Skip to content

EQL: Adds an ability to execute an asynchronous EQL search #57992

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 26 commits into from
Jun 16, 2020
Merged

EQL: Adds an ability to execute an asynchronous EQL search #57992

merged 26 commits into from
Jun 16, 2020

Conversation

@imotov
Copy link
Contributor

@imotov imotov commented Jun 11, 2020

Adds async support to EQL searches

Closes #49638

imotov and others added 20 commits May 13, 2020 09:50
@imotov
EQL: Adds an ability to start an asynchronous EQL search (#56631)
fcebd4f 
Adds support for async searches to eql search API. This commit is limited to
only submitting search API requests and doesn't provide APIs to get results
nor delete the results. These functions will be added in follow up PRs.

Relates to #49638
@imotov
Merge remote-tracking branch 'elastic/master' into feature/async-eql
4989ff6
@imotov
EQL: Switch to RestCancellableNodeClient in EQL search (#56692)
c969444 
Switches to RestCancellableNodeClient wrapper for eql search operation in
order to detect clients closing the connection and cancelling the operation.

Relates to #49638
@jrodewig
[DOCS] EQL: Document async search submits (#56704)
aee5618
@imotov
Merge remote-tracking branch 'elastic/master' into feature/async-eql
dd2ac8e
@imotov
Merge remote-tracking branch 'elastic/master' into feature/async-eql
c4960d5
@jrodewig
[DOCS] EQL: Fix merge conflict in search API docs
a3b55d4
@imotov
Merge remote-tracking branch 'elastic/master' into feature/async-eql
a301eab
@imotov
Fix EQL doc tests after master merge
39df45e
@imotov
EQL: Adds get async EQL search result action (#56852)
e999819 
Adds support for retrieving async EQL search result s to eql search API.

Relates to #49638
@imotov
Merge remote-tracking branch 'elastic/master' into feature/async-eql
0d074a6
@jrodewig
[DOCS] EQL: Document get async EQL search API (#57366)
78146bb
@jrodewig
[DOCS] EQL: Fix hits param for sequences (#57410) (#57525)
34c4505
@jrodewig
[DOCS] EQL: Add dev admonition to EQL pages (#57531) (#57534)
b30cc2b 
Adds the `dev` admonition to EQL features, which are in development
under a feature flag.
@imotov
EQL: Adds delete async EQL search result action (#57258)
5a95b0f 
Adds support for deleting async EQL search results to EQL search API.

Relates to #49638
@imotov
Merge remote-tracking branch 'elastic/master' into feature/async-eql
d197a85
@jrodewig
[DOCS] EQL: Document delete async search API (#57732)
6d7acd0
@jrodewig
[DOCS] EQL: Correct EQL search API's size param def
7f5b727 
The `size` parameter can be used to limit matching events or sequences.
@imotov
Merge remote-tracking branch 'elastic/master' into feature/async-eql
8072646
@imotov
Move async task maintenance service to core plugin (#57700)
509c674 
The async task task maintenance service is used by both async search plugin
as well as EQL plugin. So it needs to reside in the core.

Relates to #49638
@imotov imotov added the :Analytics/EQL EQL querying label Jun 11, 2020
@imotov imotov requested review from costin and jimczi June 11, 2020 15:17
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jun 11, 2020

Pinging @elastic/es-ql (:Query Languages/EQL)

@elasticmachine elasticmachine added the Team:QL (Deprecated) Meta label for query languages team label Jun 11, 2020
jimczi
jimczi approved these changes Jun 11, 2020
View reviewed changes
Copy link
Contributor

@jimczi jimczi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left the specific EQL part for @costin but the refactoring of the async components looks good to me. Thanks for iterating on this @imotov !

@imotov
Copy link
Contributor Author

imotov commented Jun 11, 2020

@elasticmachine update branch

@imotov
Copy link
Contributor Author

imotov commented Jun 12, 2020

@elasticmachine update branch

@imotov
Copy link
Contributor Author

imotov commented Jun 12, 2020

@elasticmachine update branch

costin
costin approved these changes Jun 16, 2020
View reviewed changes
Copy link
Member

@costin costin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@imotov
Copy link
Contributor Author

imotov commented Jun 16, 2020

@elasticmachine update branch

@imotov imotov merged commit f5e6ca0 into master Jun 16, 2020
@imotov imotov deleted the feature/async-eql branch June 16, 2020 15:45
@imotov
Copy link
Contributor Author

imotov commented Jun 16, 2020

@jimczi @costin thanks a lot for reviews and guidance!!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@costin costin costin approved these changes

@jimczi jimczi jimczi approved these changes

Assignees

No one assigned

Labels

:Analytics/EQL EQL querying Team:QL (Deprecated) Meta label for query languages team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Make EQL REST Querying API async

6 participants

@imotov @elasticmachine @costin @jimczi @jrodewig