Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Groovy removed from Elasticsearch 6 #575

Closed
r3dham opened this issue Mar 26, 2018 · 10 comments
Closed

Groovy removed from Elasticsearch 6 #575

r3dham opened this issue Mar 26, 2018 · 10 comments
Assignees
@berggren
Labels
Bug

Comments

@r3dham
Copy link

r3dham commented Mar 26, 2018
edited
Loading

https://www.elastic.co/guide/en/elasticsearch/reference/current/breaking_60_scripting_changes.html

As TimeSketch is still using Groovy, annotation and stars don't work on Elasticsearch 6.
Could you update the script to Painless?
@mari0d
Copy link
Contributor

mari0d commented Apr 22, 2018

@r3dham I'm working on a PR for this. I have TimeSketch working cleanly with ES 6.x at https://github.com/mari0d/timesketch/tree/mari0d/painless and we are using that fork internally, but it currently isn't fully compatible with ES 5.x. Once I have the ES 5.x support back in I will open the PR (may need some handholding).

@mari0d
Copy link
Contributor

mari0d commented Apr 22, 2018

@berggren is it worth me taking the time to do a PR for the work above? Not sure how far along you are with it; just noticed that you mentioned in issue 557 that you had the work queued up.

@mari0d mari0d mentioned this issue Apr 24, 2018
Closed
@berggren
Copy link
Contributor

berggren commented May 1, 2018

@mari0d Sorry for the delay. We already have painless scripts ready in the repository. We just need to update the documentation and make some minor changes to the loading.

Example:
https://github.com/google/timesketch/blob/master/contrib/add_label.painless

I will make this a priority to have Timesketch be ES 6.x ready by default.

@berggren berggren added the Bug label May 1, 2018
@berggren berggren self-assigned this May 1, 2018
@r3dham
Copy link
Author

r3dham commented May 10, 2018
edited
Loading

Same error for annotation as bellow with painless scripts in @mari0d's and master branch

[2018-05-10 06:16:31,746] ERROR in app: Exception on /api/v1/sketches/2/event/annotate/ [POST]
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1612, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python2.7/dist-packages/flask/app.py", line 1598, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/usr/local/lib/python2.7/dist-packages/flask_restful/__init__.py", line 480, in wrapper
    resp = resource(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/flask/views.py", line 84, in view
    return self.dispatch_request(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/flask_restful/__init__.py", line 595, in dispatch_request
    resp = meth(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/flask_login/utils.py", line 228, in decorated_view
    return func(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/timesketch/api/v1/resources.py", line 860, in post
    toggle=toggle)
  File "/usr/local/lib/python2.7/dist-packages/timesketch/lib/datastores/elastic.py", line 417, in set_label
    body=script)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/utils.py", line 73, in _wrapped
    return func(*args, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/client/__init__.py", line 525, in update
    doc_type, id, '_update'), params=params, body=body)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/transport.py", line 312, in perform_request
    status, headers, data = connection.perform_request(method, url, params, body, ignore=ignore, timeout=timeout)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/http_urllib3.py", line 128, in perform_request
    self._raise_error(response.status, raw_data)
  File "/usr/local/lib/python2.7/dist-packages/elasticsearch/connection/base.py", line 125, in _raise_error
    raise HTTP_EXCEPTIONS.get(status_code, TransportError)(status_code, error_message, additional_info)
RequestError: TransportError(400, u'illegal_argument_exception', u'[script] unknown field [file], parser not found')

@adamjnichols
Copy link
Contributor

Looks like the ‘file’ key is now ‘source’, but that change has not been made in the fork you mention.

@r3dham
Copy link
Author

r3dham commented May 11, 2018
edited
Loading

@berggren ES 6.x removed file scripts itself.(elastic/elasticsearch#24627)
It means that coping painless scripts into the scripts directory doesn't work.

We need to use "Stored Script" with "id" parameter. https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting-using.html#modules-scripting-stored-scripts

Or embedded painless scripts with "source" parameter.

@berggren
Copy link
Contributor

Yeah, thanks for the heads-up. We will need to figure out a clean migration to 6.x without brake all 5.x users. Will take a look asap.

ptitdoc pushed a commit to ptitdoc/timesketch that referenced this issue May 28, 2018
Add support for Elasticsearch 6
0a83342 
Fix Issue google#575 (Elasticsearch 6 solution only)
@ptitdoc
Copy link

ptitdoc commented May 28, 2018

Please note that the commit attempt above only support Elasticsearch 6 using embedded painless scripts as suggested by @r3dham.
I currently use it as a workaround because I cannot install Elasticsearch 5.X.

@ptitdoc
Copy link

ptitdoc commented May 28, 2018

Side note: Elasticsearch version can probably retrieved from self.client.info(). How about using scripts embedded in code with a selection based on Elasticsearch version ?

I also noted that the histogram is only showing a single bar using this commit. I don't know yet if the commit is the cause.

@ptitdoc
Copy link

ptitdoc commented May 30, 2018

Also elasticsearch 6 now apparently requises specifying path:timesketch_label in nested querie. This is required for star or hidden queries.
However I managed to make star queries work several times before fixing this. I really dont understand why.

ptitdoc pushed a commit to ptitdoc/timesketch that referenced this issue Jun 8, 2018
Add support for Elasticsearch 6
39562d3 
Fix Issue google#575 (Elasticsearch 6 solution only)
ptitdoc pushed a commit to ptitdoc/timesketch that referenced this issue Jun 8, 2018
Restore support for Elasticsearch 5
5edc2fe 
Fix Issue google#575.

Elasticsearch 5 support by checking elasticsearch version through the client.

The selected solution is to run an embedded query using the right script language depending on the elasticsearch version.
@berggren berggren mentioned this issue Sep 24, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@berggren berggren

Labels
Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@berggren @r3dham @ptitdoc @adamjnichols @mari0d