Skip to content

ES|QL support #235

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 6, 2025
Merged

ES|QL support #235

merged 2 commits into from
Jun 6, 2025

Conversation

mashhurs
Copy link
Contributor

@mashhurs mashhurs commented Jun 6, 2025

Cherry picking #233 and updating branch/version specific changelog and version.

ES|QL support:

  • introduces query_type params, accepts dsl or esql option.
  • adds ES|QL executor to execute ESQL query and parse/map response to event validations
  • make sure LS (8.17.4+) supports ES|QL (new elasticsearch-ruby client)
  • make sure connected ES is greater than 8.11+
  • query isn't empty or meaningful that starts with command syntax
  • if query_type is esql, make sure we accept meaningful inputs and do not allow response_type, index, etc.. DSL related params
  • informing if query isn't using METADATA which adds _id, _version to the response entries
  • informing ineffective params such as size, search_api, target if users configure ES|QL results field names in a dotted format. The plugin reproduces nested (example {a.b.c: 'val'} => {'a':{'b':{'c':'val'}}})
@mashhurs
ES|QL support
552cc88 
- introduces query_type params, accepts dsl or esql option. - adds ES|QL executor to execute ESQL query and parse/map response to event validations - make sure LS (8.17.4+) supports ES|QL (new elasticsearch-ruby client) - make sure connected ES is greater than 8.11+ - query isn't empty or meaningful that starts with command syntax - if query_type is esql, make sure we accept meaningful inputs and do not allow response_type, index, etc.. DSL related params - informing if query isn't using METADATA which adds _id, _version to the response entries - informing ineffective params such as size, search_api, target if users configure ES|QL results field names in a dotted format. The plugin reproduces nested (example {a.b.c: 'val'} => {'a':{'b':{'c':'val'}}})
mashhurs
mashhurs commented Jun 6, 2025
View reviewed changes
robbavey
robbavey approved these changes Jun 6, 2025
View reviewed changes
Copy link
Contributor

@robbavey robbavey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm
@mashhurs mashhurs merged commit 79f9f43 into logstash-plugins:4.x Jun 6, 2025
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
2 participants
@mashhurs @robbavey