From ae8fe8e932b8b1a6c2550eaa044cce8991b8d32c Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Mon, 1 Jul 2024 10:31:59 +0400 Subject: [PATCH 1/3] Fix eql.search response types --- specification/_doc_ids/table.csv | 1 + specification/eql/_types/EqlHits.ts | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/specification/_doc_ids/table.csv b/specification/_doc_ids/table.csv index abaf8cbddf..def9c4b73f 100644 --- a/specification/_doc_ids/table.csv +++ b/specification/_doc_ids/table.csv @@ -143,6 +143,7 @@ eql-async-search-status-api,https://www.elastic.co/guide/en/elasticsearch/refere eql-basic-syntax,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/eql-syntax.html#eql-basic-syntax eql-search-api,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/eql-search-api.html eql-sequences,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/eql-syntax.html#eql-sequences +eql-missing-events,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/eql-syntax.html#eql-missing-events eql-syntax,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/eql-syntax.html eql,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/eql.html esql-query,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/esql-rest.html diff --git a/specification/eql/_types/EqlHits.ts b/specification/eql/_types/EqlHits.ts index f207ff141d..7983582f1e 100644 --- a/specification/eql/_types/EqlHits.ts +++ b/specification/eql/_types/EqlHits.ts @@ -45,6 +45,11 @@ export class HitsEvent { _id: Id /** Original JSON body passed for the event at index time. */ _source: TEvent + /** + * Set to `true` for events in a timespan-constrained sequence that do not meet a given condition. + * @doc_id eql-missing-events + */ + missing?: boolean fields?: Dictionary } @@ -55,5 +60,5 @@ export class HitsSequence { * Shared field values used to constrain matches in the sequence. These are defined using the by keyword in the EQL query syntax. * @doc_id eql-sequences */ - join_keys: UserDefinedValue[] + join_keys?: UserDefinedValue[] } From 6144560e2b8fcad3912d00c38a18e4d2fc928d3a Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Mon, 1 Jul 2024 11:48:32 +0400 Subject: [PATCH 2/3] Fix lint --- specification/eql/_types/EqlHits.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/specification/eql/_types/EqlHits.ts b/specification/eql/_types/EqlHits.ts index 7983582f1e..4710417b39 100644 --- a/specification/eql/_types/EqlHits.ts +++ b/specification/eql/_types/EqlHits.ts @@ -46,9 +46,9 @@ export class HitsEvent { /** Original JSON body passed for the event at index time. */ _source: TEvent /** - * Set to `true` for events in a timespan-constrained sequence that do not meet a given condition. - * @doc_id eql-missing-events - */ + * Set to `true` for events in a timespan-constrained sequence that do not meet a given condition. + * @doc_id eql-missing-events + */ missing?: boolean fields?: Dictionary } From c197d829f208e84fdb131e0f396b464260eada64 Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Mon, 1 Jul 2024 11:48:55 +0400 Subject: [PATCH 3/3] Run make contrib --- output/openapi/elasticsearch-openapi.json | 10 ++++++++-- .../elasticsearch-serverless-openapi.json | 10 ++++++++-- output/schema/schema-serverless.json | 20 ++++++++++++++++--- output/schema/schema.json | 20 ++++++++++++++++--- output/typescript/types.ts | 3 ++- 5 files changed, 52 insertions(+), 11 deletions(-) diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index f8c4d76e34..d057b75dbb 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -78919,6 +78919,13 @@ "description": "Original JSON body passed for the event at index time.", "type": "object" }, + "missing": { + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-syntax.html#eql-missing-events" + }, + "description": "Set to `true` for events in a timespan-constrained sequence that do not meet a given condition.", + "type": "boolean" + }, "fields": { "type": "object", "additionalProperties": { @@ -78957,8 +78964,7 @@ } }, "required": [ - "events", - "join_keys" + "events" ] }, "eql.search:ResultPosition": { diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index 61b05f382e..1349753c91 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -51913,6 +51913,13 @@ "description": "Original JSON body passed for the event at index time.", "type": "object" }, + "missing": { + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-syntax.html#eql-missing-events" + }, + "description": "Set to `true` for events in a timespan-constrained sequence that do not meet a given condition.", + "type": "boolean" + }, "fields": { "type": "object", "additionalProperties": { @@ -51951,8 +51958,7 @@ } }, "required": [ - "events", - "join_keys" + "events" ] }, "eql.search:ResultPosition": { diff --git a/output/schema/schema-serverless.json b/output/schema/schema-serverless.json index ad98f1c5c1..2a0f76da78 100644 --- a/output/schema/schema-serverless.json +++ b/output/schema/schema-serverless.json @@ -113905,6 +113905,20 @@ } } }, + { + "description": "Set to `true` for events in a timespan-constrained sequence that do not meet a given condition.", + "docId": "eql-missing-events", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/eql-syntax.html#eql-missing-events", + "name": "missing", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "boolean", + "namespace": "_builtins" + } + } + }, { "name": "fields", "required": false, @@ -113927,7 +113941,7 @@ } } ], - "specLocation": "eql/_types/EqlHits.ts#L41-L49" + "specLocation": "eql/_types/EqlHits.ts#L41-L54" }, { "generics": [ @@ -113971,7 +113985,7 @@ "docId": "eql-sequences", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/eql-syntax.html#eql-sequences", "name": "join_keys", - "required": true, + "required": false, "type": { "kind": "array_of", "value": { @@ -113980,7 +113994,7 @@ } } ], - "specLocation": "eql/_types/EqlHits.ts#L51-L59" + "specLocation": "eql/_types/EqlHits.ts#L56-L64" }, { "kind": "interface", diff --git a/output/schema/schema.json b/output/schema/schema.json index 54b5328f2e..22ccf47cbb 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -113385,6 +113385,20 @@ } } }, + { + "description": "Set to `true` for events in a timespan-constrained sequence that do not meet a given condition.", + "docId": "eql-missing-events", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/eql-syntax.html#eql-missing-events", + "name": "missing", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "boolean", + "namespace": "_builtins" + } + } + }, { "name": "fields", "required": false, @@ -113407,7 +113421,7 @@ } } ], - "specLocation": "eql/_types/EqlHits.ts#L41-L49" + "specLocation": "eql/_types/EqlHits.ts#L41-L54" }, { "generics": [ @@ -113451,7 +113465,7 @@ "docId": "eql-sequences", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/eql-syntax.html#eql-sequences", "name": "join_keys", - "required": true, + "required": false, "type": { "kind": "array_of", "value": { @@ -113460,7 +113474,7 @@ } } ], - "specLocation": "eql/_types/EqlHits.ts#L51-L59" + "specLocation": "eql/_types/EqlHits.ts#L56-L64" }, { "attachedBehaviors": [ diff --git a/output/typescript/types.ts b/output/typescript/types.ts index 7d83e87fb8..ca39c3478d 100644 --- a/output/typescript/types.ts +++ b/output/typescript/types.ts @@ -9817,12 +9817,13 @@ export interface EqlHitsEvent { _index: IndexName _id: Id _source: TEvent + missing?: boolean fields?: Record } export interface EqlHitsSequence { events: EqlHitsEvent[] - join_keys: any[] + join_keys?: any[] } export interface EqlDeleteRequest extends RequestBase {