-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EQL: Add concat function #55193
EQL: Add concat function #55193
Conversation
Pinging @elastic/es-ql (:Query Languages/EQL) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good in general, but I would like to see more tests, please.
TypeResolution resolution = TypeResolution.TYPE_RESOLVED; | ||
int index = 0; | ||
for (Expression value : values) { | ||
resolution = isExact(value, sourceText(), ParamOrdinal.fromIndex(index)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why only isExact
? Shouldn't this be a string only type of value?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also, this loop goes through all of concat
's values and returns the resolution of the last element in list. Shouldn't, maybe, stop at the first resolution that is .unresolved()
and return that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed in 9295e79
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, this accepts non string parameters as well, and calls .toString()
on them
the example uses pid
which is a long
https://eql.readthedocs.io/en/latest/query-guide/functions.html#concat
...n/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/ConcatFunctionPipe.java
Outdated
Show resolved
Hide resolved
...n/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/ConcatFunctionPipe.java
Outdated
Show resolved
Hide resolved
@@ -14,6 +14,16 @@ query = ''' | |||
file where between(file_path, "dev", ".json", true) == "\\TestLogs\\something" | |||
''' | |||
|
|||
[[queries]] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please, add more integration tests here:
- with one pattern only
- with an empty string pattern among other patterns
- with
null
patterns
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With all nulls as well
...n/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/ConcatFunctionPipe.java
Outdated
Show resolved
Hide resolved
...n/java/org/elasticsearch/xpack/eql/expression/function/scalar/string/ConcatFunctionPipe.java
Outdated
Show resolved
Hide resolved
Co-Authored-By: Andrei Stefan <astefan@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems good overall, I agree with @astefan about more tests with nulls and empty strings.
- Should
ConcatFunctionPipe
also have tests? - Also missing the context maybe, shouldn't it operate on
text
too (inexact) ?
@@ -14,6 +14,16 @@ query = ''' | |||
file where between(file_path, "dev", ".json", true) == "\\TestLogs\\something" | |||
''' | |||
|
|||
[[queries]] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With all nulls as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Left one more comment regarding the error message that gets logged when the fields are not of the required type.
VerificationException e = expectThrows(VerificationException.class, | ||
() -> plan("process where concat(plain_text)")); | ||
String msg = e.getMessage(); | ||
assertEquals("Found 1 problem\nline 1:15: [concat(plain_text)] cannot operate on first argument field of data type " |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small improvement here: if it's possible for a one argument call to not use "first" in the error message, that would look more user friendly.
Also, I would like to see one or two tests where another argument different from the first doesn't fulfill the restriction.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
* EQL: Add concat function * EQL: for loop spacing for concat * EQL: return unresolved arguments to concat early * EQL: Add concat integration tests * EQL: Fix concat query fail test * EQL: Add class for concat function testing * EQL: Add concat integration tests * EQL: Update concat() null behavior
7.x backport 3890820 |
Closes #55185
Adds variable argument
concat
function. This function will never return null, and only skips over null input parameters.In #55185, I raise three different options for null handling. Currently, I'm choosing the first.
But I'm wondering if the second option (return null if any input is null) is the most appropriate and consistent with null handling. Having a coalesce function to make the user manually handle nulls seems like a better choice than just ignoring null inputs.