From 7d572c66f4de561efb101de6f36cbbb8682a6e4e Mon Sep 17 00:00:00 2001 From: Surya Sashank Nistala Date: Thu, 18 Jan 2024 01:23:28 -0800 Subject: [PATCH] parse query string query to fetch only fields being queried by doc level queries Signed-off-by: Surya Sashank Nistala --- alerting/build.gradle | 8 +- .../org/opensearch/alerting/AlertingPlugin.kt | 18 ++- .../alerting/DocumentLevelMonitorRunner.kt | 44 +++++- .../QueryShardContextFactory.kt | 131 ++++++++++++++++ .../QueryStringQueryParserExt.kt | 56 +++++++ .../queryStringQuery/QueryStringQueryUtils.kt | 141 ++++++++++++++++++ .../alerting/util/DocLevelMonitorQueries.kt | 1 + .../alerting/MonitorDataSourcesIT.kt | 4 +- 8 files changed, 392 insertions(+), 11 deletions(-) create mode 100644 alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryShardContextFactory.kt create mode 100644 alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryStringQueryParserExt.kt create mode 100644 alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryStringQueryUtils.kt diff --git a/alerting/build.gradle b/alerting/build.gradle index efaff1b6f..bdbd06917 100644 --- a/alerting/build.gradle +++ b/alerting/build.gradle @@ -424,9 +424,9 @@ run { useCluster testClusters.integTest } -// Only apply jacoco test coverage if we are running a local single node cluster -if (!usingRemoteCluster && !usingMultiNode) { - apply from: '../build-tools/opensearchplugin-coverage.gradle' -} +//// Only apply jacoco test coverage if we are running a local single node cluster +//if (!usingRemoteCluster && !usingMultiNode) { +// apply from: '../build-tools/opensearchplugin-coverage.gradle' +//} apply from: '../build-tools/pkgbuild.gradle' diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/AlertingPlugin.kt b/alerting/src/main/kotlin/org/opensearch/alerting/AlertingPlugin.kt index 4f8e473d9..9ced25546 100644 --- a/alerting/src/main/kotlin/org/opensearch/alerting/AlertingPlugin.kt +++ b/alerting/src/main/kotlin/org/opensearch/alerting/AlertingPlugin.kt @@ -22,6 +22,7 @@ import org.opensearch.alerting.core.resthandler.RestScheduledJobStatsHandler import org.opensearch.alerting.core.schedule.JobScheduler import org.opensearch.alerting.core.settings.LegacyOpenDistroScheduledJobSettings import org.opensearch.alerting.core.settings.ScheduledJobSettings +import org.opensearch.alerting.queryStringQuery.QueryShardContextFactory import org.opensearch.alerting.resthandler.RestAcknowledgeAlertAction import org.opensearch.alerting.resthandler.RestAcknowledgeChainedAlertAction import org.opensearch.alerting.resthandler.RestDeleteMonitorAction @@ -285,8 +286,23 @@ internal class AlertingPlugin : PainlessExtension, ActionPlugin, ScriptPlugin, R ) DeleteMonitorService.initialize(client) + QueryShardContextFactory.init( + client, + clusterService, + scriptService, + xContentRegistry, + namedWriteableRegistry, + environment + ) - return listOf(sweeper, scheduler, runner, scheduledJobIndices, docLevelMonitorQueries, destinationMigrationCoordinator) + return listOf( + sweeper, + scheduler, + runner, + scheduledJobIndices, + docLevelMonitorQueries, + destinationMigrationCoordinator + ) } override fun getSettings(): List> { diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/DocumentLevelMonitorRunner.kt b/alerting/src/main/kotlin/org/opensearch/alerting/DocumentLevelMonitorRunner.kt index e5147a3e6..46aeebdbf 100644 --- a/alerting/src/main/kotlin/org/opensearch/alerting/DocumentLevelMonitorRunner.kt +++ b/alerting/src/main/kotlin/org/opensearch/alerting/DocumentLevelMonitorRunner.kt @@ -21,6 +21,7 @@ import org.opensearch.alerting.model.MonitorMetadata import org.opensearch.alerting.model.MonitorRunResult import org.opensearch.alerting.model.userErrorMessage import org.opensearch.alerting.opensearchapi.suspendUntil +import org.opensearch.alerting.queryStringQuery.QueryStringQueryUtils import org.opensearch.alerting.script.DocumentLevelTriggerExecutionContext import org.opensearch.alerting.settings.AlertingSettings.Companion.PERCOLATE_QUERY_DOCS_SIZE_MEMORY_PERCENTAGE_LIMIT import org.opensearch.alerting.settings.AlertingSettings.Companion.PERCOLATE_QUERY_MAX_NUM_DOCS_IN_MEMORY @@ -633,6 +634,12 @@ object DocumentLevelMonitorRunner : MonitorRunner() { monitorInputIndices: List, concreteIndices: List, ) { + val docLevelMonitorInput = monitor.inputs.get(0) as DocLevelMonitorInput + + val extractFieldsFromQueryString = QueryStringQueryUtils.extractFieldsFromQueries( + docLevelMonitorInput.queries, + concreteIndexName + ) val count: Int = docExecutionCtx.updatedLastRunContext["shards_count"] as Int for (i: Int in 0 until count) { val shard = i.toString() @@ -647,7 +654,8 @@ object DocumentLevelMonitorRunner : MonitorRunner() { prevSeqNo, maxSeqNo, null, - docIds + docIds, + extractFieldsFromQueryString ) transformedDocs.addAll( transformSearchHitsAndReconstructDocs( @@ -742,7 +750,8 @@ object DocumentLevelMonitorRunner : MonitorRunner() { prevSeqNo: Long?, maxSeqNo: Long, query: String?, - docIds: List? = null + docIds: List? = null, + fieldsToFetch: List, ): SearchHits { if (prevSeqNo?.equals(maxSeqNo) == true && maxSeqNo != 0L) { return SearchHits.empty() @@ -757,7 +766,6 @@ object DocumentLevelMonitorRunner : MonitorRunner() { if (!docIds.isNullOrEmpty()) { boolQueryBuilder.filter(QueryBuilders.termsQuery("_id", docIds)) } - val request: SearchRequest = SearchRequest() .indices(index) .preference("_shards:$shard") @@ -768,6 +776,14 @@ object DocumentLevelMonitorRunner : MonitorRunner() { .size(10000) // fixme: use scroll to ensure all docs are covered, when number of queryable docs are greater than 10k ) .preference(Preference.PRIMARY_FIRST.type()) + + if (fieldsToFetch.isNotEmpty()) { +// request.source().fetchSource(false) + // TODO enable fetchsource=false after checking what _source looks like while transforming hit for percolate + for (field in fieldsToFetch) { + request.source().fetchField(field) + } + } val response: SearchResponse = monitorCtx.client!!.suspendUntil { monitorCtx.client!!.search(request, it) } if (response.status() !== RestStatus.OK) { throw IOException("Failed to search shard: [$shard] in index [$index]. Response status is ${response.status()}") @@ -855,7 +871,16 @@ object DocumentLevelMonitorRunner : MonitorRunner() { ): List> { return hits.mapNotNull(fun(hit: SearchHit): Pair? { try { - val sourceMap = hit.sourceAsMap + val sourceMap = if (hit.hasSource()) { + constructSourceMapFromFieldsInHit(hit) + } else hit.sourceAsMap + if (sourceMap.isEmpty()) { + logger.debug( + "Doc level Monitor $monitorId:" + + " Doc $hit doesn't have source nor selected fields with values. Skipping doc" + ) + return null + } transformDocumentFieldNames( sourceMap, conflictingFields, @@ -875,6 +900,17 @@ object DocumentLevelMonitorRunner : MonitorRunner() { }) } + private fun constructSourceMapFromFieldsInHit(hit: SearchHit): MutableMap { + if (hit.fields == null) + return mutableMapOf() + val sourceMap: MutableMap = mutableMapOf() + for (field in hit.fields) { + if (field.value.values != null && field.value.values.isNotEmpty()) + sourceMap[field.key] = field.value.values + } + return sourceMap + } + /** * Traverses document fields in leaves recursively and appends [fieldNameSuffixIndex] to field names with same names * but different mappings & [fieldNameSuffixPattern] to field names which have unique names. diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryShardContextFactory.kt b/alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryShardContextFactory.kt new file mode 100644 index 000000000..f31f724d7 --- /dev/null +++ b/alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryShardContextFactory.kt @@ -0,0 +1,131 @@ +package org.opensearch.alerting.queryStringQuery + +import org.opensearch.Version +import org.opensearch.client.Client +import org.opensearch.cluster.metadata.IndexMetadata +import org.opensearch.cluster.service.ClusterService +import org.opensearch.common.regex.Regex +import org.opensearch.common.settings.IndexScopedSettings +import org.opensearch.common.settings.Settings +import org.opensearch.common.settings.SettingsModule +import org.opensearch.common.util.BigArrays +import org.opensearch.core.common.io.stream.NamedWriteableRegistry +import org.opensearch.core.index.Index +import org.opensearch.core.xcontent.NamedXContentRegistry +import org.opensearch.env.Environment +import org.opensearch.index.IndexSettings +import org.opensearch.index.mapper.MapperService +import org.opensearch.index.query.QueryShardContext +import org.opensearch.index.similarity.SimilarityService +import org.opensearch.indices.IndicesModule +import org.opensearch.indices.analysis.AnalysisModule +import org.opensearch.plugins.MapperPlugin +import org.opensearch.plugins.PluginsService +import org.opensearch.script.ScriptService +import java.time.Instant + +/** + * Creates QueryShardContext object which is used in QueryStringQuery rewrite. + * We need this because we have to use QueryStringQueryParser class which requires QueryShardContext as parameter + */ +object QueryShardContextFactory { + lateinit var client: Client + lateinit var clusterService: ClusterService + lateinit var scriptService: ScriptService + lateinit var xContentRegistry: NamedXContentRegistry + lateinit var namedWriteableRegistry: NamedWriteableRegistry + lateinit var environment: Environment + + @Suppress("LongParameterList") + fun init( + client: Client, + clusterService: ClusterService, + scriptService: ScriptService, + xContentRegistry: NamedXContentRegistry, + namedWriteableRegistry: NamedWriteableRegistry, + environment: Environment + ) { + this.client = client + this.clusterService = clusterService + this.scriptService = scriptService + this.xContentRegistry = xContentRegistry + this.namedWriteableRegistry = namedWriteableRegistry + this.environment = environment + } + + private fun getIndexSettingsAndMetadata(indexName: String?): Triple { + val index: Index? + val indexSettings: Settings? + val indexMetadata = clusterService.state().metadata.index(indexName) + ?: throw IllegalArgumentException("Can't find IndexMetadata for index: [$indexName]") + index = indexMetadata.index + indexSettings = indexMetadata.settings + return Triple(index, indexSettings, indexMetadata) + } + + fun createShardContext(indexName: String?): QueryShardContext { + val (index, indexSettings, indexMetadata) = getIndexSettingsAndMetadata(indexName) + val nodeSettings = Settings.builder() + .put("node.name", "dummyNodeName") + .put(Environment.PATH_HOME_SETTING.key, environment.tmpDir()) + .build() + val pluginsService = + PluginsService(nodeSettings, null, null, null, listOf()) + val additionalSettings = pluginsService.pluginSettings + val settingsModule = SettingsModule( + nodeSettings, + additionalSettings, + pluginsService.pluginSettingsFilter, emptySet() + ) + val indexScopedSettings: IndexScopedSettings = settingsModule.indexScopedSettings + val idxSettings = newIndexSettings(index, indexSettings, indexScopedSettings) + val indicesModule = IndicesModule(pluginsService.filterPlugins(MapperPlugin::class.java)) + val mapperRegistry = indicesModule.mapperRegistry + val analysisModule = AnalysisModule(environment, emptyList()) + val indexAnalyzers = analysisModule.analysisRegistry.build(idxSettings) + val similarityService = SimilarityService(idxSettings, null, emptyMap()) + val mapperService = MapperService( + idxSettings, + indexAnalyzers, + xContentRegistry, + similarityService, + mapperRegistry, + { createShardContext(null) }, + { false }, + scriptService + ) + // In order to be able to call toQuery method on QueryBuilder, we need to setup mappings in MapperService + mapperService.merge("_doc", indexMetadata?.mapping()?.source(), MapperService.MergeReason.MAPPING_UPDATE) + + return QueryShardContext( + 0, + idxSettings, + BigArrays.NON_RECYCLING_INSTANCE, + null, + null, + mapperService, + null, + scriptService, + xContentRegistry, + namedWriteableRegistry, + null, + null, + { Instant.now().toEpochMilli() }, + null, + { pattern -> Regex.simpleMatch(pattern, index?.name) }, + { true }, + null + ) + } + + private fun newIndexSettings(index: Index?, settings: Settings?, indexScopedSettings: IndexScopedSettings?): IndexSettings? { + val build = Settings.builder() + .put(IndexMetadata.SETTING_VERSION_CREATED, Version.CURRENT) + .put(IndexMetadata.SETTING_NUMBER_OF_REPLICAS, 1) + .put(IndexMetadata.SETTING_NUMBER_OF_SHARDS, 1) + .put(settings) + .build() + val metadata = IndexMetadata.builder(index?.name).settings(build).build() + return IndexSettings(metadata, Settings.EMPTY, indexScopedSettings) + } +} diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryStringQueryParserExt.kt b/alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryStringQueryParserExt.kt new file mode 100644 index 000000000..027e131f7 --- /dev/null +++ b/alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryStringQueryParserExt.kt @@ -0,0 +1,56 @@ +package org.opensearch.alerting.queryStringQuery + +import org.apache.lucene.search.Query +import org.opensearch.common.regex.Regex +import org.opensearch.index.query.QueryShardContext +import org.opensearch.index.search.QueryStringQueryParser + +const val EXISTS = "_exists_" + +class QueryStringQueryParserExt : QueryStringQueryParser { + + val discoveredFields = mutableListOf() + var hasLonelyTerms = false + + constructor(context: QueryShardContext?, lenient: Boolean) : super(context, lenient) + constructor(context: QueryShardContext?, defaultField: String, lenient: Boolean) : super(context, defaultField, lenient) + constructor(context: QueryShardContext, resolvedFields: Map, lenient: Boolean) : super(context, resolvedFields, lenient) + + override fun getFuzzyQuery(field: String?, termStr: String?, minSimilarity: Float): Query? { + handleFieldQueryDiscovered(field) + return super.getFuzzyQuery(field, termStr, minSimilarity) + } + override fun getPrefixQuery(field: String?, termStr: String?): Query { + handleFieldQueryDiscovered(field) + return super.getPrefixQuery(field, termStr) + } + override fun getFieldQuery(field: String?, queryText: String?, quoted: Boolean): Query { + handleFieldQueryDiscovered(field, queryText) + return super.getFieldQuery(field, queryText, quoted) + } + override fun getWildcardQuery(field: String?, termStr: String?): Query { + handleFieldQueryDiscovered(field) + return super.getWildcardQuery(field, termStr) + } + override fun getFieldQuery(field: String?, queryText: String?, slop: Int): Query { + handleFieldQueryDiscovered(field, queryText) + return super.getFieldQuery(field, queryText, slop) + } + override fun getRangeQuery(field: String?, part1: String?, part2: String?, startInclusive: Boolean, endInclusive: Boolean): Query { + handleFieldQueryDiscovered(field) + return super.getRangeQuery(field, part1, part2, startInclusive, endInclusive) + } + override fun getRegexpQuery(field: String?, termStr: String?): Query { + handleFieldQueryDiscovered(field) + return super.getRegexpQuery(field, termStr) + } + + private fun handleFieldQueryDiscovered(field: String?, queryText: String? = null) { + if (field == null || Regex.isSimpleMatchPattern(field)) { + hasLonelyTerms = true + } else { + if (field == EXISTS && queryText?.isNotEmpty() == true) discoveredFields.add(queryText) + else discoveredFields.add(field) + } + } +} diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryStringQueryUtils.kt b/alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryStringQueryUtils.kt new file mode 100644 index 000000000..ff6aaf39c --- /dev/null +++ b/alerting/src/main/kotlin/org/opensearch/alerting/queryStringQuery/QueryStringQueryUtils.kt @@ -0,0 +1,141 @@ +package org.opensearch.alerting.queryStringQuery + +import org.apache.logging.log4j.LogManager +import org.apache.lucene.queryparser.classic.ParseException +import org.apache.lucene.queryparser.classic.QueryParser +import org.opensearch.common.regex.Regex +import org.opensearch.common.xcontent.LoggingDeprecationHandler +import org.opensearch.commons.alerting.model.DocLevelQuery +import org.opensearch.index.analysis.NamedAnalyzer +import org.opensearch.index.query.QueryBuilder +import org.opensearch.index.query.QueryShardException +import org.opensearch.index.query.QueryStringQueryBuilder +import org.opensearch.index.query.support.QueryParsers +import org.opensearch.index.search.QueryParserHelper + +private val log = LogManager.getLogger(QueryStringQueryUtils::class.java) + +object QueryStringQueryUtils { + + @Suppress("ComplexMethod", "LongMethod", "ThrowsCount", "EmptyCatchBlock") + fun extractFieldsFromQueries(queryBuilder: QueryBuilder, concreteIndexName: String): List { + try { + val context = QueryShardContextFactory.createShardContext(concreteIndexName) + val qsqBuilder = queryBuilder as QueryStringQueryBuilder + val rewrittenQueryString = + if (qsqBuilder.escape()) QueryParser.escape(qsqBuilder.queryString()) else qsqBuilder.queryString() + val queryParser: QueryStringQueryParserExt + val isLenient: Boolean = + if (qsqBuilder.lenient() == null) context.queryStringLenient() else qsqBuilder.lenient() + if (qsqBuilder.defaultField() != null) { + if (Regex.isMatchAllPattern(qsqBuilder.defaultField())) { + queryParser = + QueryStringQueryParserExt(context, if (qsqBuilder.lenient() == null) true else qsqBuilder.lenient()) + } else if (Regex.isSimpleMatchPattern(qsqBuilder.defaultField())) { + queryParser = QueryStringQueryParserExt(context, qsqBuilder.defaultField(), isLenient) + } else { + queryParser = QueryStringQueryParserExt(context, qsqBuilder.defaultField(), isLenient) + } + } else if (qsqBuilder.fields().size > 0) { + val resolvedFields = QueryParserHelper.resolveMappingFields(context, qsqBuilder.fields()) + queryParser = if (QueryParserHelper.hasAllFieldsWildcard(qsqBuilder.fields().keys)) { + QueryStringQueryParserExt( + context, + resolvedFields, + if (qsqBuilder.lenient() == null) true else qsqBuilder.lenient() + ) + } else { + QueryStringQueryParserExt(context, resolvedFields, isLenient) + } + } else { + val defaultFields: List = context.defaultFields() + queryParser = if (QueryParserHelper.hasAllFieldsWildcard(defaultFields)) { + QueryStringQueryParserExt(context, if (qsqBuilder.lenient() == null) true else qsqBuilder.lenient()) + } else { + val resolvedFields = QueryParserHelper.resolveMappingFields( + context, + QueryParserHelper.parseFieldsAndWeights(defaultFields) + ) + QueryStringQueryParserExt(context, resolvedFields, isLenient) + } + } + + if (qsqBuilder.analyzer() != null) { + val namedAnalyzer: NamedAnalyzer = context.getIndexAnalyzers().get(qsqBuilder.analyzer()) + ?: throw QueryShardException(context, "[query_string] analyzer [$qsqBuilder.analyzer] not found") + queryParser.setForceAnalyzer(namedAnalyzer) + } + + if (qsqBuilder.quoteAnalyzer() != null) { + val forceQuoteAnalyzer: NamedAnalyzer = context.getIndexAnalyzers().get(qsqBuilder.quoteAnalyzer()) + ?: throw QueryShardException( + context, + "[query_string] quote_analyzer [$qsqBuilder.quoteAnalyzer] not found" + ) + queryParser.setForceQuoteAnalyzer(forceQuoteAnalyzer) + } + + queryParser.defaultOperator = qsqBuilder.defaultOperator().toQueryParserOperator() + // TODO can we extract this somehow? There's no getter for this + queryParser.setType(QueryStringQueryBuilder.DEFAULT_TYPE) + if (qsqBuilder.tieBreaker() != null) { + queryParser.setGroupTieBreaker(qsqBuilder.tieBreaker()) + } else { + queryParser.setGroupTieBreaker(QueryStringQueryBuilder.DEFAULT_TYPE.tieBreaker()) + } + queryParser.phraseSlop = qsqBuilder.phraseSlop() + queryParser.setQuoteFieldSuffix(qsqBuilder.quoteFieldSuffix()) + queryParser.allowLeadingWildcard = + if (qsqBuilder.allowLeadingWildcard() == null) context.queryStringAllowLeadingWildcard() + else qsqBuilder.allowLeadingWildcard() + queryParser.setAnalyzeWildcard( + if (qsqBuilder.analyzeWildcard() == null) context.queryStringAnalyzeWildcard() + else qsqBuilder.analyzeWildcard() + ) + queryParser.enablePositionIncrements = qsqBuilder.enablePositionIncrements() + queryParser.setFuzziness(qsqBuilder.fuzziness()) + queryParser.fuzzyPrefixLength = qsqBuilder.fuzzyPrefixLength() + queryParser.setFuzzyMaxExpansions(qsqBuilder.fuzzyMaxExpansions()) + queryParser.setFuzzyRewriteMethod( + QueryParsers.parseRewriteMethod( + qsqBuilder.fuzzyRewrite(), + LoggingDeprecationHandler.INSTANCE + ) + ) + queryParser.multiTermRewriteMethod = + QueryParsers.parseRewriteMethod(qsqBuilder.rewrite(), LoggingDeprecationHandler.INSTANCE) + queryParser.setTimeZone(qsqBuilder.timeZone()) + queryParser.determinizeWorkLimit = qsqBuilder.maxDeterminizedStates() + queryParser.autoGenerateMultiTermSynonymsPhraseQuery = qsqBuilder.autoGenerateSynonymsPhraseQuery() + queryParser.setFuzzyTranspositions(qsqBuilder.fuzzyTranspositions()) + + try { + queryParser.parse(rewrittenQueryString) + } catch (e: ParseException) { + throw IllegalArgumentException("Failed to parse query [" + qsqBuilder.queryString() + "]", e) + } + // Return discovered fields + return queryParser.discoveredFields + } catch (e: Exception) { + log.error( + "Failure in extracting fields from $queryBuilder for index $concreteIndexName", e + ) + return listOf() + } + } + + /* extracts fields mentioned in the doc level queries which are in queryStringQuery format. + if an empty list is returned we will query all fields as there would be possibly be a wildcard query which + queries all fields. + */ + fun extractFieldsFromQueries(queries: List, concreteIndexName: String): List { + val fields: MutableSet = mutableSetOf() + for (query in queries) { + val fieldsForQuery = extractFieldsFromQueries(QueryStringQueryBuilder(query.query), concreteIndexName) + if (fieldsForQuery.isEmpty()) // queries all fields + return emptyList() + fields.addAll(fieldsForQuery) + } + return fields.toList() + } +} diff --git a/alerting/src/main/kotlin/org/opensearch/alerting/util/DocLevelMonitorQueries.kt b/alerting/src/main/kotlin/org/opensearch/alerting/util/DocLevelMonitorQueries.kt index 42237853f..8eec90112 100644 --- a/alerting/src/main/kotlin/org/opensearch/alerting/util/DocLevelMonitorQueries.kt +++ b/alerting/src/main/kotlin/org/opensearch/alerting/util/DocLevelMonitorQueries.kt @@ -202,6 +202,7 @@ class DocLevelMonitorQueries(private val client: Client, private val clusterServ val docLevelMonitorInput = monitor.inputs[0] as DocLevelMonitorInput val queries: List = docLevelMonitorInput.queries + val query = queries.get(0) val indices = docLevelMonitorInput.indices val clusterState = clusterService.state() diff --git a/alerting/src/test/kotlin/org/opensearch/alerting/MonitorDataSourcesIT.kt b/alerting/src/test/kotlin/org/opensearch/alerting/MonitorDataSourcesIT.kt index 2a3527dd1..2848ceebc 100644 --- a/alerting/src/test/kotlin/org/opensearch/alerting/MonitorDataSourcesIT.kt +++ b/alerting/src/test/kotlin/org/opensearch/alerting/MonitorDataSourcesIT.kt @@ -370,7 +370,7 @@ class MonitorDataSourcesIT : AlertingSingleNodeTestCase() { val q1 = DocLevelQuery(query = "source.ip.v6.v1:12345", name = "3", fields = listOf()) val q2 = DocLevelQuery(query = "source.ip.v6.v2:16645", name = "4", fields = listOf()) val q3 = DocLevelQuery(query = "source.ip.v4.v0:120", name = "5", fields = listOf()) - val q4 = DocLevelQuery(query = "alias.some.fff:\"us-west-2\"", name = "6", fields = listOf()) + val q4 = DocLevelQuery(query = "fff:\"us-west-2\"", name = "6", fields = listOf()) val q5 = DocLevelQuery(query = "message:\"This is an error from IAD region\"", name = "7", fields = listOf()) val q6 = DocLevelQuery(query = "f1.type.f4:\"hello\"", name = "8", fields = listOf()) val q7 = DocLevelQuery(query = "f1.type.f2.f3:\"world\"", name = "9", fields = listOf()) @@ -413,7 +413,7 @@ class MonitorDataSourcesIT : AlertingSingleNodeTestCase() { }""" indexDoc(index, "1", testDoc) client().admin().indices().putMapping( - PutMappingRequest(index).source("alias.some.fff", "type=alias,path=test_field.some_other_field") + PutMappingRequest(index).source("fff", "type=alias,path=test_field.some_other_field") ) val mappings = "{\"properties\":{\"type\":{\"type\":\"text\",\"fields\":{\"keyword\":{\"type\":\"keyword\"," + "\"ignore_above\":256}}},\"query\":{\"type\":\"text\"}}}"