Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement EQL Pipes in EQL Plugin #49627

Closed
2 of 7 tasks
colings86 opened this issue Nov 27, 2019 · 4 comments
Closed
2 of 7 tasks

Implement EQL Pipes in EQL Plugin #49627

colings86 opened this issue Nov 27, 2019 · 4 comments
Labels
:Analytics/EQL EQL querying Team:QL (Deprecated) Meta label for query languages team

Comments

@colings86
Copy link
Contributor

colings86 commented Nov 27, 2019
edited by costin
Loading

EQL has the concept of pipes which run logic on the results of an eql query and can be combined. Regardless of the fact that in some cases the execution of these pipes can be pushed down to the Search API and run as aggregations (this will be addressed in a later issue) we need to implement the logic in the EQL plugin since there are many cases, including any EQL queries using sequence or join where we will not be able to push the evaluation down to the search API.

The pipe operations that need to be implemented are:

  • count
  • unique
  • unique_count
  • filter
  • sort
  • head
  • tail
@colings86 colings86 added the :Analytics/EQL EQL querying label Nov 27, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-search (:Search/EQL)

This was referenced Nov 27, 2019
Closed
Open
@rjernst rjernst added the Team:QL (Deprecated) Meta label for query languages team label May 4, 2020
@costin
Copy link
Member

costin commented Jul 2, 2020

Pipe infrastructure, head and tail are introduced through #58536

@costin costin mentioned this issue Jul 16, 2020
Closed
18 tasks
@costin
Copy link
Member

costin commented Jul 17, 2020

Raised a dedicated issue for filter through #59763

@costin
Copy link
Member

costin commented Oct 28, 2020

Currently there are no plans to introduce other pipes for 7.11 GA hence why I'm closing the issue.
A new issue should be opened if this topic needs to be revisited.

@costin costin closed this as completed Oct 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
:Analytics/EQL EQL querying Team:QL (Deprecated) Meta label for query languages team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@costin @colings86 @rjernst @elasticmachine