation
|
|
135
166
|
def raise_hash_error(name)
|
|
136
167
|
raise ArgumentError, "#{name.to_s.upcase} needs a Hash as a parameter where the keys are the " \
|
|
137
|
-
|
|
168
|
+
'column names and the value is the function or expression to calculate.'
|
|
138
169
|
end
|
|
139
170
|
|
|
140
171
|
# Used when building the query from hash params function
|
|
@@ -157,5 +188,26 @@ module Elastic
|
|
|
157
188
|
esql.send("#{name}!", *params)
|
|
158
189
|
esql
|
|
159
190
|
end
|
|
191
|
+
|
|
192
|
+
# Helper to build the LOOKUP JOIN part of the query.
|
|
193
|
+
def build_lookup_joins
|
|
194
|
+
joins = @lookup_joins.map { |a| a.map { |k, v| "LOOKUP JOIN #{k} ON #{v}" } }.flatten.join(' | ')
|
|
195
|
+
" | #{joins}"
|
|
196
|
+
end
|
|
197
|
+
|
|
198
|
+
# Helper to build the String for the simpler functions.
|
|
199
|
+
# These are of the form 'key.upcase value' like 'DROP value'
|
|
200
|
+
# If metadata has been set, it needs to be added to FROM. There's a possibility there'll be more
|
|
201
|
+
# special cases like this in the future, they can be added here.
|
|
202
|
+
def build_string_query
|
|
203
|
+
@query.map do |k, v|
|
|
204
|
+
if k == :from && !@metadata.empty?
|
|
205
|
+
"#{k.upcase} #{v} METADATA #{@metadata.join(', ')}"
|
|
206
|
+
else
|
|
207
|
+
"#{k.upcase} #{v}"
|
|
208
|
+
end
|
|
209
|
+
end.join(' | ')
|
|
210
|
+
end
|
|
160
211
|
end
|
|
212
|
+
# rubocop:enable Metrics/ClassLength
|
|
161
213
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: elastic-esql
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Fernando Briano
|
|
@@ -104,7 +104,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
104
104
|
- !ruby/object:Gem::Version
|
|
105
105
|
version: '0'
|
|
106
106
|
requirements: []
|
|
107
|
-
rubygems_version:
|
|
107
|
+
rubygems_version: 4.0.3
|
|
108
108
|
specification_version: 4
|
|
109
109
|
summary: Elastic ES|QL Query builder
|
|
110
110
|
test_files: []
|