Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EQL: Add support for existing functions #51556

Closed
18 tasks done
rw-access opened this issue Jan 28, 2020 · 3 comments
Closed
18 tasks done

EQL: Add support for existing functions #51556

rw-access opened this issue Jan 28, 2020 · 3 comments
Assignees
@rw-access
Labels
:Analytics/EQL EQL querying Team:QL (Deprecated) Meta label for query languages team

Comments

@rw-access
Copy link
Contributor

rw-access commented Jan 28, 2020
edited
Loading

We need to add support for the subset of functions that EQL supports. Some of these may already exist from SQL, and we may need to create additional ones.

The full list is below:

elasticsearch/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/parser/EqlParser.java

Lines 134 to 153 in 6f1890b

switch (functionName) {
case "add":
case "between":
case "cidrMatch":
case "concat":
case "divide":
case "endsWith":
case "indexOf":
case "length":
case "match":
case "modulo":
case "multiply":
case "number":
case "startsWith":
case "string":
case "stringContains":
case "substring":
case "subtract":
case "wildcard":
break;

Math functions were created before EQL had math operators. These should be easy to do, and can probably be done together

Tracking remaining functions to be implemented
@rw-access rw-access added the :Analytics/EQL EQL querying label Jan 28, 2020
@rw-access rw-access self-assigned this Jan 28, 2020
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-search (:Search/EQL)

@colings86 colings86 mentioned this issue Jan 28, 2020
Closed
26 tasks
@rw-access rw-access mentioned this issue Jan 28, 2020
Merged
@costin
Copy link
Member

costin commented Mar 18, 2020

I have updated the initial description with check boxes, as we go through the functions once #53688 gets merged, we should mark them as done and indicate the relevant ticket.

I think the string functions are the first ones to be addressed as they are widely used. The operators one can be easily promoted into functions and so I would do them last as there is a workaround for them.

This was referenced Mar 20, 2020
Closed
Closed
Closed
Closed
Closed
This was referenced Mar 23, 2020
Closed
Merged
This was referenced Mar 24, 2020
Closed
Closed
Closed
@astefan astefan mentioned this issue Mar 30, 2020
Closed
This was referenced Mar 30, 2020
Closed
Closed
@astefan astefan mentioned this issue Apr 1, 2020
Closed
@rw-access rw-access mentioned this issue Apr 10, 2020
Closed
14 tasks
@rw-access rw-access changed the title Add support for existing EQL functions EQL: Add support for existing functions Apr 14, 2020
This was referenced Apr 14, 2020
Closed
Closed
@rjernst rjernst added the Team:QL (Deprecated) Meta label for query languages team label May 4, 2020
@costin
Copy link
Member

costin commented May 14, 2020

Looks like this can be closed, with #54568 as a follow-up.

@costin costin mentioned this issue Jul 16, 2020
Closed
18 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rw-access rw-access

Labels
:Analytics/EQL EQL querying Team:QL (Deprecated) Meta label for query languages team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@costin @rjernst @elasticmachine @rw-access