Skip to content

Commit

Permalink
EQL: Expand verification tests (#52664)
Browse files Browse the repository at this point in the history 
Expand verification tests
Fix some error messaging consistency in EqlParser

Related to #51873
  • Loading branch information
@aleksmaus
aleksmaus authored Feb 24, 2020
1 parent b49b8db commit 8e02bc3
Show file tree
Hide file tree
Showing 18 changed files with 615 additions and 15 deletions.
14 changes: 7 additions & 7 deletions x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,14 +164,14 @@ public void exitFunctionExpression(EqlBaseParser.FunctionExpressionContext conte
case "arrayCount":
case "arraySearch":
throw new ParsingException(
"unsupported function " + functionName,
"Unsupported function [" + functionName + "]",
null,
token.getLine(),
token.getCharPositionInLine());

default:
throw new ParsingException(
"unknown function " + functionName,
"Unknown function [" + functionName + "]",
null,
token.getLine(),
token.getCharPositionInLine());
Expand All @@ -182,7 +182,7 @@ public void exitFunctionExpression(EqlBaseParser.FunctionExpressionContext conte
public void exitJoin(EqlBaseParser.JoinContext context) {
Token token = context.JOIN().getSymbol();
throw new ParsingException(
"join is not supported",
"Join is not supported",
null,
token.getLine(),
token.getCharPositionInLine());
Expand All @@ -192,7 +192,7 @@ public void exitJoin(EqlBaseParser.JoinContext context) {
public void exitPipe(EqlBaseParser.PipeContext context) {
Token token = context.PIPE().getSymbol();
throw new ParsingException(
"pipes are not supported",
"Pipes are not supported",
null,
token.getLine(),
token.getCharPositionInLine());
Expand All @@ -202,7 +202,7 @@ public void exitPipe(EqlBaseParser.PipeContext context) {
public void exitProcessCheck(EqlBaseParser.ProcessCheckContext context) {
Token token = context.relationship;
throw new ParsingException(
"process relationships are not supported",
"Process relationships are not supported",
null,
token.getLine(),
token.getCharPositionInLine());
Expand All @@ -212,7 +212,7 @@ public void exitProcessCheck(EqlBaseParser.ProcessCheckContext context) {
public void exitSequence(EqlBaseParser.SequenceContext context) {
Token token = context.SEQUENCE().getSymbol();
throw new ParsingException(
"sequence is not supported",
"Sequence is not supported",
null,
token.getLine(),
token.getCharPositionInLine());
Expand All @@ -223,7 +223,7 @@ public void exitQualifiedName(EqlBaseParser.QualifiedNameContext context) {
if (context.INTEGER_VALUE().size() > 0) {
Token firstIndex = context.INTEGER_VALUE(0).getSymbol();
throw new ParsingException(
"array indexes are not supported",
"Array indexes are not supported",
null,
firstIndex.getLine(),
firstIndex.getCharPositionInLine());
Expand Down
309 changes: 303 additions & 6 deletions x-pack/plugin/eql/src/test/java/org/elasticsearch/xpack/eql/analysis/VerifierTests.java
View file

Large diffs are not rendered by default.

17 changes: 17 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-alias.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"user_name" : {
"type" : "keyword"
},
"user_domain" : {
"type" : "keyword"
},
"user_name_alias": {
"type": "alias",
"path": "user_name"
}
}
}
10 changes: 10 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-binary.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"blob" : {
"type" : "binary"
}
}
}
10 changes: 10 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-boolean.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"boolean_field" : {
"type" : "boolean"
}
}
}
21 changes: 21 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-date.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"date" : {
"type" : "date"
},
"date_with_format" : {
"type" : "date",
"format" : "yyyy-MM-dd"
},
"date_with_multi_format" : {
"type" : "date",
"format" : "yyyy-MM-dd || basic_time || year"
},
"date_nanos_field" : {
"type" : "date_nanos"
}
}
}
21 changes: 21 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-default.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,27 @@
"ignore_above" : 256
}
}
},
"opcode" : {
"type" : "long"
},
"file_name" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"serial_event_id" : {
"type" : "long"
},
"source_address" : {
"type" : "ip"
},
"exit_code" : {
"type" : "long"
}
}
}
13 changes: 13 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-geo.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"location" : {
"type" : "geo_point"
},
"site": {
"type" : "geo_shape"
}
}
}
10 changes: 10 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-ip.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"ip_addr" : {
"type" : "ip"
}
}
}
16 changes: 16 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-join.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"serial_event_id" : {
"type" : "long"
},
"parent_child" : {
"type" : "join",
"relations" : {
"question" : "answer"
}
}
}
}
7 changes: 7 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-missing-event-type.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"properties" : {
"long_field" : {
"type" : "long"
}
}
}
68 changes: 68 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-multi-field.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"multi_field" : {
"type" : "text",
"fields" : {
"raw" : {
"type" : "keyword"
},
"english" : {
"type" : "text",
"analyzer" : "english"
}
}
},
"multi_field_options" : {
"type" : "text",
"fields" : {
"raw" : {
"type" : "keyword"
},
"key" : {
"type" : "keyword"
}
}
},
"multi_field_ambiguous" : {
"type" : "text",
"fields" : {
"one" : {
"type" : "keyword"
},
"two" : {
"type" : "keyword"
},
"normalized" : {
"type" : "keyword",
"normalizer" : "some_normalizer"
}
}
},
"multi_field_nested" : {
"type" : "nested",
"properties" : {
"dep_name" : {
"type" : "text"
},
"dep_id" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"end_date" : {
"type" : "date"
},
"start_date" : {
"type" : "date"
}
}
}
}
}
23 changes: 23 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-nested.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"processes" : {
"type" : "nested",
"properties" : {
"pid" : {
"type" : "long"
},
"path" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword"
}
}
}
}
}
}
}
11 changes: 11 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-nodoc.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"description_nodoc" : {
"type" : "integer",
"doc_values" : false
}
}
}
34 changes: 34 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-numeric.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"long_field" : {
"type" : "long"
},
"integer_field" : {
"type" : "integer"
},
"short_field" : {
"type" : "short"
},
"byte_field": {
"type" : "byte"
},
"double_field": {
"type" : "double"
},
"float_field" : {
"type" : "float"
},
"half_float_field" : {
"type" : "half_float"
},
"scaled_float_field": {
"type" : "scaled_float"
},
"wrong_int_type_field": {
"type" : "int"
}
}
}
17 changes: 17 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-object.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"endgame" : {
"properties" : {
"pid" : {
"type" : "long"
},
"user_name" : {
"type" : "keyword"
}
}
}
}
}
25 changes: 25 additions & 0 deletions x-pack/plugin/eql/src/test/resources/mapping-range.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{
"properties" : {
"event_type" : {
"type" : "keyword"
},
"integer_range_field" : {
"type" : "integer_range"
},
"float_range_field" : {
"type" : "float_range"
},
"long_range_field" : {
"type" : "long_range"
},
"double_range_field" : {
"type" : "double_range"
},
"date_range_field" : {
"type" : "date_range"
},
"ip_range_field" : {
"type" : "ip_range"
}
}
}
Loading

0 comments on commit 8e02bc3

Please sign in to comment.