+ * @param request the request to delete the job
+ * @param options Additional request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+ * @return action acknowledgement
+ * @throws IOException when there is a serialization issue sending the request or receiving the response
+ */
+ public DeleteJobResponse deleteJob(DeleteJobRequest request, RequestOptions options) throws IOException {
+ return restHighLevelClient.performRequestAndParseEntity(request,
+ RequestConverters::deleteMachineLearningJob,
+ options,
+ DeleteJobResponse::fromXContent,
+ Collections.emptySet());
+ }
+
+ /**
+ * Deletes the given Machine Learning Job asynchronously and notifies the listener on completion
+ *
+ * @param request the request to delete the job
+ * @param options Additional request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+ * @param listener Listener to be notified upon request completion
+ */
+ public void deleteJobAsync(DeleteJobRequest request, RequestOptions options, ActionListener listener) {
+ restHighLevelClient.performRequestAsyncAndParseEntity(request,
+ RequestConverters::deleteMachineLearningJob,
+ options,
+ DeleteJobResponse::fromXContent,
+ listener,
+ Collections.emptySet());
+ }
+
+ /**
+ * Opens a Machine Learning Job.
+ * When you open a new job, it starts with an empty model.
+ *
+ * When you open an existing job, the most recent model state is automatically loaded.
+ * The job is ready to resume its analysis from where it left off, once new data is received.
+ *
+ *
+ * For additional info
+ * see
+ *
+ * @param request request containing job_id and additional optional options
+ * @param options Additional request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+ * @return response containing if the job was successfully opened or not.
+ * @throws IOException when there is a serialization issue sending the request or receiving the response
+ */
+ public OpenJobResponse openJob(OpenJobRequest request, RequestOptions options) throws IOException {
+ return restHighLevelClient.performRequestAndParseEntity(request,
+ RequestConverters::machineLearningOpenJob,
+ options,
+ OpenJobResponse::fromXContent,
+ Collections.emptySet());
+ }
+
+ /**
+ * Opens a Machine Learning Job asynchronously, notifies listener on completion.
+ * When you open a new job, it starts with an empty model.
+ *
+ * When you open an existing job, the most recent model state is automatically loaded.
+ * The job is ready to resume its analysis from where it left off, once new data is received.
+ *
+ * For additional info
+ * see
+ *
+ * @param request request containing job_id and additional optional options
+ * @param options Additional request options (e.g. headers), use {@link RequestOptions#DEFAULT} if nothing needs to be customized
+ * @param listener Listener to be notified upon request completion
+ */
+ public void openJobAsync(OpenJobRequest request, RequestOptions options, ActionListener listener) {
+ restHighLevelClient.performRequestAsyncAndParseEntity(request,
+ RequestConverters::machineLearningOpenJob,
+ options,
+ OpenJobResponse::fromXContent,
+ listener,
+ Collections.emptySet());
+ }
}
diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/RequestConverters.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/RequestConverters.java
index 45c70593fe826..c40b4893e0146 100644
--- a/client/rest-high-level/src/main/java/org/elasticsearch/client/RequestConverters.java
+++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/RequestConverters.java
@@ -112,6 +112,8 @@
import org.elasticsearch.protocol.xpack.license.GetLicenseRequest;
import org.elasticsearch.protocol.xpack.license.PutLicenseRequest;
import org.elasticsearch.protocol.xpack.migration.IndexUpgradeInfoRequest;
+import org.elasticsearch.protocol.xpack.ml.DeleteJobRequest;
+import org.elasticsearch.protocol.xpack.ml.OpenJobRequest;
import org.elasticsearch.protocol.xpack.ml.PutJobRequest;
import org.elasticsearch.protocol.xpack.watcher.DeleteWatchRequest;
import org.elasticsearch.protocol.xpack.watcher.PutWatchRequest;
@@ -1210,6 +1212,34 @@ static Request putMachineLearningJob(PutJobRequest putJobRequest) throws IOExcep
return request;
}
+ static Request deleteMachineLearningJob(DeleteJobRequest deleteJobRequest) {
+ String endpoint = new EndpointBuilder()
+ .addPathPartAsIs("_xpack")
+ .addPathPartAsIs("ml")
+ .addPathPartAsIs("anomaly_detectors")
+ .addPathPart(deleteJobRequest.getJobId())
+ .build();
+ Request request = new Request(HttpDelete.METHOD_NAME, endpoint);
+
+ Params params = new Params(request);
+ params.putParam("force", Boolean.toString(deleteJobRequest.isForce()));
+
+ return request;
+ }
+
+ static Request machineLearningOpenJob(OpenJobRequest openJobRequest) throws IOException {
+ String endpoint = new EndpointBuilder()
+ .addPathPartAsIs("_xpack")
+ .addPathPartAsIs("ml")
+ .addPathPartAsIs("anomaly_detectors")
+ .addPathPart(openJobRequest.getJobId())
+ .addPathPartAsIs("_open")
+ .build();
+ Request request = new Request(HttpPost.METHOD_NAME, endpoint);
+ request.setJsonEntity(openJobRequest.toString());
+ return request;
+ }
+
static Request getMigrationAssistance(IndexUpgradeInfoRequest indexUpgradeInfoRequest) {
EndpointBuilder endpointBuilder = new EndpointBuilder()
.addPathPartAsIs("_xpack/migration/assistance")
diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/MachineLearningIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/MachineLearningIT.java
index f86eb5b5dca87..0037460150f1a 100644
--- a/client/rest-high-level/src/test/java/org/elasticsearch/client/MachineLearningIT.java
+++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/MachineLearningIT.java
@@ -20,6 +20,10 @@
import com.carrotsearch.randomizedtesting.generators.CodepointSetGenerator;
import org.elasticsearch.common.unit.TimeValue;
+import org.elasticsearch.protocol.xpack.ml.DeleteJobRequest;
+import org.elasticsearch.protocol.xpack.ml.DeleteJobResponse;
+import org.elasticsearch.protocol.xpack.ml.OpenJobRequest;
+import org.elasticsearch.protocol.xpack.ml.OpenJobResponse;
import org.elasticsearch.protocol.xpack.ml.PutJobRequest;
import org.elasticsearch.protocol.xpack.ml.PutJobResponse;
import org.elasticsearch.protocol.xpack.ml.job.config.AnalysisConfig;
@@ -46,12 +50,37 @@ public void testPutJob() throws Exception {
assertThat(createdJob.getJobType(), is(Job.ANOMALY_DETECTOR_JOB_TYPE));
}
+ public void testDeleteJob() throws Exception {
+ String jobId = randomValidJobId();
+ Job job = buildJob(jobId);
+ MachineLearningClient machineLearningClient = highLevelClient().machineLearning();
+ machineLearningClient.putJob(new PutJobRequest(job), RequestOptions.DEFAULT);
+
+ DeleteJobResponse response = execute(new DeleteJobRequest(jobId),
+ machineLearningClient::deleteJob,
+ machineLearningClient::deleteJobAsync);
+
+ assertTrue(response.isAcknowledged());
+ }
+
+ public void testOpenJob() throws Exception {
+ String jobId = randomValidJobId();
+ Job job = buildJob(jobId);
+ MachineLearningClient machineLearningClient = highLevelClient().machineLearning();
+
+ machineLearningClient.putJob(new PutJobRequest(job), RequestOptions.DEFAULT);
+
+ OpenJobResponse response = execute(new OpenJobRequest(jobId), machineLearningClient::openJob, machineLearningClient::openJobAsync);
+
+ assertTrue(response.isOpened());
+ }
+
public static String randomValidJobId() {
CodepointSetGenerator generator = new CodepointSetGenerator("abcdefghijklmnopqrstuvwxyz0123456789".toCharArray());
return generator.ofCodePointsLength(random(), 10, 10);
}
- private static Job buildJob(String jobId) {
+ public static Job buildJob(String jobId) {
Job.Builder builder = new Job.Builder(jobId);
builder.setDescription(randomAlphaOfLength(10));
diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/RequestConvertersTests.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/RequestConvertersTests.java
index 47195f0bb2aba..786cb94f8926d 100644
--- a/client/rest-high-level/src/test/java/org/elasticsearch/client/RequestConvertersTests.java
+++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/RequestConvertersTests.java
@@ -127,6 +127,8 @@
import org.elasticsearch.index.rankeval.RestRankEvalAction;
import org.elasticsearch.protocol.xpack.XPackInfoRequest;
import org.elasticsearch.protocol.xpack.migration.IndexUpgradeInfoRequest;
+import org.elasticsearch.protocol.xpack.ml.DeleteJobRequest;
+import org.elasticsearch.protocol.xpack.ml.OpenJobRequest;
import org.elasticsearch.protocol.xpack.watcher.DeleteWatchRequest;
import org.elasticsearch.protocol.xpack.watcher.PutWatchRequest;
import org.elasticsearch.repositories.fs.FsRepository;
@@ -2610,6 +2612,33 @@ public void testXPackDeleteWatch() {
assertThat(request.getEntity(), nullValue());
}
+ public void testDeleteMachineLearningJob() {
+ String jobId = randomAlphaOfLength(10);
+ DeleteJobRequest deleteJobRequest = new DeleteJobRequest(jobId);
+
+ Request request = RequestConverters.deleteMachineLearningJob(deleteJobRequest);
+ assertEquals(HttpDelete.METHOD_NAME, request.getMethod());
+ assertEquals("/_xpack/ml/anomaly_detectors/" + jobId, request.getEndpoint());
+ assertEquals(Boolean.toString(false), request.getParameters().get("force"));
+
+ deleteJobRequest.setForce(true);
+ request = RequestConverters.deleteMachineLearningJob(deleteJobRequest);
+ assertEquals(Boolean.toString(true), request.getParameters().get("force"));
+ }
+
+ public void testPostMachineLearningOpenJob() throws Exception {
+ String jobId = "some-job-id";
+ OpenJobRequest openJobRequest = new OpenJobRequest(jobId);
+ openJobRequest.setTimeout(TimeValue.timeValueMinutes(10));
+
+ Request request = RequestConverters.machineLearningOpenJob(openJobRequest);
+ assertEquals(HttpPost.METHOD_NAME, request.getMethod());
+ assertEquals("/_xpack/ml/anomaly_detectors/" + jobId + "/_open", request.getEndpoint());
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ request.getEntity().writeTo(bos);
+ assertEquals(bos.toString("UTF-8"), "{\"job_id\":\""+ jobId +"\",\"timeout\":\"10m\"}");
+ }
+
/**
* Randomize the {@link FetchSourceContext} request parameters.
*/
diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/MlClientDocumentationIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/MlClientDocumentationIT.java
index 97bee81393864..a77d8b43e5737 100644
--- a/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/MlClientDocumentationIT.java
+++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/MlClientDocumentationIT.java
@@ -21,9 +21,14 @@
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.LatchedActionListener;
import org.elasticsearch.client.ESRestHighLevelClientTestCase;
+import org.elasticsearch.client.MachineLearningIT;
import org.elasticsearch.client.RequestOptions;
import org.elasticsearch.client.RestHighLevelClient;
import org.elasticsearch.common.unit.TimeValue;
+import org.elasticsearch.protocol.xpack.ml.DeleteJobRequest;
+import org.elasticsearch.protocol.xpack.ml.DeleteJobResponse;
+import org.elasticsearch.protocol.xpack.ml.OpenJobRequest;
+import org.elasticsearch.protocol.xpack.ml.OpenJobResponse;
import org.elasticsearch.protocol.xpack.ml.PutJobRequest;
import org.elasticsearch.protocol.xpack.ml.PutJobResponse;
import org.elasticsearch.protocol.xpack.ml.job.config.AnalysisConfig;
@@ -118,4 +123,102 @@ public void onFailure(Exception e) {
assertTrue(latch.await(30L, TimeUnit.SECONDS));
}
}
+
+ public void testDeleteJob() throws Exception {
+ RestHighLevelClient client = highLevelClient();
+
+ String jobId = "my-first-machine-learning-job";
+
+ Job job = MachineLearningIT.buildJob(jobId);
+ client.machineLearning().putJob(new PutJobRequest(job), RequestOptions.DEFAULT);
+
+ Job secondJob = MachineLearningIT.buildJob("my-second-machine-learning-job");
+ client.machineLearning().putJob(new PutJobRequest(secondJob), RequestOptions.DEFAULT);
+
+ {
+ //tag::x-pack-delete-ml-job-request
+ DeleteJobRequest deleteJobRequest = new DeleteJobRequest("my-first-machine-learning-job");
+ deleteJobRequest.setForce(false); //<1>
+ DeleteJobResponse deleteJobResponse = client.machineLearning().deleteJob(deleteJobRequest, RequestOptions.DEFAULT);
+ //end::x-pack-delete-ml-job-request
+
+ //tag::x-pack-delete-ml-job-response
+ boolean isAcknowledged = deleteJobResponse.isAcknowledged(); //<1>
+ //end::x-pack-delete-ml-job-response
+ }
+ {
+ //tag::x-pack-delete-ml-job-request-listener
+ ActionListener listener = new ActionListener() {
+ @Override
+ public void onResponse(DeleteJobResponse deleteJobResponse) {
+ // <1>
+ }
+
+ @Override
+ public void onFailure(Exception e) {
+ // <2>
+ }
+ };
+ //end::x-pack-delete-ml-job-request-listener
+
+ // Replace the empty listener by a blocking listener in test
+ final CountDownLatch latch = new CountDownLatch(1);
+ listener = new LatchedActionListener<>(listener, latch);
+
+ //tag::x-pack-delete-ml-job-request-async
+ DeleteJobRequest deleteJobRequest = new DeleteJobRequest("my-second-machine-learning-job");
+ client.machineLearning().deleteJobAsync(deleteJobRequest, RequestOptions.DEFAULT, listener); // <1>
+ //end::x-pack-delete-ml-job-request-async
+
+ assertTrue(latch.await(30L, TimeUnit.SECONDS));
+ }
+ }
+
+ public void testOpenJob() throws Exception {
+ RestHighLevelClient client = highLevelClient();
+
+ Job job = MachineLearningIT.buildJob("opening-my-first-machine-learning-job");
+ client.machineLearning().putJob(new PutJobRequest(job), RequestOptions.DEFAULT);
+
+ Job secondJob = MachineLearningIT.buildJob("opening-my-second-machine-learning-job");
+ client.machineLearning().putJob(new PutJobRequest(secondJob), RequestOptions.DEFAULT);
+
+ {
+ //tag::x-pack-ml-open-job-request
+ OpenJobRequest openJobRequest = new OpenJobRequest("opening-my-first-machine-learning-job"); //<1>
+ openJobRequest.setTimeout(TimeValue.timeValueMinutes(10)); //<2>
+ //end::x-pack-ml-open-job-request
+
+ //tag::x-pack-ml-open-job-execute
+ OpenJobResponse openJobResponse = client.machineLearning().openJob(openJobRequest, RequestOptions.DEFAULT);
+ boolean isOpened = openJobResponse.isOpened(); //<1>
+ //end::x-pack-ml-open-job-execute
+
+ }
+ {
+ //tag::x-pack-ml-open-job-listener
+ ActionListener listener = new ActionListener() {
+ @Override
+ public void onResponse(OpenJobResponse openJobResponse) {
+ //<1>
+ }
+
+ @Override
+ public void onFailure(Exception e) {
+ // <2>
+ }
+ };
+ //end::x-pack-ml-open-job-listener
+ OpenJobRequest openJobRequest = new OpenJobRequest("opening-my-second-machine-learning-job");
+ // Replace the empty listener by a blocking listener in test
+ final CountDownLatch latch = new CountDownLatch(1);
+ listener = new LatchedActionListener<>(listener, latch);
+
+ // tag::x-pack-ml-open-job-execute-async
+ client.machineLearning().openJobAsync(openJobRequest, RequestOptions.DEFAULT, listener); //<1>
+ // end::x-pack-ml-open-job-execute-async
+
+ assertTrue(latch.await(30L, TimeUnit.SECONDS));
+ }
+ }
}
diff --git a/docs/java-rest/high-level/ml/delete-job.asciidoc b/docs/java-rest/high-level/ml/delete-job.asciidoc
new file mode 100644
index 0000000000000..44a6a47940955
--- /dev/null
+++ b/docs/java-rest/high-level/ml/delete-job.asciidoc
@@ -0,0 +1,49 @@
+[[java-rest-high-x-pack-ml-delete-job]]
+=== Delete Job API
+
+[[java-rest-high-x-pack-machine-learning-delete-job-request]]
+==== Delete Job Request
+
+A `DeleteJobRequest` object requires a non-null `jobId` and can optionally set `force`.
+Can be executed as follows:
+
+["source","java",subs="attributes,callouts,macros"]
+---------------------------------------------------
+include-tagged::{doc-tests}/MlClientDocumentationIT.java[x-pack-delete-ml-job-request]
+---------------------------------------------------
+<1> Use to forcefully delete an opened job;
+this method is quicker than closing and deleting the job.
+Defaults to `false`
+
+[[java-rest-high-x-pack-machine-learning-delete-job-response]]
+==== Delete Job Response
+
+The returned `DeleteJobResponse` object indicates the acknowledgement of the request:
+["source","java",subs="attributes,callouts,macros"]
+---------------------------------------------------
+include-tagged::{doc-tests}/MlClientDocumentationIT.java[x-pack-delete-ml-job-response]
+---------------------------------------------------
+<1> `isAcknowledged` was the deletion request acknowledged or not
+
+[[java-rest-high-x-pack-machine-learning-delete-job-async]]
+==== Delete Job Asynchronously
+
+This request can also be made asynchronously.
+["source","java",subs="attributes,callouts,macros"]
+---------------------------------------------------
+include-tagged::{doc-tests}/MlClientDocumentationIT.java[x-pack-delete-ml-job-request-async]
+---------------------------------------------------
+<1> The `DeleteJobRequest` to execute and the `ActionListener` to alert on completion or error.
+
+The deletion request returns immediately. Once the request is completed, the `ActionListener` is
+called back using the `onResponse` or `onFailure`. The latter indicates some failure occurred when
+making the request.
+
+A typical listener for a `DeleteJobRequest` could be defined as follows:
+
+["source","java",subs="attributes,callouts,macros"]
+---------------------------------------------------
+include-tagged::{doc-tests}/MlClientDocumentationIT.java[x-pack-delete-ml-job-request-listener]
+---------------------------------------------------
+<1> The action to be taken when it is completed
+<2> What to do when a failure occurs
diff --git a/docs/java-rest/high-level/ml/open-job.asciidoc b/docs/java-rest/high-level/ml/open-job.asciidoc
new file mode 100644
index 0000000000000..ad575121818bc
--- /dev/null
+++ b/docs/java-rest/high-level/ml/open-job.asciidoc
@@ -0,0 +1,55 @@
+[[java-rest-high-x-pack-ml-open-job]]
+=== Open Job API
+
+The Open Job API provides the ability to open {ml} jobs in the cluster.
+It accepts a `OpenJobRequest` object and responds
+with a `OpenJobResponse` object.
+
+[[java-rest-high-x-pack-ml-open-job-request]]
+==== Open Job Request
+
+An `OpenJobRequest` object gets created with an existing non-null `jobId`.
+
+["source","java",subs="attributes,callouts,macros"]
+--------------------------------------------------
+include-tagged::{doc-tests}/MlClientDocumentationIT.java[x-pack-ml-open-job-request]
+--------------------------------------------------
+<1> Constructing a new request referencing an existing `jobId`
+<2> Optionally setting the `timeout` value for how long the
+execution should wait for the job to be opened.
+
+[[java-rest-high-x-pack-ml-open-job-execution]]
+==== Execution
+
+The request can be executed through the `MachineLearningClient` contained
+in the `RestHighLevelClient` object, accessed via the `machineLearningClient()` method.
+
+["source","java",subs="attributes,callouts,macros"]
+--------------------------------------------------
+include-tagged::{doc-tests}/MlClientDocumentationIT.java[x-pack-ml-open-job-execute]
+--------------------------------------------------
+<1> `isOpened()` from the `OpenJobResponse` indicates if the job was successfully
+opened or not.
+
+[[java-rest-high-x-pack-ml-open-job-execution-async]]
+==== Asynchronous Execution
+
+The request can also be executed asynchronously:
+
+["source","java",subs="attributes,callouts,macros"]
+--------------------------------------------------
+include-tagged::{doc-tests}/MlClientDocumentationIT.java[x-pack-ml-open-job-execute-async]
+--------------------------------------------------
+<1> The `OpenJobRequest` to execute and the `ActionListener` to use when
+the execution completes
+
+The method does not block and returns immediately. The passed `ActionListener` is used
+to notify the caller of completion. A typical `ActionListner` for `OpenJobResponse` may
+look like
+
+["source","java",subs="attributes,callouts,macros"]
+--------------------------------------------------
+include-tagged::{doc-tests}/MlClientDocumentationIT.java[x-pack-ml-open-job-listener]
+--------------------------------------------------
+<1> `onResponse` is called back when the action is completed successfully
+<2> `onFailure` is called back when some unexpected error occurs
diff --git a/docs/java-rest/high-level/ml/put_job.asciidoc b/docs/java-rest/high-level/ml/put-job.asciidoc
similarity index 100%
rename from docs/java-rest/high-level/ml/put_job.asciidoc
rename to docs/java-rest/high-level/ml/put-job.asciidoc
diff --git a/docs/java-rest/high-level/supported-apis.asciidoc b/docs/java-rest/high-level/supported-apis.asciidoc
index 808546f2c279c..6bcb736243a7c 100644
--- a/docs/java-rest/high-level/supported-apis.asciidoc
+++ b/docs/java-rest/high-level/supported-apis.asciidoc
@@ -205,8 +205,12 @@ include::licensing/delete-license.asciidoc[]
The Java High Level REST Client supports the following Machine Learning APIs:
* <>
+* <>
+* <>
-include::ml/put_job.asciidoc[]
+include::ml/put-job.asciidoc[]
+include::ml/delete-job.asciidoc[]
+include::ml/open-job.asciidoc[]
== Migration APIs
diff --git a/docs/plugins/integrations.asciidoc b/docs/plugins/integrations.asciidoc
index 90f2c685fdaeb..8bffe5193ed7b 100644
--- a/docs/plugins/integrations.asciidoc
+++ b/docs/plugins/integrations.asciidoc
@@ -17,14 +17,11 @@ Integrations are not plugins, but are external tools or modules that make it eas
* https://drupal.org/project/elasticsearch_connector[Drupal]:
Drupal Elasticsearch integration.
-* https://wordpress.org/plugins/wpsolr-search-engine/[WPSOLR]:
- Elasticsearch (and Apache Solr) WordPress Plugin
-
-* http://searchbox-io.github.com/wp-elasticsearch/[Wp-Elasticsearch]:
+* https://wordpress.org/plugins/elasticpress/[ElasticPress]:
Elasticsearch WordPress Plugin
-* https://github.com/wallmanderco/elasticsearch-indexer[Elasticsearch Indexer]:
- Elasticsearch WordPress Plugin
+* https://wordpress.org/plugins/wpsolr-search-engine/[WPSOLR]:
+ Elasticsearch (and Apache Solr) WordPress Plugin
* https://doc.tiki.org/Elasticsearch[Tiki Wiki CMS Groupware]:
Tiki has native support for Elasticsearch. This provides faster & better
diff --git a/docs/reference/search/request-body.asciidoc b/docs/reference/search/request-body.asciidoc
index 2a51d705d83ec..e7c9b593af372 100644
--- a/docs/reference/search/request-body.asciidoc
+++ b/docs/reference/search/request-body.asciidoc
@@ -90,7 +90,8 @@ And here is a sample response:
Set to `false` to return an overall failure if the request would produce partial
results. Defaults to true, which will allow partial results in the case of timeouts
- or partial failures.
+ or partial failures. This default can be controlled using the cluster-level setting
+ `search.default_allow_partial_results`.
`terminate_after`::
diff --git a/docs/reference/search/uri-request.asciidoc b/docs/reference/search/uri-request.asciidoc
index a90f32bb3cd36..279bc0c0384c1 100644
--- a/docs/reference/search/uri-request.asciidoc
+++ b/docs/reference/search/uri-request.asciidoc
@@ -125,5 +125,6 @@ more details on the different types of search that can be performed.
|`allow_partial_search_results` |Set to `false` to return an overall failure if the request would produce
partial results. Defaults to true, which will allow partial results in the case of timeouts
-or partial failures..
+or partial failures. This default can be controlled using the cluster-level setting
+`search.default_allow_partial_results`.
|=======================================================================
diff --git a/docs/reference/setup/important-settings/heap-dump-path.asciidoc b/docs/reference/setup/important-settings/heap-dump-path.asciidoc
index b0d301b21d0b8..fb8c7ff35f0d0 100644
--- a/docs/reference/setup/important-settings/heap-dump-path.asciidoc
+++ b/docs/reference/setup/important-settings/heap-dump-path.asciidoc
@@ -8,8 +8,8 @@ distributions, and the `data` directory under the root of the
Elasticsearch installation for the <> archive
distributions). If this path is not suitable for receiving heap dumps,
you should modify the entry `-XX:HeapDumpPath=...` in
-<>. If you specify a fixed filename instead
-of a directory, the JVM will repeatedly use the same file; this is one
-mechanism for preventing heap dumps from accumulating in the heap dump
-path. Alternatively, you can configure a scheduled task via your OS to
-remove heap dumps that are older than a configured age.
+<>. If you specify a directory, the JVM
+will generate a filename for the heap dump based on the PID of the running
+instance. If you specify a fixed filename instead of a directory, the file must
+not exist when the JVM needs to perform a heap dump on an out of memory
+exception, otherwise the heap dump will fail.
diff --git a/docs/reference/setup/important-settings/network-host.asciidoc b/docs/reference/setup/important-settings/network-host.asciidoc
index 7e29e73123d8d..1788bfebc66b5 100644
--- a/docs/reference/setup/important-settings/network-host.asciidoc
+++ b/docs/reference/setup/important-settings/network-host.asciidoc
@@ -9,7 +9,7 @@ location on a single node. This can be useful for testing Elasticsearch's
ability to form clusters, but it is not a configuration recommended for
production.
-In order to communicate and to form a cluster with nodes on other servers, your
+In order to form a cluster with nodes on other servers, your
node will need to bind to a non-loopback address. While there are many
<>, usually all you need to configure is
`network.host`:
diff --git a/libs/core/src/main/java/org/elasticsearch/common/CharArrays.java b/libs/core/src/main/java/org/elasticsearch/common/CharArrays.java
new file mode 100644
index 0000000000000..907874ca5735b
--- /dev/null
+++ b/libs/core/src/main/java/org/elasticsearch/common/CharArrays.java
@@ -0,0 +1,150 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.common;
+
+import java.nio.ByteBuffer;
+import java.nio.CharBuffer;
+import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.Objects;
+
+/**
+ * Helper class similar to Arrays to handle conversions for Char arrays
+ */
+public final class CharArrays {
+
+ private CharArrays() {}
+
+ /**
+ * Decodes the provided byte[] to a UTF-8 char[]. This is done while avoiding
+ * conversions to String. The provided byte[] is not modified by this method, so
+ * the caller needs to take care of clearing the value if it is sensitive.
+ */
+ public static char[] utf8BytesToChars(byte[] utf8Bytes) {
+ final ByteBuffer byteBuffer = ByteBuffer.wrap(utf8Bytes);
+ final CharBuffer charBuffer = StandardCharsets.UTF_8.decode(byteBuffer);
+ final char[] chars;
+ if (charBuffer.hasArray()) {
+ // there is no guarantee that the char buffers backing array is the right size
+ // so we need to make a copy
+ chars = Arrays.copyOfRange(charBuffer.array(), charBuffer.position(), charBuffer.limit());
+ Arrays.fill(charBuffer.array(), (char) 0); // clear sensitive data
+ } else {
+ final int length = charBuffer.limit() - charBuffer.position();
+ chars = new char[length];
+ charBuffer.get(chars);
+ // if the buffer is not read only we can reset and fill with 0's
+ if (charBuffer.isReadOnly() == false) {
+ charBuffer.clear(); // reset
+ for (int i = 0; i < charBuffer.limit(); i++) {
+ charBuffer.put((char) 0);
+ }
+ }
+ }
+ return chars;
+ }
+
+ /**
+ * Encodes the provided char[] to a UTF-8 byte[]. This is done while avoiding
+ * conversions to String. The provided char[] is not modified by this method, so
+ * the caller needs to take care of clearing the value if it is sensitive.
+ */
+ public static byte[] toUtf8Bytes(char[] chars) {
+ final CharBuffer charBuffer = CharBuffer.wrap(chars);
+ final ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer);
+ final byte[] bytes;
+ if (byteBuffer.hasArray()) {
+ // there is no guarantee that the byte buffers backing array is the right size
+ // so we need to make a copy
+ bytes = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit());
+ Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
+ } else {
+ final int length = byteBuffer.limit() - byteBuffer.position();
+ bytes = new byte[length];
+ byteBuffer.get(bytes);
+ // if the buffer is not read only we can reset and fill with 0's
+ if (byteBuffer.isReadOnly() == false) {
+ byteBuffer.clear(); // reset
+ for (int i = 0; i < byteBuffer.limit(); i++) {
+ byteBuffer.put((byte) 0);
+ }
+ }
+ }
+ return bytes;
+ }
+
+ /**
+ * Tests if a char[] contains a sequence of characters that match the prefix. This is like
+ * {@link String#startsWith(String)} but does not require conversion of the char[] to a string.
+ */
+ public static boolean charsBeginsWith(String prefix, char[] chars) {
+ if (chars == null || prefix == null) {
+ return false;
+ }
+
+ if (prefix.length() > chars.length) {
+ return false;
+ }
+
+ for (int i = 0; i < prefix.length(); i++) {
+ if (chars[i] != prefix.charAt(i)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * Constant time equality check of char arrays to avoid potential timing attacks.
+ */
+ public static boolean constantTimeEquals(char[] a, char[] b) {
+ Objects.requireNonNull(a, "char arrays must not be null for constantTimeEquals");
+ Objects.requireNonNull(b, "char arrays must not be null for constantTimeEquals");
+ if (a.length != b.length) {
+ return false;
+ }
+
+ int equals = 0;
+ for (int i = 0; i < a.length; i++) {
+ equals |= a[i] ^ b[i];
+ }
+
+ return equals == 0;
+ }
+
+ /**
+ * Constant time equality check of strings to avoid potential timing attacks.
+ */
+ public static boolean constantTimeEquals(String a, String b) {
+ Objects.requireNonNull(a, "strings must not be null for constantTimeEquals");
+ Objects.requireNonNull(b, "strings must not be null for constantTimeEquals");
+ if (a.length() != b.length()) {
+ return false;
+ }
+
+ int equals = 0;
+ for (int i = 0; i < a.length(); i++) {
+ equals |= a.charAt(i) ^ b.charAt(i);
+ }
+
+ return equals == 0;
+ }
+}
diff --git a/libs/core/src/test/java/org/elasticsearch/common/CharArraysTests.java b/libs/core/src/test/java/org/elasticsearch/common/CharArraysTests.java
new file mode 100644
index 0000000000000..9283283ab0861
--- /dev/null
+++ b/libs/core/src/test/java/org/elasticsearch/common/CharArraysTests.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.common;
+
+import org.elasticsearch.test.ESTestCase;
+
+import java.nio.charset.StandardCharsets;
+
+public class CharArraysTests extends ESTestCase {
+
+ public void testCharsToBytes() {
+ final String originalValue = randomUnicodeOfCodepointLengthBetween(0, 32);
+ final byte[] expectedBytes = originalValue.getBytes(StandardCharsets.UTF_8);
+ final char[] valueChars = originalValue.toCharArray();
+
+ final byte[] convertedBytes = CharArrays.toUtf8Bytes(valueChars);
+ assertArrayEquals(expectedBytes, convertedBytes);
+ }
+
+ public void testBytesToUtf8Chars() {
+ final String originalValue = randomUnicodeOfCodepointLengthBetween(0, 32);
+ final byte[] bytes = originalValue.getBytes(StandardCharsets.UTF_8);
+ final char[] expectedChars = originalValue.toCharArray();
+
+ final char[] convertedChars = CharArrays.utf8BytesToChars(bytes);
+ assertArrayEquals(expectedChars, convertedChars);
+ }
+
+ public void testCharsBeginsWith() {
+ assertFalse(CharArrays.charsBeginsWith(randomAlphaOfLength(4), null));
+ assertFalse(CharArrays.charsBeginsWith(null, null));
+ assertFalse(CharArrays.charsBeginsWith(null, randomAlphaOfLength(4).toCharArray()));
+ assertFalse(CharArrays.charsBeginsWith(randomAlphaOfLength(2), randomAlphaOfLengthBetween(3, 8).toCharArray()));
+
+ final String prefix = randomAlphaOfLengthBetween(2, 4);
+ assertTrue(CharArrays.charsBeginsWith(prefix, prefix.toCharArray()));
+ final char[] prefixedValue = prefix.concat(randomAlphaOfLengthBetween(1, 12)).toCharArray();
+ assertTrue(CharArrays.charsBeginsWith(prefix, prefixedValue));
+
+ final String modifiedPrefix = randomBoolean() ? prefix.substring(1) : prefix.substring(0, prefix.length() - 1);
+ char[] nonMatchingValue;
+ do {
+ nonMatchingValue = modifiedPrefix.concat(randomAlphaOfLengthBetween(0, 12)).toCharArray();
+ } while (new String(nonMatchingValue).startsWith(prefix));
+ assertFalse(CharArrays.charsBeginsWith(prefix, nonMatchingValue));
+ assertTrue(CharArrays.charsBeginsWith(modifiedPrefix, nonMatchingValue));
+ }
+
+ public void testConstantTimeEquals() {
+ final String value = randomAlphaOfLengthBetween(0, 32);
+ assertTrue(CharArrays.constantTimeEquals(value, value));
+ assertTrue(CharArrays.constantTimeEquals(value.toCharArray(), value.toCharArray()));
+
+ final String other = randomAlphaOfLengthBetween(1, 32);
+ assertFalse(CharArrays.constantTimeEquals(value, other));
+ assertFalse(CharArrays.constantTimeEquals(value.toCharArray(), other.toCharArray()));
+ }
+}
diff --git a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/AppendProcessorFactoryTests.java b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/AppendProcessorFactoryTests.java
index 39a7bfd9a20b2..d51cb368e4317 100644
--- a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/AppendProcessorFactoryTests.java
+++ b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/AppendProcessorFactoryTests.java
@@ -100,6 +100,6 @@ public void testInvalidMustacheTemplate() throws Exception {
String processorTag = randomAlphaOfLength(10);
ElasticsearchException exception = expectThrows(ElasticsearchException.class, () -> factory.create(null, processorTag, config));
assertThat(exception.getMessage(), equalTo("java.lang.RuntimeException: could not compile script"));
- assertThat(exception.getHeader("processor_tag").get(0), equalTo(processorTag));
+ assertThat(exception.getMetadata("es.processor_tag").get(0), equalTo(processorTag));
}
}
diff --git a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/ConvertProcessorFactoryTests.java b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/ConvertProcessorFactoryTests.java
index 9e4acd7b17f83..f3396da64eb5f 100644
--- a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/ConvertProcessorFactoryTests.java
+++ b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/ConvertProcessorFactoryTests.java
@@ -58,9 +58,9 @@ public void testCreateUnsupportedType() throws Exception {
fail("factory create should have failed");
} catch (ElasticsearchParseException e) {
assertThat(e.getMessage(), Matchers.equalTo("[type] type [" + type + "] not supported, cannot convert field."));
- assertThat(e.getHeader("processor_type").get(0), equalTo(ConvertProcessor.TYPE));
- assertThat(e.getHeader("property_name").get(0), equalTo("type"));
- assertThat(e.getHeader("processor_tag"), nullValue());
+ assertThat(e.getMetadata("es.processor_type").get(0), equalTo(ConvertProcessor.TYPE));
+ assertThat(e.getMetadata("es.property_name").get(0), equalTo("type"));
+ assertThat(e.getMetadata("es.processor_tag"), nullValue());
}
}
diff --git a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/FailProcessorFactoryTests.java b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/FailProcessorFactoryTests.java
index 801441407a7f7..3c89778f0e825 100644
--- a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/FailProcessorFactoryTests.java
+++ b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/FailProcessorFactoryTests.java
@@ -66,6 +66,6 @@ public void testInvalidMustacheTemplate() throws Exception {
String processorTag = randomAlphaOfLength(10);
ElasticsearchException exception = expectThrows(ElasticsearchException.class, () -> factory.create(null, processorTag, config));
assertThat(exception.getMessage(), equalTo("java.lang.RuntimeException: could not compile script"));
- assertThat(exception.getHeader("processor_tag").get(0), equalTo(processorTag));
+ assertThat(exception.getMetadata("es.processor_tag").get(0), equalTo(processorTag));
}
}
diff --git a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/RemoveProcessorFactoryTests.java b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/RemoveProcessorFactoryTests.java
index c439a9662f202..bebe780276208 100644
--- a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/RemoveProcessorFactoryTests.java
+++ b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/RemoveProcessorFactoryTests.java
@@ -79,6 +79,6 @@ public void testInvalidMustacheTemplate() throws Exception {
String processorTag = randomAlphaOfLength(10);
ElasticsearchException exception = expectThrows(ElasticsearchException.class, () -> factory.create(null, processorTag, config));
assertThat(exception.getMessage(), equalTo("java.lang.RuntimeException: could not compile script"));
- assertThat(exception.getHeader("processor_tag").get(0), equalTo(processorTag));
+ assertThat(exception.getMetadata("es.processor_tag").get(0), equalTo(processorTag));
}
}
diff --git a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/SetProcessorFactoryTests.java b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/SetProcessorFactoryTests.java
index 59a99b8f995d8..9602f34f698f7 100644
--- a/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/SetProcessorFactoryTests.java
+++ b/modules/ingest-common/src/test/java/org/elasticsearch/ingest/common/SetProcessorFactoryTests.java
@@ -108,7 +108,7 @@ public void testInvalidMustacheTemplate() throws Exception {
String processorTag = randomAlphaOfLength(10);
ElasticsearchException exception = expectThrows(ElasticsearchException.class, () -> factory.create(null, processorTag, config));
assertThat(exception.getMessage(), equalTo("java.lang.RuntimeException: could not compile script"));
- assertThat(exception.getHeader("processor_tag").get(0), equalTo(processorTag));
+ assertThat(exception.getMetadata("es.processor_tag").get(0), equalTo(processorTag));
}
}
diff --git a/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/20_crud.yml b/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/20_crud.yml
index 0e348bbd7265d..bd6a3e6ca14fd 100644
--- a/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/20_crud.yml
+++ b/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/20_crud.yml
@@ -158,9 +158,9 @@ teardown:
}
- match: { error.root_cause.0.type: "parse_exception" }
- match: { error.root_cause.0.reason: "[field] required property is missing" }
- - match: { error.root_cause.0.header.processor_tag: "fritag" }
- - match: { error.root_cause.0.header.processor_type: "set" }
- - match: { error.root_cause.0.header.property_name: "field" }
+ - match: { error.root_cause.0.processor_tag: "fritag" }
+ - match: { error.root_cause.0.processor_type: "set" }
+ - match: { error.root_cause.0.property_name: "field" }
---
"Test basic pipeline with on_failure in processor":
diff --git a/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/50_on_failure.yml b/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/50_on_failure.yml
index 4b40d9f670bfe..718b91ac1c111 100644
--- a/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/50_on_failure.yml
+++ b/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/50_on_failure.yml
@@ -148,9 +148,9 @@ teardown:
}
- match: { error.root_cause.0.type: "parse_exception" }
- match: { error.root_cause.0.reason: "[on_failure] processors list cannot be empty" }
- - match: { error.root_cause.0.header.processor_type: "fail" }
- - match: { error.root_cause.0.header.processor_tag: "emptyfail" }
- - match: { error.root_cause.0.header.property_name: "on_failure" }
+ - match: { error.root_cause.0.processor_type: "fail" }
+ - match: { error.root_cause.0.processor_tag: "emptyfail" }
+ - match: { error.root_cause.0.property_name: "on_failure" }
---
"Test pipeline with empty on_failure in pipeline":
diff --git a/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/90_simulate.yml b/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/90_simulate.yml
index 8b3ed313314bb..776a8af0c2420 100644
--- a/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/90_simulate.yml
+++ b/modules/ingest-common/src/test/resources/rest-api-spec/test/ingest/90_simulate.yml
@@ -107,9 +107,9 @@ teardown:
}
- match: { error.root_cause.0.type: "parse_exception" }
- match: { error.root_cause.0.reason: "[field] required property is missing" }
- - match: { error.root_cause.0.header.processor_tag: "fails" }
- - match: { error.root_cause.0.header.processor_type: "set" }
- - match: { error.root_cause.0.header.property_name: "field" }
+ - match: { error.root_cause.0.processor_tag: "fails" }
+ - match: { error.root_cause.0.processor_type: "set" }
+ - match: { error.root_cause.0.property_name: "field" }
---
"Test simulate without index type and id":
@@ -198,9 +198,9 @@ teardown:
}
]
}
- - is_false: error.root_cause.0.header.processor_type
- - is_false: error.root_cause.0.header.processor_tag
- - match: { error.root_cause.0.header.property_name: "pipeline" }
+ - is_false: error.root_cause.0.processor_type
+ - is_false: error.root_cause.0.processor_tag
+ - match: { error.root_cause.0.property_name: "pipeline" }
- match: { error.reason: "[pipeline] required property is missing" }
---
@@ -233,9 +233,9 @@ teardown:
}
- match: { error.root_cause.0.type: "parse_exception" }
- match: { error.root_cause.0.reason: "[value] required property is missing" }
- - match: { error.root_cause.0.header.processor_type: "set" }
- - match: { error.root_cause.0.header.property_name: "value" }
- - is_false: error.root_cause.0.header.processor_tag
+ - match: { error.root_cause.0.processor_type: "set" }
+ - match: { error.root_cause.0.property_name: "value" }
+ - is_false: error.root_cause.0.processor_tag
---
"Test simulate with verbose flag":
diff --git a/modules/lang-painless/src/main/java/org/elasticsearch/painless/ScriptClassInfo.java b/modules/lang-painless/src/main/java/org/elasticsearch/painless/ScriptClassInfo.java
index 345db46f8875f..7de8353194dda 100644
--- a/modules/lang-painless/src/main/java/org/elasticsearch/painless/ScriptClassInfo.java
+++ b/modules/lang-painless/src/main/java/org/elasticsearch/painless/ScriptClassInfo.java
@@ -21,6 +21,7 @@
import org.elasticsearch.painless.lookup.PainlessLookup;
import org.elasticsearch.painless.lookup.PainlessLookupUtility;
+import org.elasticsearch.painless.lookup.def;
import java.lang.invoke.MethodType;
import java.lang.reflect.Field;
@@ -190,7 +191,7 @@ private static Class definitionTypeForClass(PainlessLookup painlessLookup, Cl
componentType = componentType.getComponentType();
}
- if (painlessLookup.lookupPainlessClass(componentType) == null) {
+ if (componentType != def.class && painlessLookup.lookupPainlessClass(componentType) == null) {
throw new IllegalArgumentException(unknownErrorMessageSource.apply(componentType));
}
diff --git a/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookup.java b/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookup.java
index 16b8ac14f14f2..55855a3cb1efb 100644
--- a/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookup.java
+++ b/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookup.java
@@ -26,6 +26,7 @@
import java.util.Set;
import java.util.function.Function;
+import static org.elasticsearch.painless.lookup.PainlessLookupUtility.DEF_CLASS_NAME;
import static org.elasticsearch.painless.lookup.PainlessLookupUtility.buildPainlessConstructorKey;
import static org.elasticsearch.painless.lookup.PainlessLookupUtility.buildPainlessFieldKey;
import static org.elasticsearch.painless.lookup.PainlessLookupUtility.buildPainlessMethodKey;
@@ -47,7 +48,7 @@ public final class PainlessLookup {
public boolean isValidCanonicalClassName(String canonicalClassName) {
Objects.requireNonNull(canonicalClassName);
- return canonicalClassNamesToClasses.containsKey(canonicalClassName);
+ return DEF_CLASS_NAME.equals(canonicalClassName) || canonicalClassNamesToClasses.containsKey(canonicalClassName);
}
public Class canonicalTypeNameToType(String canonicalTypeName) {
diff --git a/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookupBuilder.java b/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookupBuilder.java
index e644453a4c1ba..c8353b54c9f44 100644
--- a/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookupBuilder.java
+++ b/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookupBuilder.java
@@ -211,9 +211,6 @@ public static PainlessLookup buildFromWhitelists(List whitelists) {
public PainlessLookupBuilder() {
canonicalClassNamesToClasses = new HashMap<>();
classesToPainlessClassBuilders = new HashMap<>();
-
- canonicalClassNamesToClasses.put(DEF_CLASS_NAME, def.class);
- classesToPainlessClassBuilders.put(def.class, new PainlessClassBuilder());
}
private Class canonicalTypeNameToType(String canonicalTypeName) {
@@ -225,7 +222,7 @@ private boolean isValidType(Class type) {
type = type.getComponentType();
}
- return classesToPainlessClassBuilders.containsKey(type);
+ return type == def.class || classesToPainlessClassBuilders.containsKey(type);
}
public void addPainlessClass(ClassLoader classLoader, String javaClassName, boolean importClassName) {
diff --git a/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookupUtility.java b/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookupUtility.java
index f2eb434516961..71cacab9eba9d 100644
--- a/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookupUtility.java
+++ b/modules/lang-painless/src/main/java/org/elasticsearch/painless/lookup/PainlessLookupUtility.java
@@ -82,7 +82,7 @@ public static Class canonicalTypeNameToType(String canonicalTypeName, Map type = canonicalClassNamesToClasses.get(canonicalTypeName);
+ Class type = DEF_CLASS_NAME.equals(canonicalTypeName) ? def.class : canonicalClassNamesToClasses.get(canonicalTypeName);
if (type != null) {
return type;
@@ -105,7 +105,7 @@ public static Class canonicalTypeNameToType(String canonicalTypeName, Map {
- /**
- * The password which is broadcasted to all nodes, but is never stored on
- * persistent storage. The password is used to reread and decrypt the contents
- * of the node's keystore (backing the implementation of
- * {@code SecureSettings}).
- */
- private SecureString secureSettingsPassword;
-
public NodesReloadSecureSettingsRequest() {
}
/**
- * Reload secure settings only on certain nodes, based on the nodes ids
- * specified. If none are passed, secure settings will be reloaded on all the
- * nodes.
+ * Reload secure settings only on certain nodes, based on the nodes IDs specified. If none are passed, secure settings will be reloaded
+ * on all the nodes.
*/
- public NodesReloadSecureSettingsRequest(String... nodesIds) {
+ public NodesReloadSecureSettingsRequest(final String... nodesIds) {
super(nodesIds);
}
- @Override
- public ActionRequestValidationException validate() {
- ActionRequestValidationException validationException = null;
- if (secureSettingsPassword == null) {
- validationException = addValidationError("secure settings password cannot be null (use empty string instead)",
- validationException);
- }
- return validationException;
- }
-
- public SecureString secureSettingsPassword() {
- return secureSettingsPassword;
- }
-
- public NodesReloadSecureSettingsRequest secureStorePassword(SecureString secureStorePassword) {
- this.secureSettingsPassword = secureStorePassword;
- return this;
- }
-
- @Override
- public void readFrom(StreamInput in) throws IOException {
- super.readFrom(in);
- final byte[] passwordBytes = in.readByteArray();
- try {
- this.secureSettingsPassword = new SecureString(utf8BytesToChars(passwordBytes));
- } finally {
- Arrays.fill(passwordBytes, (byte) 0);
- }
- }
-
- @Override
- public void writeTo(StreamOutput out) throws IOException {
- super.writeTo(out);
- final byte[] passwordBytes = charsToUtf8Bytes(this.secureSettingsPassword.getChars());
- try {
- out.writeByteArray(passwordBytes);
- } finally {
- Arrays.fill(passwordBytes, (byte) 0);
- }
- }
-
- /**
- * Encodes the provided char[] to a UTF-8 byte[]. This is done while avoiding
- * conversions to String. The provided char[] is not modified by this method, so
- * the caller needs to take care of clearing the value if it is sensitive.
- */
- private static byte[] charsToUtf8Bytes(char[] chars) {
- final CharBuffer charBuffer = CharBuffer.wrap(chars);
- final ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer);
- final byte[] bytes;
- if (byteBuffer.hasArray()) {
- // there is no guarantee that the byte buffers backing array is the right size
- // so we need to make a copy
- bytes = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit());
- Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
- } else {
- final int length = byteBuffer.limit() - byteBuffer.position();
- bytes = new byte[length];
- byteBuffer.get(bytes);
- // if the buffer is not read only we can reset and fill with 0's
- if (byteBuffer.isReadOnly() == false) {
- byteBuffer.clear(); // reset
- for (int i = 0; i < byteBuffer.limit(); i++) {
- byteBuffer.put((byte) 0);
- }
- }
- }
- return bytes;
- }
-
- /**
- * Decodes the provided byte[] to a UTF-8 char[]. This is done while avoiding
- * conversions to String. The provided byte[] is not modified by this method, so
- * the caller needs to take care of clearing the value if it is sensitive.
- */
- public static char[] utf8BytesToChars(byte[] utf8Bytes) {
- final ByteBuffer byteBuffer = ByteBuffer.wrap(utf8Bytes);
- final CharBuffer charBuffer = StandardCharsets.UTF_8.decode(byteBuffer);
- final char[] chars;
- if (charBuffer.hasArray()) {
- // there is no guarantee that the char buffers backing array is the right size
- // so we need to make a copy
- chars = Arrays.copyOfRange(charBuffer.array(), charBuffer.position(), charBuffer.limit());
- Arrays.fill(charBuffer.array(), (char) 0); // clear sensitive data
- } else {
- final int length = charBuffer.limit() - charBuffer.position();
- chars = new char[length];
- charBuffer.get(chars);
- // if the buffer is not read only we can reset and fill with 0's
- if (charBuffer.isReadOnly() == false) {
- charBuffer.clear(); // reset
- for (int i = 0; i < charBuffer.limit(); i++) {
- charBuffer.put((char) 0);
- }
- }
- }
- return chars;
- }
}
diff --git a/server/src/main/java/org/elasticsearch/action/admin/cluster/node/reload/NodesReloadSecureSettingsRequestBuilder.java b/server/src/main/java/org/elasticsearch/action/admin/cluster/node/reload/NodesReloadSecureSettingsRequestBuilder.java
index b5f2f73e56f51..c8250455e6ba3 100644
--- a/server/src/main/java/org/elasticsearch/action/admin/cluster/node/reload/NodesReloadSecureSettingsRequestBuilder.java
+++ b/server/src/main/java/org/elasticsearch/action/admin/cluster/node/reload/NodesReloadSecureSettingsRequestBuilder.java
@@ -19,19 +19,8 @@
package org.elasticsearch.action.admin.cluster.node.reload;
-import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.action.support.nodes.NodesOperationRequestBuilder;
import org.elasticsearch.client.ElasticsearchClient;
-import org.elasticsearch.common.bytes.BytesReference;
-import org.elasticsearch.common.settings.SecureString;
-import org.elasticsearch.common.xcontent.LoggingDeprecationHandler;
-import org.elasticsearch.common.xcontent.NamedXContentRegistry;
-import org.elasticsearch.common.xcontent.XContentParser;
-import org.elasticsearch.common.xcontent.XContentType;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Objects;
/**
* Builder for the reload secure settings nodes request
@@ -39,46 +28,8 @@
public class NodesReloadSecureSettingsRequestBuilder extends NodesOperationRequestBuilder {
- public static final String SECURE_SETTINGS_PASSWORD_FIELD_NAME = "secure_settings_password";
-
public NodesReloadSecureSettingsRequestBuilder(ElasticsearchClient client, NodesReloadSecureSettingsAction action) {
super(client, action, new NodesReloadSecureSettingsRequest());
}
- public NodesReloadSecureSettingsRequestBuilder setSecureStorePassword(SecureString secureStorePassword) {
- request.secureStorePassword(secureStorePassword);
- return this;
- }
-
- public NodesReloadSecureSettingsRequestBuilder source(BytesReference source, XContentType xContentType) throws IOException {
- Objects.requireNonNull(xContentType);
- // EMPTY is ok here because we never call namedObject
- try (InputStream stream = source.streamInput();
- XContentParser parser = xContentType.xContent().createParser(NamedXContentRegistry.EMPTY,
- LoggingDeprecationHandler.INSTANCE, stream)) {
- XContentParser.Token token;
- token = parser.nextToken();
- if (token != XContentParser.Token.START_OBJECT) {
- throw new ElasticsearchParseException("expected an object, but found token [{}]", token);
- }
- token = parser.nextToken();
- if (token != XContentParser.Token.FIELD_NAME || false == SECURE_SETTINGS_PASSWORD_FIELD_NAME.equals(parser.currentName())) {
- throw new ElasticsearchParseException("expected a field named [{}], but found [{}]", SECURE_SETTINGS_PASSWORD_FIELD_NAME,
- token);
- }
- token = parser.nextToken();
- if (token != XContentParser.Token.VALUE_STRING) {
- throw new ElasticsearchParseException("expected field [{}] to be of type string, but found [{}] instead",
- SECURE_SETTINGS_PASSWORD_FIELD_NAME, token);
- }
- final String password = parser.text();
- setSecureStorePassword(new SecureString(password.toCharArray()));
- token = parser.nextToken();
- if (token != XContentParser.Token.END_OBJECT) {
- throw new ElasticsearchParseException("expected end of object, but found token [{}]", token);
- }
- }
- return this;
- }
-
}
diff --git a/server/src/main/java/org/elasticsearch/action/admin/cluster/node/reload/TransportNodesReloadSecureSettingsAction.java b/server/src/main/java/org/elasticsearch/action/admin/cluster/node/reload/TransportNodesReloadSecureSettingsAction.java
index 0f44170fa603b..b8a36bac68d61 100644
--- a/server/src/main/java/org/elasticsearch/action/admin/cluster/node/reload/TransportNodesReloadSecureSettingsAction.java
+++ b/server/src/main/java/org/elasticsearch/action/admin/cluster/node/reload/TransportNodesReloadSecureSettingsAction.java
@@ -31,7 +31,6 @@
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.settings.KeyStoreWrapper;
-import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.plugins.PluginsService;
@@ -82,16 +81,13 @@ protected NodesReloadSecureSettingsResponse.NodeResponse newNodeResponse() {
@Override
protected NodesReloadSecureSettingsResponse.NodeResponse nodeOperation(NodeRequest nodeReloadRequest) {
- final NodesReloadSecureSettingsRequest request = nodeReloadRequest.request;
- final SecureString secureSettingsPassword = request.secureSettingsPassword();
try (KeyStoreWrapper keystore = KeyStoreWrapper.load(environment.configFile())) {
// reread keystore from config file
if (keystore == null) {
return new NodesReloadSecureSettingsResponse.NodeResponse(clusterService.localNode(),
new IllegalStateException("Keystore is missing"));
}
- // decrypt the keystore using the password from the request
- keystore.decrypt(secureSettingsPassword.getChars());
+ keystore.decrypt(new char[0]);
// add the keystore to the original node settings object
final Settings settingsWithKeystore = Settings.builder()
.put(environment.settings(), false)
diff --git a/server/src/main/java/org/elasticsearch/ingest/ConfigurationUtils.java b/server/src/main/java/org/elasticsearch/ingest/ConfigurationUtils.java
index 2853842c646bc..54d06d116552f 100644
--- a/server/src/main/java/org/elasticsearch/ingest/ConfigurationUtils.java
+++ b/server/src/main/java/org/elasticsearch/ingest/ConfigurationUtils.java
@@ -284,14 +284,14 @@ public static ElasticsearchException newConfigurationException(String processorT
msg = "[" + propertyName + "] " + reason;
}
ElasticsearchParseException exception = new ElasticsearchParseException(msg);
- addHeadersToException(exception, processorType, processorTag, propertyName);
+ addMetadataToException(exception, processorType, processorTag, propertyName);
return exception;
}
public static ElasticsearchException newConfigurationException(String processorType, String processorTag,
String propertyName, Exception cause) {
ElasticsearchException exception = ExceptionsHelper.convertToElastic(cause);
- addHeadersToException(exception, processorType, processorTag, propertyName);
+ addMetadataToException(exception, processorType, processorTag, propertyName);
return exception;
}
@@ -341,16 +341,16 @@ public String execute() {
}
}
- private static void addHeadersToException(ElasticsearchException exception, String processorType,
- String processorTag, String propertyName) {
+ private static void addMetadataToException(ElasticsearchException exception, String processorType,
+ String processorTag, String propertyName) {
if (processorType != null) {
- exception.addHeader("processor_type", processorType);
+ exception.addMetadata("es.processor_type", processorType);
}
if (processorTag != null) {
- exception.addHeader("processor_tag", processorTag);
+ exception.addMetadata("es.processor_tag", processorTag);
}
if (propertyName != null) {
- exception.addHeader("property_name", propertyName);
+ exception.addMetadata("es.property_name", propertyName);
}
}
diff --git a/server/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestReloadSecureSettingsAction.java b/server/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestReloadSecureSettingsAction.java
index 0697871ea5d1c..2251615d678fb 100644
--- a/server/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestReloadSecureSettingsAction.java
+++ b/server/src/main/java/org/elasticsearch/rest/action/admin/cluster/RestReloadSecureSettingsAction.java
@@ -59,7 +59,6 @@ public RestChannelConsumer prepareRequest(RestRequest request, NodeClient client
.cluster()
.prepareReloadSecureSettings()
.setTimeout(request.param("timeout"))
- .source(request.requiredContent(), request.getXContentType())
.setNodesIds(nodesIds);
final NodesReloadSecureSettingsRequest nodesRequest = nodesRequestBuilder.request();
return channel -> nodesRequestBuilder
@@ -68,12 +67,12 @@ public RestChannelConsumer prepareRequest(RestRequest request, NodeClient client
public RestResponse buildResponse(NodesReloadSecureSettingsResponse response, XContentBuilder builder)
throws Exception {
builder.startObject();
- RestActions.buildNodesHeader(builder, channel.request(), response);
- builder.field("cluster_name", response.getClusterName().value());
- response.toXContent(builder, channel.request());
+ {
+ RestActions.buildNodesHeader(builder, channel.request(), response);
+ builder.field("cluster_name", response.getClusterName().value());
+ response.toXContent(builder, channel.request());
+ }
builder.endObject();
- // clear password for the original request
- nodesRequest.secureSettingsPassword().close();
return new BytesRestResponse(RestStatus.OK, builder);
}
});
diff --git a/server/src/test/java/org/elasticsearch/action/admin/ReloadSecureSettingsIT.java b/server/src/test/java/org/elasticsearch/action/admin/ReloadSecureSettingsIT.java
index 7952758240544..3f9e258ffec1c 100644
--- a/server/src/test/java/org/elasticsearch/action/admin/ReloadSecureSettingsIT.java
+++ b/server/src/test/java/org/elasticsearch/action/admin/ReloadSecureSettingsIT.java
@@ -20,11 +20,9 @@
package org.elasticsearch.action.admin;
import org.elasticsearch.action.ActionListener;
-import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse;
import org.elasticsearch.common.settings.KeyStoreWrapper;
import org.elasticsearch.common.settings.SecureSettings;
-import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.plugins.Plugin;
@@ -44,11 +42,11 @@
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicReference;
+import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
-import static org.hamcrest.Matchers.instanceOf;
-import static org.hamcrest.Matchers.containsString;
public class ReloadSecureSettingsIT extends ESIntegTestCase {
@@ -62,7 +60,7 @@ public void testMissingKeystoreFile() throws Exception {
Files.deleteIfExists(KeyStoreWrapper.keystorePath(environment.configFile()));
final int initialReloadCount = mockReloadablePlugin.getReloadCount();
final CountDownLatch latch = new CountDownLatch(1);
- client().admin().cluster().prepareReloadSecureSettings().setSecureStorePassword(new SecureString(new char[0])).execute(
+ client().admin().cluster().prepareReloadSecureSettings().execute(
new ActionListener() {
@Override
public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
@@ -96,44 +94,6 @@ public void onFailure(Exception e) {
assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
}
- public void testNullKeystorePassword() throws Exception {
- final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
- final MockReloadablePlugin mockReloadablePlugin = pluginsService.filterPlugins(MockReloadablePlugin.class)
- .stream().findFirst().get();
- final AtomicReference reloadSettingsError = new AtomicReference<>();
- final int initialReloadCount = mockReloadablePlugin.getReloadCount();
- final CountDownLatch latch = new CountDownLatch(1);
- client().admin().cluster().prepareReloadSecureSettings().execute(
- new ActionListener() {
- @Override
- public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
- try {
- reloadSettingsError.set(new AssertionError("Null keystore password should fail"));
- } finally {
- latch.countDown();
- }
- }
-
- @Override
- public void onFailure(Exception e) {
- try {
- assertThat(e, instanceOf(ActionRequestValidationException.class));
- assertThat(e.getMessage(), containsString("secure settings password cannot be null"));
- } catch (final AssertionError ae) {
- reloadSettingsError.set(ae);
- } finally {
- latch.countDown();
- }
- }
- });
- latch.await();
- if (reloadSettingsError.get() != null) {
- throw reloadSettingsError.get();
- }
- // in the null password case no reload should be triggered
- assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
- }
-
public void testInvalidKeystoreFile() throws Exception {
final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
final MockReloadablePlugin mockReloadablePlugin = pluginsService.filterPlugins(MockReloadablePlugin.class)
@@ -149,7 +109,7 @@ public void testInvalidKeystoreFile() throws Exception {
Files.copy(keystore, KeyStoreWrapper.keystorePath(environment.configFile()), StandardCopyOption.REPLACE_EXISTING);
}
final CountDownLatch latch = new CountDownLatch(1);
- client().admin().cluster().prepareReloadSecureSettings().setSecureStorePassword(new SecureString(new char[0])).execute(
+ client().admin().cluster().prepareReloadSecureSettings().execute(
new ActionListener() {
@Override
public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
@@ -181,52 +141,6 @@ public void onFailure(Exception e) {
assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
}
- public void testWrongKeystorePassword() throws Exception {
- final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
- final MockReloadablePlugin mockReloadablePlugin = pluginsService.filterPlugins(MockReloadablePlugin.class)
- .stream().findFirst().get();
- final Environment environment = internalCluster().getInstance(Environment.class);
- final AtomicReference reloadSettingsError = new AtomicReference<>();
- final int initialReloadCount = mockReloadablePlugin.getReloadCount();
- // "some" keystore should be present in this case
- writeEmptyKeystore(environment, new char[0]);
- final CountDownLatch latch = new CountDownLatch(1);
- client().admin()
- .cluster()
- .prepareReloadSecureSettings()
- .setSecureStorePassword(new SecureString(new char[] { 'W', 'r', 'o', 'n', 'g' }))
- .execute(new ActionListener() {
- @Override
- public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
- try {
- assertThat(nodesReloadResponse, notNullValue());
- final Map nodesMap = nodesReloadResponse.getNodesMap();
- assertThat(nodesMap.size(), equalTo(cluster().size()));
- for (final NodesReloadSecureSettingsResponse.NodeResponse nodeResponse : nodesReloadResponse.getNodes()) {
- assertThat(nodeResponse.reloadException(), notNullValue());
- assertThat(nodeResponse.reloadException(), instanceOf(SecurityException.class));
- }
- } catch (final AssertionError e) {
- reloadSettingsError.set(e);
- } finally {
- latch.countDown();
- }
- }
-
- @Override
- public void onFailure(Exception e) {
- reloadSettingsError.set(new AssertionError("Nodes request failed", e));
- latch.countDown();
- }
- });
- latch.await();
- if (reloadSettingsError.get() != null) {
- throw reloadSettingsError.get();
- }
- // in the wrong password case no reload should be triggered
- assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
- }
-
public void testMisbehavingPlugin() throws Exception {
final Environment environment = internalCluster().getInstance(Environment.class);
final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
@@ -247,7 +161,7 @@ public void testMisbehavingPlugin() throws Exception {
.get(Settings.builder().put(environment.settings()).setSecureSettings(secureSettings).build())
.toString();
final CountDownLatch latch = new CountDownLatch(1);
- client().admin().cluster().prepareReloadSecureSettings().setSecureStorePassword(new SecureString(new char[0])).execute(
+ client().admin().cluster().prepareReloadSecureSettings().execute(
new ActionListener() {
@Override
public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
@@ -314,7 +228,7 @@ protected Collection> nodePlugins() {
private void successfulReloadCall() throws InterruptedException {
final AtomicReference reloadSettingsError = new AtomicReference<>();
final CountDownLatch latch = new CountDownLatch(1);
- client().admin().cluster().prepareReloadSecureSettings().setSecureStorePassword(new SecureString(new char[0])).execute(
+ client().admin().cluster().prepareReloadSecureSettings().execute(
new ActionListener() {
@Override
public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
diff --git a/server/src/test/java/org/elasticsearch/cluster/ack/AckIT.java b/server/src/test/java/org/elasticsearch/cluster/ack/AckIT.java
index 2cd8a2c27c714..df97854cc35b0 100644
--- a/server/src/test/java/org/elasticsearch/cluster/ack/AckIT.java
+++ b/server/src/test/java/org/elasticsearch/cluster/ack/AckIT.java
@@ -19,6 +19,7 @@
package org.elasticsearch.cluster.ack;
+import org.apache.lucene.util.LuceneTestCase.AwaitsFix;
import org.elasticsearch.action.admin.cluster.reroute.ClusterRerouteResponse;
import org.elasticsearch.action.admin.cluster.state.ClusterStateResponse;
import org.elasticsearch.action.admin.indices.create.CreateIndexResponse;
@@ -50,6 +51,7 @@
import static org.hamcrest.Matchers.notNullValue;
@ClusterScope(minNumDataNodes = 2)
+@AwaitsFix(bugUrl="https://github.com/elastic/elasticsearch/issues/32767")
public class AckIT extends ESIntegTestCase {
@Override
diff --git a/server/src/test/java/org/elasticsearch/index/shard/GlobalCheckpointListenersTests.java b/server/src/test/java/org/elasticsearch/index/shard/GlobalCheckpointListenersTests.java
index d9240602d8519..43b16c6ecc78f 100644
--- a/server/src/test/java/org/elasticsearch/index/shard/GlobalCheckpointListenersTests.java
+++ b/server/src/test/java/org/elasticsearch/index/shard/GlobalCheckpointListenersTests.java
@@ -341,7 +341,7 @@ public void testNotificationUsesExecutor() {
globalCheckpointListeners.add(NO_OPS_PERFORMED, (g, e) -> {});
}
globalCheckpointListeners.globalCheckpointUpdated(randomLongBetween(NO_OPS_PERFORMED, Long.MAX_VALUE));
- assertThat(count.get(), equalTo(1));
+ assertThat(count.get(), equalTo(numberOfListeners == 0 ? 0 : 1));
}
public void testConcurrency() throws BrokenBarrierException, InterruptedException {
diff --git a/server/src/test/java/org/elasticsearch/ingest/ConfigurationUtilsTests.java b/server/src/test/java/org/elasticsearch/ingest/ConfigurationUtilsTests.java
index af863410f9f35..61afd9ce2a473 100644
--- a/server/src/test/java/org/elasticsearch/ingest/ConfigurationUtilsTests.java
+++ b/server/src/test/java/org/elasticsearch/ingest/ConfigurationUtilsTests.java
@@ -131,9 +131,9 @@ public void testReadProcessors() throws Exception {
ElasticsearchParseException e = expectThrows(ElasticsearchParseException.class,
() -> ConfigurationUtils.readProcessorConfigs(config, registry));
assertThat(e.getMessage(), equalTo("No processor type exists with name [unknown_processor]"));
- assertThat(e.getHeader("processor_tag"), equalTo(Collections.singletonList("my_unknown")));
- assertThat(e.getHeader("processor_type"), equalTo(Collections.singletonList("unknown_processor")));
- assertThat(e.getHeader("property_name"), is(nullValue()));
+ assertThat(e.getMetadata("es.processor_tag"), equalTo(Collections.singletonList("my_unknown")));
+ assertThat(e.getMetadata("es.processor_type"), equalTo(Collections.singletonList("unknown_processor")));
+ assertThat(e.getMetadata("es.property_name"), is(nullValue()));
List> config2 = new ArrayList<>();
unknownTaggedConfig = new HashMap<>();
@@ -144,17 +144,17 @@ public void testReadProcessors() throws Exception {
config2.add(Collections.singletonMap("second_unknown_processor", secondUnknonwTaggedConfig));
e = expectThrows(ElasticsearchParseException.class, () -> ConfigurationUtils.readProcessorConfigs(config2, registry));
assertThat(e.getMessage(), equalTo("No processor type exists with name [unknown_processor]"));
- assertThat(e.getHeader("processor_tag"), equalTo(Collections.singletonList("my_unknown")));
- assertThat(e.getHeader("processor_type"), equalTo(Collections.singletonList("unknown_processor")));
- assertThat(e.getHeader("property_name"), is(nullValue()));
+ assertThat(e.getMetadata("es.processor_tag"), equalTo(Collections.singletonList("my_unknown")));
+ assertThat(e.getMetadata("es.processor_type"), equalTo(Collections.singletonList("unknown_processor")));
+ assertThat(e.getMetadata("es.property_name"), is(nullValue()));
assertThat(e.getSuppressed().length, equalTo(1));
assertThat(e.getSuppressed()[0], instanceOf(ElasticsearchParseException.class));
ElasticsearchParseException e2 = (ElasticsearchParseException) e.getSuppressed()[0];
assertThat(e2.getMessage(), equalTo("No processor type exists with name [second_unknown_processor]"));
- assertThat(e2.getHeader("processor_tag"), equalTo(Collections.singletonList("my_second_unknown")));
- assertThat(e2.getHeader("processor_type"), equalTo(Collections.singletonList("second_unknown_processor")));
- assertThat(e2.getHeader("property_name"), is(nullValue()));
+ assertThat(e2.getMetadata("es.processor_tag"), equalTo(Collections.singletonList("my_second_unknown")));
+ assertThat(e2.getMetadata("es.processor_type"), equalTo(Collections.singletonList("second_unknown_processor")));
+ assertThat(e2.getMetadata("es.property_name"), is(nullValue()));
}
public void testReadProcessorFromObjectOrMap() throws Exception {
diff --git a/server/src/test/java/org/elasticsearch/ingest/PipelineStoreTests.java b/server/src/test/java/org/elasticsearch/ingest/PipelineStoreTests.java
index 250bb5059cf58..d0ce465fc9ef8 100644
--- a/server/src/test/java/org/elasticsearch/ingest/PipelineStoreTests.java
+++ b/server/src/test/java/org/elasticsearch/ingest/PipelineStoreTests.java
@@ -356,8 +356,8 @@ public void testValidate() throws Exception {
ElasticsearchParseException e =
expectThrows(ElasticsearchParseException.class, () -> store.validatePipeline(ingestInfos, putRequest));
assertEquals("Processor type [remove] is not installed on node [" + node2 + "]", e.getMessage());
- assertEquals("remove", e.getHeader("processor_type").get(0));
- assertEquals("tag2", e.getHeader("processor_tag").get(0));
+ assertEquals("remove", e.getMetadata("es.processor_type").get(0));
+ assertEquals("tag2", e.getMetadata("es.processor_tag").get(0));
ingestInfos.put(node2, new IngestInfo(Arrays.asList(new ProcessorInfo("set"), new ProcessorInfo("remove"))));
store.validatePipeline(ingestInfos, putRequest);
diff --git a/server/src/test/java/org/elasticsearch/search/scroll/DuelScrollIT.java b/server/src/test/java/org/elasticsearch/search/scroll/DuelScrollIT.java
index 31fcfa7155cc0..4005f1218a92f 100644
--- a/server/src/test/java/org/elasticsearch/search/scroll/DuelScrollIT.java
+++ b/server/src/test/java/org/elasticsearch/search/scroll/DuelScrollIT.java
@@ -21,6 +21,7 @@
import com.carrotsearch.hppc.IntHashSet;
import com.carrotsearch.randomizedtesting.generators.RandomPicks;
+
import org.elasticsearch.action.index.IndexRequestBuilder;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.action.search.SearchType;
@@ -198,6 +199,8 @@ private int createIndex(boolean singleShard) throws Exception {
}
// no replicas, as they might be ordered differently
settings.put(IndexMetaData.SETTING_NUMBER_OF_REPLICAS, 0);
+ // we need to control refreshes as they might take different merges into account
+ settings.put("index.refresh_interval", -1);
assertAcked(prepareCreate("test").setSettings(settings.build()).get());
final int numDocs = randomIntBetween(10, 200);
diff --git a/x-pack/docs/en/security/configuring-es.asciidoc b/x-pack/docs/en/security/configuring-es.asciidoc
index 5e8f1adbc7aa8..53f36afc73481 100644
--- a/x-pack/docs/en/security/configuring-es.asciidoc
+++ b/x-pack/docs/en/security/configuring-es.asciidoc
@@ -9,7 +9,7 @@
password-protect your data as well as implement more advanced security measures
such as encrypting communications, role-based access control, IP filtering, and
auditing. For more information, see
-{xpack-ref}/xpack-security.html[Securing the Elastic Stack].
+{xpack-ref}/elasticsearch-security.html[Securing the Elastic Stack].
To use {security} in {es}:
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/token/CreateTokenRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/token/CreateTokenRequest.java
index 5956e1a661345..fdb46711c0c59 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/token/CreateTokenRequest.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/token/CreateTokenRequest.java
@@ -15,7 +15,7 @@
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
import org.elasticsearch.common.settings.SecureString;
-import org.elasticsearch.xpack.core.security.authc.support.CharArrays;
+import org.elasticsearch.common.CharArrays;
import java.io.IOException;
import java.util.Arrays;
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/ChangePasswordRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/ChangePasswordRequest.java
index f84b133d984b6..b78b81c060080 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/ChangePasswordRequest.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/ChangePasswordRequest.java
@@ -12,7 +12,7 @@
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.xpack.core.security.authc.support.CharArrays;
+import org.elasticsearch.common.CharArrays;
import java.io.IOException;
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/PutUserRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/PutUserRequest.java
index f37072b9cf0fc..e704259396a34 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/PutUserRequest.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/PutUserRequest.java
@@ -8,12 +8,12 @@
import org.elasticsearch.action.ActionRequest;
import org.elasticsearch.action.ActionRequestValidationException;
import org.elasticsearch.action.support.WriteRequest;
+import org.elasticsearch.common.CharArrays;
import org.elasticsearch.common.Nullable;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.xpack.core.security.authc.support.CharArrays;
import java.io.IOException;
import java.util.Map;
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/BCrypt.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/BCrypt.java
index ceb93dc4c853c..a93476bbdc8da 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/BCrypt.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/BCrypt.java
@@ -14,6 +14,7 @@
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+import org.elasticsearch.common.CharArrays;
import org.elasticsearch.common.settings.SecureString;
import java.security.SecureRandom;
@@ -54,7 +55,7 @@
* String stronger_salt = BCrypt.gensalt(12)
*
*
- * The amount of work increases exponentially (2**log_rounds), so
+ * The amount of work increases exponentially (2**log_rounds), so
* each increment is twice as much work. The default log_rounds is
* 10, and the valid range is 4 to 30.
*
@@ -689,7 +690,11 @@ public static String hashpw(SecureString password, String salt) {
// the next lines are the SecureString replacement for the above commented-out section
if (minor >= 'a') {
- try (SecureString secureString = new SecureString(CharArrays.concat(password.getChars(), "\000".toCharArray()))) {
+ final char[] suffix = "\000".toCharArray();
+ final char[] result = new char[password.length() + suffix.length];
+ System.arraycopy(password.getChars(), 0, result, 0, password.length());
+ System.arraycopy(suffix, 0, result, password.length(), suffix.length);
+ try (SecureString secureString = new SecureString(result)) {
passwordb = CharArrays.toUtf8Bytes(secureString.getChars());
}
} else {
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/CharArrays.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/CharArrays.java
deleted file mode 100644
index 26df90c31a2de..0000000000000
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/CharArrays.java
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-package org.elasticsearch.xpack.core.security.authc.support;
-
-import java.nio.ByteBuffer;
-import java.nio.CharBuffer;
-import java.nio.charset.StandardCharsets;
-import java.util.Arrays;
-
-/**
- * Helper class similar to Arrays to handle conversions for Char arrays
- */
-public class CharArrays {
-
- public static char[] utf8BytesToChars(byte[] utf8Bytes) {
- ByteBuffer byteBuffer = ByteBuffer.wrap(utf8Bytes);
- CharBuffer charBuffer = StandardCharsets.UTF_8.decode(byteBuffer);
- char[] chars = Arrays.copyOfRange(charBuffer.array(), charBuffer.position(), charBuffer.limit());
- byteBuffer.clear();
- charBuffer.clear();
- return chars;
- }
-
- /**
- * Like String.indexOf for for an array of chars
- */
- static int indexOf(char[] array, char ch) {
- for (int i = 0; (i < array.length); i++) {
- if (array[i] == ch) {
- return i;
- }
- }
- return -1;
- }
-
- /**
- * Converts the provided char[] to a UTF-8 byte[]. The provided char[] is not modified by this
- * method, so the caller needs to take care of clearing the value if it is sensitive.
- */
- public static byte[] toUtf8Bytes(char[] chars) {
- CharBuffer charBuffer = CharBuffer.wrap(chars);
- ByteBuffer byteBuffer = StandardCharsets.UTF_8.encode(charBuffer);
- byte[] bytes = Arrays.copyOfRange(byteBuffer.array(), byteBuffer.position(), byteBuffer.limit());
- Arrays.fill(byteBuffer.array(), (byte) 0); // clear sensitive data
- return bytes;
- }
-
- public static boolean charsBeginsWith(String prefix, char[] chars) {
- if (chars == null || prefix == null) {
- return false;
- }
-
- if (prefix.length() > chars.length) {
- return false;
- }
-
- for (int i = 0; i < prefix.length(); i++) {
- if (chars[i] != prefix.charAt(i)) {
- return false;
- }
- }
-
- return true;
- }
-
- public static boolean constantTimeEquals(char[] a, char[] b) {
- if (a.length != b.length) {
- return false;
- }
-
- int equals = 0;
- for (int i = 0; i < a.length; i++) {
- equals |= a[i] ^ b[i];
- }
-
- return equals == 0;
- }
-
- public static boolean constantTimeEquals(String a, String b) {
- if (a.length() != b.length()) {
- return false;
- }
-
- int equals = 0;
- for (int i = 0; i < a.length(); i++) {
- equals |= a.charAt(i) ^ b.charAt(i);
- }
-
- return equals == 0;
- }
-
- public static char[] concat(char[] a, char[] b) {
- final char[] result = new char[a.length + b.length];
- System.arraycopy(a, 0, result, 0, a.length);
- System.arraycopy(b, 0, result, a.length, b.length);
- return result;
- }
-}
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/Hasher.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/Hasher.java
index d12547bd90645..492622b2c519c 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/Hasher.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/Hasher.java
@@ -6,6 +6,7 @@
package org.elasticsearch.xpack.core.security.authc.support;
import org.elasticsearch.ElasticsearchException;
+import org.elasticsearch.common.CharArrays;
import org.elasticsearch.common.hash.MessageDigests;
import org.elasticsearch.common.settings.SecureString;
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/UsernamePasswordToken.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/UsernamePasswordToken.java
index d8e58c29d237b..1349303600884 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/UsernamePasswordToken.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/UsernamePasswordToken.java
@@ -5,6 +5,7 @@
*/
package org.elasticsearch.xpack.core.security.authc.support;
+import org.elasticsearch.common.CharArrays;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.util.concurrent.ThreadContext;
@@ -107,7 +108,7 @@ private static UsernamePasswordToken extractToken(String headerValue) {
throw authenticationError("invalid basic authentication header encoding", e);
}
- int i = CharArrays.indexOf(userpasswd, ':');
+ int i = indexOfColon(userpasswd);
if (i < 0) {
throw authenticationError("invalid basic authentication header value");
}
@@ -121,4 +122,15 @@ public static void putTokenHeader(ThreadContext context, UsernamePasswordToken t
context.putHeader(BASIC_AUTH_HEADER, basicAuthHeaderValue(token.username, token.password));
}
+ /**
+ * Like String.indexOf for for an array of chars
+ */
+ private static int indexOfColon(char[] array) {
+ for (int i = 0; (i < array.length); i++) {
+ if (array[i] == ':') {
+ return i;
+ }
+ }
+ return -1;
+ }
}
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/PemUtils.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/PemUtils.java
index d959c017e0a35..a3814a76a3e6e 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/PemUtils.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/PemUtils.java
@@ -7,7 +7,7 @@
package org.elasticsearch.xpack.core.ssl;
import org.elasticsearch.common.hash.MessageDigests;
-import org.elasticsearch.xpack.core.security.authc.support.CharArrays;
+import org.elasticsearch.common.CharArrays;
import java.io.BufferedReader;
import java.io.IOException;
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/crypto/CryptoService.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/crypto/CryptoService.java
index b1f3a32769ec9..a25e79ffdf66f 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/crypto/CryptoService.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/crypto/CryptoService.java
@@ -13,7 +13,7 @@
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.core.watcher.WatcherField;
import org.elasticsearch.xpack.core.security.SecurityField;
-import org.elasticsearch.xpack.core.security.authc.support.CharArrays;
+import org.elasticsearch.common.CharArrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ml/datafeed/DatafeedConfigTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ml/datafeed/DatafeedConfigTests.java
index ffc13655d229c..3030449abd1b6 100644
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ml/datafeed/DatafeedConfigTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ml/datafeed/DatafeedConfigTests.java
@@ -100,7 +100,7 @@ public static DatafeedConfig createRandomizedDatafeedConfig(String jobId, long b
if (aggHistogramInterval == null) {
builder.setFrequency(TimeValue.timeValueSeconds(randomIntBetween(1, 1_000_000)));
} else {
- builder.setFrequency(TimeValue.timeValueMillis(randomIntBetween(1, 5) * aggHistogramInterval));
+ builder.setFrequency(TimeValue.timeValueSeconds(randomIntBetween(1, 5) * aggHistogramInterval));
}
}
if (randomBoolean()) {
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/DocumentSubsetReaderTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/DocumentSubsetReaderTests.java
index 38857e2170de4..dca2f37f3f224 100644
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/DocumentSubsetReaderTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/DocumentSubsetReaderTests.java
@@ -80,9 +80,8 @@ public void cleanDirectory() throws Exception {
bitsetFilterCache.close();
}
- @AwaitsFix(bugUrl = "https://github.com/elastic/elasticsearch/issues/32457")
public void testSearch() throws Exception {
- IndexWriter iw = new IndexWriter(directory, newIndexWriterConfig());
+ IndexWriter iw = new IndexWriter(directory, newIndexWriterConfig().setMergePolicy(newLogMergePolicy(random())));
Document document = new Document();
document.add(new StringField("field", "value1", Field.Store.NO));
diff --git a/x-pack/plugin/ml/log-structure-finder/build.gradle b/x-pack/plugin/ml/log-structure-finder/build.gradle
new file mode 100644
index 0000000000000..9048a1c46860c
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/build.gradle
@@ -0,0 +1,36 @@
+import org.elasticsearch.gradle.precommit.PrecommitTasks
+
+apply plugin: 'elasticsearch.build'
+
+archivesBaseName = 'x-pack-log-structure-finder'
+
+description = 'Common code for reverse engineering log structure'
+
+dependencies {
+ compile "org.elasticsearch:elasticsearch-core:${version}"
+ compile "org.elasticsearch:elasticsearch-x-content:${version}"
+ compile project(':libs:grok')
+ compile "com.ibm.icu:icu4j:${versions.icu4j}"
+ compile "net.sf.supercsv:super-csv:${versions.supercsv}"
+
+ testCompile "org.elasticsearch.test:framework:${version}"
+}
+
+configurations {
+ testArtifacts.extendsFrom testRuntime
+}
+task testJar(type: Jar) {
+ appendix 'test'
+ from sourceSets.test.output
+}
+artifacts {
+ // normal es plugins do not publish the jar but we need to since users need it for Transport Clients and extensions
+ archives jar
+ testArtifacts testJar
+}
+
+forbiddenApisMain {
+ // log-structure-finder does not depend on server, so cannot forbid server methods
+ signaturesURLs = [PrecommitTasks.getResource('/forbidden/jdk-signatures.txt')]
+}
+
diff --git a/x-pack/plugin/ml/log-structure-finder/licenses/icu4j-62.1.jar.sha1 b/x-pack/plugin/ml/log-structure-finder/licenses/icu4j-62.1.jar.sha1
new file mode 100644
index 0000000000000..c24c69cf4b90f
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/licenses/icu4j-62.1.jar.sha1
@@ -0,0 +1 @@
+7a4d00d5ec5febd252a6182e8b6e87a0a9821f81
\ No newline at end of file
diff --git a/x-pack/plugin/ml/log-structure-finder/licenses/icu4j-LICENSE.txt b/x-pack/plugin/ml/log-structure-finder/licenses/icu4j-LICENSE.txt
new file mode 100644
index 0000000000000..e76faec4ad20f
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/licenses/icu4j-LICENSE.txt
@@ -0,0 +1,33 @@
+ICU License - ICU 1.8.1 and later
+
+COPYRIGHT AND PERMISSION NOTICE
+
+Copyright (c) 1995-2012 International Business Machines Corporation and others
+
+All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, and/or sell copies of the
+Software, and to permit persons to whom the Software is furnished to do so,
+provided that the above copyright notice(s) and this permission notice appear
+in all copies of the Software and that both the above copyright notice(s) and
+this permission notice appear in supporting documentation.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
+IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE
+LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR
+ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER
+IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+Except as contained in this notice, the name of a copyright holder shall not
+be used in advertising or otherwise to promote the sale, use or other
+dealings in this Software without prior written authorization of the
+copyright holder.
+
+All trademarks and registered trademarks mentioned herein are the property of
+their respective owners.
diff --git a/x-pack/plugin/ml/log-structure-finder/licenses/icu4j-NOTICE.txt b/x-pack/plugin/ml/log-structure-finder/licenses/icu4j-NOTICE.txt
new file mode 100644
index 0000000000000..47eeab14f2ef6
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/licenses/icu4j-NOTICE.txt
@@ -0,0 +1,3 @@
+ICU4J, (under lucene/analysis/icu) is licensed under an MIT style license
+(modules/analysis/icu/lib/icu4j-LICENSE-BSD_LIKE.txt) and Copyright (c) 1995-2012
+International Business Machines Corporation and others
\ No newline at end of file
diff --git a/x-pack/plugin/ml/log-structure-finder/licenses/super-csv-2.4.0.jar.sha1 b/x-pack/plugin/ml/log-structure-finder/licenses/super-csv-2.4.0.jar.sha1
new file mode 100644
index 0000000000000..a0b402133090d
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/licenses/super-csv-2.4.0.jar.sha1
@@ -0,0 +1 @@
+017f8708c929029dde48bc298deaf3c7ae2452d3
\ No newline at end of file
diff --git a/x-pack/plugin/ml/log-structure-finder/licenses/super-csv-LICENSE.txt b/x-pack/plugin/ml/log-structure-finder/licenses/super-csv-LICENSE.txt
new file mode 100644
index 0000000000000..9e0ad072b2527
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/licenses/super-csv-LICENSE.txt
@@ -0,0 +1,203 @@
+/*
+ * Apache License
+ * Version 2.0, January 2004
+ * http://www.apache.org/licenses/
+ *
+ * TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+ *
+ * 1. Definitions.
+ *
+ * "License" shall mean the terms and conditions for use, reproduction,
+ * and distribution as defined by Sections 1 through 9 of this document.
+ *
+ * "Licensor" shall mean the copyright owner or entity authorized by
+ * the copyright owner that is granting the License.
+ *
+ * "Legal Entity" shall mean the union of the acting entity and all
+ * other entities that control, are controlled by, or are under common
+ * control with that entity. For the purposes of this definition,
+ * "control" means (i) the power, direct or indirect, to cause the
+ * direction or management of such entity, whether by contract or
+ * otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ * outstanding shares, or (iii) beneficial ownership of such entity.
+ *
+ * "You" (or "Your") shall mean an individual or Legal Entity
+ * exercising permissions granted by this License.
+ *
+ * "Source" form shall mean the preferred form for making modifications,
+ * including but not limited to software source code, documentation
+ * source, and configuration files.
+ *
+ * "Object" form shall mean any form resulting from mechanical
+ * transformation or translation of a Source form, including but
+ * not limited to compiled object code, generated documentation,
+ * and conversions to other media types.
+ *
+ * "Work" shall mean the work of authorship, whether in Source or
+ * Object form, made available under the License, as indicated by a
+ * copyright notice that is included in or attached to the work
+ * (an example is provided in the Appendix below).
+ *
+ * "Derivative Works" shall mean any work, whether in Source or Object
+ * form, that is based on (or derived from) the Work and for which the
+ * editorial revisions, annotations, elaborations, or other modifications
+ * represent, as a whole, an original work of authorship. For the purposes
+ * of this License, Derivative Works shall not include works that remain
+ * separable from, or merely link (or bind by name) to the interfaces of,
+ * the Work and Derivative Works thereof.
+ *
+ * "Contribution" shall mean any work of authorship, including
+ * the original version of the Work and any modifications or additions
+ * to that Work or Derivative Works thereof, that is intentionally
+ * submitted to Licensor for inclusion in the Work by the copyright owner
+ * or by an individual or Legal Entity authorized to submit on behalf of
+ * the copyright owner. For the purposes of this definition, "submitted"
+ * means any form of electronic, verbal, or written communication sent
+ * to the Licensor or its representatives, including but not limited to
+ * communication on electronic mailing lists, source code control systems,
+ * and issue tracking systems that are managed by, or on behalf of, the
+ * Licensor for the purpose of discussing and improving the Work, but
+ * excluding communication that is conspicuously marked or otherwise
+ * designated in writing by the copyright owner as "Not a Contribution."
+ *
+ * "Contributor" shall mean Licensor and any individual or Legal Entity
+ * on behalf of whom a Contribution has been received by Licensor and
+ * subsequently incorporated within the Work.
+ *
+ * 2. Grant of Copyright License. Subject to the terms and conditions of
+ * this License, each Contributor hereby grants to You a perpetual,
+ * worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ * copyright license to reproduce, prepare Derivative Works of,
+ * publicly display, publicly perform, sublicense, and distribute the
+ * Work and such Derivative Works in Source or Object form.
+ *
+ * 3. Grant of Patent License. Subject to the terms and conditions of
+ * this License, each Contributor hereby grants to You a perpetual,
+ * worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ * (except as stated in this section) patent license to make, have made,
+ * use, offer to sell, sell, import, and otherwise transfer the Work,
+ * where such license applies only to those patent claims licensable
+ * by such Contributor that are necessarily infringed by their
+ * Contribution(s) alone or by combination of their Contribution(s)
+ * with the Work to which such Contribution(s) was submitted. If You
+ * institute patent litigation against any entity (including a
+ * cross-claim or counterclaim in a lawsuit) alleging that the Work
+ * or a Contribution incorporated within the Work constitutes direct
+ * or contributory patent infringement, then any patent licenses
+ * granted to You under this License for that Work shall terminate
+ * as of the date such litigation is filed.
+ *
+ * 4. Redistribution. You may reproduce and distribute copies of the
+ * Work or Derivative Works thereof in any medium, with or without
+ * modifications, and in Source or Object form, provided that You
+ * meet the following conditions:
+ *
+ * (a) You must give any other recipients of the Work or
+ * Derivative Works a copy of this License; and
+ *
+ * (b) You must cause any modified files to carry prominent notices
+ * stating that You changed the files; and
+ *
+ * (c) You must retain, in the Source form of any Derivative Works
+ * that You distribute, all copyright, patent, trademark, and
+ * attribution notices from the Source form of the Work,
+ * excluding those notices that do not pertain to any part of
+ * the Derivative Works; and
+ *
+ * (d) If the Work includes a "NOTICE" text file as part of its
+ * distribution, then any Derivative Works that You distribute must
+ * include a readable copy of the attribution notices contained
+ * within such NOTICE file, excluding those notices that do not
+ * pertain to any part of the Derivative Works, in at least one
+ * of the following places: within a NOTICE text file distributed
+ * as part of the Derivative Works; within the Source form or
+ * documentation, if provided along with the Derivative Works; or,
+ * within a display generated by the Derivative Works, if and
+ * wherever such third-party notices normally appear. The contents
+ * of the NOTICE file are for informational purposes only and
+ * do not modify the License. You may add Your own attribution
+ * notices within Derivative Works that You distribute, alongside
+ * or as an addendum to the NOTICE text from the Work, provided
+ * that such additional attribution notices cannot be construed
+ * as modifying the License.
+ *
+ * You may add Your own copyright statement to Your modifications and
+ * may provide additional or different license terms and conditions
+ * for use, reproduction, or distribution of Your modifications, or
+ * for any such Derivative Works as a whole, provided Your use,
+ * reproduction, and distribution of the Work otherwise complies with
+ * the conditions stated in this License.
+ *
+ * 5. Submission of Contributions. Unless You explicitly state otherwise,
+ * any Contribution intentionally submitted for inclusion in the Work
+ * by You to the Licensor shall be under the terms and conditions of
+ * this License, without any additional terms or conditions.
+ * Notwithstanding the above, nothing herein shall supersede or modify
+ * the terms of any separate license agreement you may have executed
+ * with Licensor regarding such Contributions.
+ *
+ * 6. Trademarks. This License does not grant permission to use the trade
+ * names, trademarks, service marks, or product names of the Licensor,
+ * except as required for reasonable and customary use in describing the
+ * origin of the Work and reproducing the content of the NOTICE file.
+ *
+ * 7. Disclaimer of Warranty. Unless required by applicable law or
+ * agreed to in writing, Licensor provides the Work (and each
+ * Contributor provides its Contributions) on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ * implied, including, without limitation, any warranties or conditions
+ * of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ * PARTICULAR PURPOSE. You are solely responsible for determining the
+ * appropriateness of using or redistributing the Work and assume any
+ * risks associated with Your exercise of permissions under this License.
+ *
+ * 8. Limitation of Liability. In no event and under no legal theory,
+ * whether in tort (including negligence), contract, or otherwise,
+ * unless required by applicable law (such as deliberate and grossly
+ * negligent acts) or agreed to in writing, shall any Contributor be
+ * liable to You for damages, including any direct, indirect, special,
+ * incidental, or consequential damages of any character arising as a
+ * result of this License or out of the use or inability to use the
+ * Work (including but not limited to damages for loss of goodwill,
+ * work stoppage, computer failure or malfunction, or any and all
+ * other commercial damages or losses), even if such Contributor
+ * has been advised of the possibility of such damages.
+ *
+ * 9. Accepting Warranty or Additional Liability. While redistributing
+ * the Work or Derivative Works thereof, You may choose to offer,
+ * and charge a fee for, acceptance of support, warranty, indemnity,
+ * or other liability obligations and/or rights consistent with this
+ * License. However, in accepting such obligations, You may act only
+ * on Your own behalf and on Your sole responsibility, not on behalf
+ * of any other Contributor, and only if You agree to indemnify,
+ * defend, and hold each Contributor harmless for any liability
+ * incurred by, or claims asserted against, such Contributor by reason
+ * of your accepting any such warranty or additional liability.
+ *
+ * END OF TERMS AND CONDITIONS
+ *
+ * APPENDIX: How to apply the Apache License to your work.
+ *
+ * To apply the Apache License to your work, attach the following
+ * boilerplate notice, with the fields enclosed by brackets "[]"
+ * replaced with your own identifying information. (Don't include
+ * the brackets!) The text should be enclosed in the appropriate
+ * comment syntax for the file format. We also recommend that a
+ * file or class name and description of purpose be included on the
+ * same "printed page" as the copyright notice for easier
+ * identification within third-party archives.
+ *
+ * Copyright 2007 Kasper B. Graversen
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
diff --git a/x-pack/plugin/ml/log-structure-finder/licenses/super-csv-NOTICE.txt b/x-pack/plugin/ml/log-structure-finder/licenses/super-csv-NOTICE.txt
new file mode 100644
index 0000000000000..e69de29bb2d1d
diff --git a/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/CsvLogStructureFinderFactory.java b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/CsvLogStructureFinderFactory.java
new file mode 100644
index 0000000000000..cb9e6537252cd
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/CsvLogStructureFinderFactory.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.ml.logstructurefinder;
+
+import org.supercsv.prefs.CsvPreference;
+
+import java.io.IOException;
+import java.util.List;
+
+public class CsvLogStructureFinderFactory implements LogStructureFinderFactory {
+
+ /**
+ * Rules are:
+ * - The file must be valid CSV
+ * - It must contain at least two complete records
+ * - There must be at least two fields per record (otherwise files with no commas could be treated as CSV!)
+ * - Every CSV record except the last must have the same number of fields
+ * The reason the last record is allowed to have fewer fields than the others is that
+ * it could have been truncated when the file was sampled.
+ */
+ @Override
+ public boolean canCreateFromSample(List explanation, String sample) {
+ return SeparatedValuesLogStructureFinder.canCreateFromSample(explanation, sample, 2, CsvPreference.EXCEL_PREFERENCE, "CSV");
+ }
+
+ @Override
+ public LogStructureFinder createFromSample(List explanation, String sample, String charsetName, Boolean hasByteOrderMarker)
+ throws IOException {
+ return SeparatedValuesLogStructureFinder.makeSeparatedValuesLogStructureFinder(explanation, sample, charsetName, hasByteOrderMarker,
+ CsvPreference.EXCEL_PREFERENCE, false);
+ }
+}
diff --git a/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/GrokPatternCreator.java b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/GrokPatternCreator.java
new file mode 100644
index 0000000000000..186477507acce
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/GrokPatternCreator.java
@@ -0,0 +1,615 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.ml.logstructurefinder;
+
+import org.elasticsearch.common.collect.Tuple;
+import org.elasticsearch.grok.Grok;
+import org.elasticsearch.xpack.ml.logstructurefinder.TimestampFormatFinder.TimestampMatch;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+
+/**
+ * Creates Grok patterns that will match all provided sample messages.
+ *
+ * The choice of field names is quite primitive. The intention is that a human will edit these.
+ */
+public final class GrokPatternCreator {
+
+ private static final Map PUNCTUATION_OR_SPACE_NEEDS_ESCAPING;
+ static {
+ HashMap punctuationOrSpaceNeedsEscaping = new HashMap<>();
+ String punctuationAndSpaceCharacters = "\"'`‘’“”#@%=\\/|~:;,<>()[]{}«»^$*¿?¡!§¶ \t\n";
+ String punctuationThatNeedsEscaping = "\\|()[]{}^$*?";
+ punctuationAndSpaceCharacters.chars()
+ .forEach(c -> punctuationOrSpaceNeedsEscaping.put((char) c, punctuationThatNeedsEscaping.indexOf(c) >= 0));
+ PUNCTUATION_OR_SPACE_NEEDS_ESCAPING = Collections.unmodifiableMap(punctuationOrSpaceNeedsEscaping);
+ }
+
+ private static final String PREFACE = "preface";
+ private static final String VALUE = "value";
+ private static final String EPILOGUE = "epilogue";
+
+ /**
+ * Grok patterns that are designed to match the whole message, not just a part of it.
+ */
+ private static final List FULL_MATCH_GROK_PATTERNS = Arrays.asList(
+ new FullMatchGrokPatternCandidate("BACULA_LOGLINE", "bts"),
+ new FullMatchGrokPatternCandidate("CATALINALOG", "timestamp"),
+ new FullMatchGrokPatternCandidate("COMBINEDAPACHELOG", "timestamp"),
+ new FullMatchGrokPatternCandidate("COMMONAPACHELOG", "timestamp"),
+ new FullMatchGrokPatternCandidate("ELB_ACCESS_LOG", "timestamp"),
+ new FullMatchGrokPatternCandidate("HAPROXYHTTP", "syslog_timestamp"),
+ new FullMatchGrokPatternCandidate("HAPROXYTCP", "syslog_timestamp"),
+ new FullMatchGrokPatternCandidate("HTTPD20_ERRORLOG", "timestamp"),
+ new FullMatchGrokPatternCandidate("HTTPD24_ERRORLOG", "timestamp"),
+ new FullMatchGrokPatternCandidate("NAGIOSLOGLINE", "nagios_epoch"),
+ new FullMatchGrokPatternCandidate("NETSCREENSESSIONLOG", "date"),
+ new FullMatchGrokPatternCandidate("RAILS3", "timestamp"),
+ new FullMatchGrokPatternCandidate("RUBY_LOGGER", "timestamp"),
+ new FullMatchGrokPatternCandidate("SHOREWALL", "timestamp"),
+ new FullMatchGrokPatternCandidate("TOMCATLOG", "timestamp")
+ );
+
+ /**
+ * The first match in this list will be chosen, so it needs to be ordered
+ * such that more generic patterns come after more specific patterns.
+ */
+ private static final List ORDERED_CANDIDATE_GROK_PATTERNS = Arrays.asList(
+ new ValueOnlyGrokPatternCandidate("TOMCAT_DATESTAMP", "date", "extra_timestamp"),
+ new ValueOnlyGrokPatternCandidate("TIMESTAMP_ISO8601", "date", "extra_timestamp"),
+ new ValueOnlyGrokPatternCandidate("DATESTAMP_RFC822", "date", "extra_timestamp"),
+ new ValueOnlyGrokPatternCandidate("DATESTAMP_RFC2822", "date", "extra_timestamp"),
+ new ValueOnlyGrokPatternCandidate("DATESTAMP_OTHER", "date", "extra_timestamp"),
+ new ValueOnlyGrokPatternCandidate("DATESTAMP_EVENTLOG", "date", "extra_timestamp"),
+ new ValueOnlyGrokPatternCandidate("SYSLOGTIMESTAMP", "date", "extra_timestamp"),
+ new ValueOnlyGrokPatternCandidate("HTTPDATE", "date", "extra_timestamp"),
+ new ValueOnlyGrokPatternCandidate("CATALINA_DATESTAMP", "date", "extra_timestamp"),
+ new ValueOnlyGrokPatternCandidate("CISCOTIMESTAMP", "date", "extra_timestamp"),
+ new ValueOnlyGrokPatternCandidate("LOGLEVEL", "keyword", "loglevel"),
+ new ValueOnlyGrokPatternCandidate("URI", "keyword", "uri"),
+ new ValueOnlyGrokPatternCandidate("UUID", "keyword", "uuid"),
+ new ValueOnlyGrokPatternCandidate("MAC", "keyword", "macaddress"),
+ // Can't use \b as the breaks, because slashes are not "word" characters
+ new ValueOnlyGrokPatternCandidate("PATH", "keyword", "path", "(? explanation;
+ private final Collection sampleMessages;
+
+ /**
+ * It is expected that the mappings will be shared with other code.
+ * Both this class and other classes will update it.
+ */
+ private final Map mappings;
+ private final Map fieldNameCountStore = new HashMap<>();
+ private final StringBuilder overallGrokPatternBuilder = new StringBuilder();
+
+ /**
+ *
+ * @param explanation List of reasons for making decisions. May contain items when passed and new reasons
+ * can be appended by the methods of this class.
+ * @param sampleMessages Sample messages that any Grok pattern found must match.
+ * @param mappings Will be updated with mappings appropriate for the returned pattern, if non-null.
+ */
+ public GrokPatternCreator(List explanation, Collection sampleMessages, Map mappings) {
+ this.explanation = explanation;
+ this.sampleMessages = Collections.unmodifiableCollection(sampleMessages);
+ this.mappings = mappings;
+ }
+
+ /**
+ * This method attempts to find a Grok pattern that will match all of the sample messages in their entirety.
+ * @return A tuple of (time field name, Grok string), or null if no suitable Grok pattern was found.
+ */
+ public Tuple findFullLineGrokPattern() {
+
+ for (FullMatchGrokPatternCandidate candidate : FULL_MATCH_GROK_PATTERNS) {
+ if (candidate.matchesAll(sampleMessages)) {
+ return candidate.processMatch(explanation, sampleMessages, mappings);
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Build a Grok pattern that will match all of the sample messages in their entirety.
+ * @param seedPatternName A pattern that has already been determined to match some portion of every sample message.
+ * @param seedFieldName The field name to be used for the portion of every sample message that the seed pattern matches.
+ * @return The built Grok pattern.
+ */
+ public String createGrokPatternFromExamples(String seedPatternName, String seedFieldName) {
+
+ overallGrokPatternBuilder.setLength(0);
+
+ GrokPatternCandidate seedCandidate = new NoMappingGrokPatternCandidate(seedPatternName, seedFieldName);
+
+ processCandidateAndSplit(seedCandidate, true, sampleMessages, false, 0, false, 0);
+
+ return overallGrokPatternBuilder.toString().replace("\t", "\\t").replace("\n", "\\n");
+ }
+
+ /**
+ * This is purely to allow unit tests to inspect the partial Grok pattern after testing implementation details.
+ * It should not be used in production code.
+ */
+ StringBuilder getOverallGrokPatternBuilder() {
+ return overallGrokPatternBuilder;
+ }
+
+ /**
+ * Given a chosen Grok pattern and a collection of message snippets, split the snippets into the
+ * matched section and the pieces before and after it. Recurse to find more matches in the pieces
+ * before and after and update the supplied string builder.
+ */
+ private void processCandidateAndSplit(GrokPatternCandidate chosenPattern, boolean isLast, Collection snippets,
+ boolean ignoreKeyValueCandidateLeft, int ignoreValueOnlyCandidatesLeft,
+ boolean ignoreKeyValueCandidateRight, int ignoreValueOnlyCandidatesRight) {
+
+ Collection prefaces = new ArrayList<>();
+ Collection epilogues = new ArrayList<>();
+ String patternBuilderContent = chosenPattern.processCaptures(fieldNameCountStore, snippets, prefaces, epilogues, mappings);
+ appendBestGrokMatchForStrings(false, prefaces, ignoreKeyValueCandidateLeft, ignoreValueOnlyCandidatesLeft);
+ overallGrokPatternBuilder.append(patternBuilderContent);
+ appendBestGrokMatchForStrings(isLast, epilogues, ignoreKeyValueCandidateRight, ignoreValueOnlyCandidatesRight);
+ }
+
+ /**
+ * Given a collection of message snippets, work out which (if any) of the Grok patterns we're allowed
+ * to use matches it best. Then append the appropriate Grok language to represent that finding onto
+ * the supplied string builder.
+ */
+ void appendBestGrokMatchForStrings(boolean isLast, Collection snippets,
+ boolean ignoreKeyValueCandidate, int ignoreValueOnlyCandidates) {
+
+ snippets = adjustForPunctuation(snippets);
+
+ GrokPatternCandidate bestCandidate = null;
+ if (snippets.isEmpty() == false) {
+ GrokPatternCandidate kvCandidate = new KeyValueGrokPatternCandidate(explanation);
+ if (ignoreKeyValueCandidate == false && kvCandidate.matchesAll(snippets)) {
+ bestCandidate = kvCandidate;
+ } else {
+ ignoreKeyValueCandidate = true;
+ for (GrokPatternCandidate candidate :
+ ORDERED_CANDIDATE_GROK_PATTERNS.subList(ignoreValueOnlyCandidates, ORDERED_CANDIDATE_GROK_PATTERNS.size())) {
+ if (candidate.matchesAll(snippets)) {
+ bestCandidate = candidate;
+ break;
+ }
+ ++ignoreValueOnlyCandidates;
+ }
+ }
+ }
+
+ if (bestCandidate == null) {
+ if (isLast) {
+ finalizeGrokPattern(snippets);
+ } else {
+ addIntermediateRegex(snippets);
+ }
+ } else {
+ processCandidateAndSplit(bestCandidate, isLast, snippets, true, ignoreValueOnlyCandidates + (ignoreKeyValueCandidate ? 1 : 0),
+ ignoreKeyValueCandidate, ignoreValueOnlyCandidates);
+ }
+ }
+
+ /**
+ * If the snippets supplied begin with more than 1 character of common punctuation or whitespace
+ * then add all but the last of these characters to the overall pattern and remove them from the
+ * snippets.
+ * @param snippets Input snippets - not modified.
+ * @return Output snippets, which will be a copy of the input snippets but with whatever characters
+ * were added to overallPatternBuilder removed from the beginning.
+ */
+ Collection adjustForPunctuation(Collection snippets) {
+
+ assert snippets.isEmpty() == false;
+
+ StringBuilder commonInitialPunctuation = new StringBuilder();
+
+ for (String snippet : snippets) {
+
+ if (commonInitialPunctuation.length() == 0) {
+ for (int index = 0; index < snippet.length(); ++index) {
+ char ch = snippet.charAt(index);
+ if (PUNCTUATION_OR_SPACE_NEEDS_ESCAPING.get(ch) != null) {
+ commonInitialPunctuation.append(ch);
+ } else {
+ break;
+ }
+ }
+ } else {
+ if (commonInitialPunctuation.length() > snippet.length()) {
+ commonInitialPunctuation.delete(snippet.length(), commonInitialPunctuation.length());
+ }
+ for (int index = 0; index < commonInitialPunctuation.length(); ++index) {
+ char ch = snippet.charAt(index);
+ if (ch != commonInitialPunctuation.charAt(index)) {
+ commonInitialPunctuation.delete(index, commonInitialPunctuation.length());
+ break;
+ }
+ }
+ }
+
+ if (commonInitialPunctuation.length() <= 1) {
+ return snippets;
+ }
+ }
+
+ int numLiteralCharacters = commonInitialPunctuation.length() - 1;
+
+ for (int index = 0; index < numLiteralCharacters; ++index) {
+ char ch = commonInitialPunctuation.charAt(index);
+ if (PUNCTUATION_OR_SPACE_NEEDS_ESCAPING.getOrDefault(ch, false)) {
+ overallGrokPatternBuilder.append('\\');
+ }
+ overallGrokPatternBuilder.append(ch);
+ }
+
+ return snippets.stream().map(snippet -> snippet.substring(numLiteralCharacters)).collect(Collectors.toList());
+ }
+
+ /**
+ * The first time a particular field name is passed, simply return it.
+ * The second time return it with "2" appended.
+ * The third time return it with "3" appended.
+ * Etc.
+ */
+ static String buildFieldName(Map fieldNameCountStore, String fieldName) {
+ Integer numberSeen = fieldNameCountStore.compute(fieldName, (k, v) -> 1 + ((v == null) ? 0 : v));
+ return (numberSeen > 1) ? fieldName + numberSeen : fieldName;
+ }
+
+ private void addIntermediateRegex(Collection snippets) {
+ addIntermediateRegex(overallGrokPatternBuilder, snippets);
+ }
+
+ public static void addIntermediateRegex(StringBuilder patternBuilder, Collection snippets) {
+ if (snippets.isEmpty()) {
+ return;
+ }
+
+ List others = new ArrayList<>(snippets);
+ String driver = others.remove(others.size() - 1);
+
+ boolean wildcardRequiredIfNonMatchFound = true;
+ for (int i = 0; i < driver.length(); ++i) {
+ char ch = driver.charAt(i);
+ Boolean punctuationOrSpaceNeedsEscaping = PUNCTUATION_OR_SPACE_NEEDS_ESCAPING.get(ch);
+ if (punctuationOrSpaceNeedsEscaping != null && others.stream().allMatch(other -> other.indexOf(ch) >= 0)) {
+ if (wildcardRequiredIfNonMatchFound && others.stream().anyMatch(other -> other.indexOf(ch) > 0)) {
+ patternBuilder.append(".*?");
+ }
+ if (punctuationOrSpaceNeedsEscaping) {
+ patternBuilder.append('\\');
+ }
+ patternBuilder.append(ch);
+ wildcardRequiredIfNonMatchFound = true;
+ others = others.stream().map(other -> other.substring(other.indexOf(ch) + 1)).collect(Collectors.toList());
+ } else if (wildcardRequiredIfNonMatchFound) {
+ patternBuilder.append(".*?");
+ wildcardRequiredIfNonMatchFound = false;
+ }
+ }
+
+ if (wildcardRequiredIfNonMatchFound && others.stream().anyMatch(s -> s.isEmpty() == false)) {
+ patternBuilder.append(".*?");
+ }
+ }
+
+ private void finalizeGrokPattern(Collection snippets) {
+ if (snippets.stream().allMatch(String::isEmpty)) {
+ return;
+ }
+
+ List others = new ArrayList<>(snippets);
+ String driver = others.remove(others.size() - 1);
+
+ for (int i = 0; i < driver.length(); ++i) {
+ char ch = driver.charAt(i);
+ int driverIndex = i;
+ Boolean punctuationOrSpaceNeedsEscaping = PUNCTUATION_OR_SPACE_NEEDS_ESCAPING.get(ch);
+ if (punctuationOrSpaceNeedsEscaping != null &&
+ others.stream().allMatch(other -> other.length() > driverIndex && other.charAt(driverIndex) == ch)) {
+ if (punctuationOrSpaceNeedsEscaping) {
+ overallGrokPatternBuilder.append('\\');
+ }
+ overallGrokPatternBuilder.append(ch);
+ if (i == driver.length() - 1 && others.stream().allMatch(driver::equals)) {
+ return;
+ }
+ } else {
+ break;
+ }
+ }
+
+ overallGrokPatternBuilder.append(".*");
+ }
+
+ interface GrokPatternCandidate {
+
+ /**
+ * @return Does this Grok pattern candidate match all the snippets?
+ */
+ boolean matchesAll(Collection snippets);
+
+ /**
+ * After it has been determined that this Grok pattern candidate matches a collection of strings,
+ * return collections of the bits that come before (prefaces) and after (epilogues) the bit
+ * that matches. Also update mappings with the most appropriate field name and type.
+ * @return The string that needs to be incorporated into the overall Grok pattern for the line.
+ */
+ String processCaptures(Map fieldNameCountStore, Collection snippets, Collection prefaces,
+ Collection epilogues, Map mappings);
+ }
+
+ /**
+ * A Grok pattern candidate that will match a single named Grok pattern.
+ */
+ static class ValueOnlyGrokPatternCandidate implements GrokPatternCandidate {
+
+ private final String grokPatternName;
+ private final String mappingType;
+ private final String fieldName;
+ private final Grok grok;
+
+ /**
+ * Pre/post breaks default to \b, but this may not be appropriate for Grok patterns that start or
+ * end with a non "word" character (i.e. letter, number or underscore). For such patterns use one
+ * of the other constructors.
+ *
+ * In cases where the Grok pattern defined by Logstash already includes conditions on what must
+ * come before and after the match, use one of the other constructors and specify an empty string
+ * for the pre and/or post breaks.
+ *
+ * @param grokPatternName Name of the Grok pattern to try to match - must match one defined in Logstash.
+ * @param fieldName Name of the field to extract from the match.
+ */
+ ValueOnlyGrokPatternCandidate(String grokPatternName, String mappingType, String fieldName) {
+ this(grokPatternName, mappingType, fieldName, "\\b", "\\b");
+ }
+
+ /**
+ * @param grokPatternName Name of the Grok pattern to try to match - must match one defined in Logstash.
+ * @param mappingType Data type for field in Elasticsearch mappings.
+ * @param fieldName Name of the field to extract from the match.
+ * @param preBreak Only consider the match if it's broken from the previous text by this.
+ * @param postBreak Only consider the match if it's broken from the following text by this.
+ */
+ ValueOnlyGrokPatternCandidate(String grokPatternName, String mappingType, String fieldName, String preBreak, String postBreak) {
+ this.grokPatternName = grokPatternName;
+ this.mappingType = mappingType;
+ this.fieldName = fieldName;
+ // The (?m) here has the Ruby meaning, which is equivalent to (?s) in Java
+ grok = new Grok(Grok.getBuiltinPatterns(), "(?m)%{DATA:" + PREFACE + "}" + preBreak +
+ "%{" + grokPatternName + ":" + VALUE + "}" + postBreak + "%{GREEDYDATA:" + EPILOGUE + "}");
+ }
+
+ @Override
+ public boolean matchesAll(Collection snippets) {
+ return snippets.stream().allMatch(grok::match);
+ }
+
+ /**
+ * Given a collection of strings, and a Grok pattern that matches some part of them all,
+ * return collections of the bits that come before (prefaces) and after (epilogues) the
+ * bit that matches.
+ */
+ @Override
+ public String processCaptures(Map fieldNameCountStore, Collection snippets, Collection prefaces,
+ Collection epilogues, Map mappings) {
+ String sampleValue = null;
+ for (String snippet : snippets) {
+ Map captures = grok.captures(snippet);
+ // If the pattern doesn't match then captures will be null
+ if (captures == null) {
+ throw new IllegalStateException("[%{" + grokPatternName + "}] does not match snippet [" + snippet + "]");
+ }
+ prefaces.add(captures.getOrDefault(PREFACE, "").toString());
+ if (sampleValue == null) {
+ sampleValue = captures.get(VALUE).toString();
+ }
+ epilogues.add(captures.getOrDefault(EPILOGUE, "").toString());
+ }
+ String adjustedFieldName = buildFieldName(fieldNameCountStore, fieldName);
+ if (mappings != null) {
+ Map fullMappingType = Collections.singletonMap(LogStructureUtils.MAPPING_TYPE_SETTING, mappingType);
+ if ("date".equals(mappingType)) {
+ TimestampMatch timestampMatch = TimestampFormatFinder.findFirstFullMatch(sampleValue);
+ if (timestampMatch != null) {
+ fullMappingType = timestampMatch.getEsDateMappingTypeWithFormat();
+ }
+ }
+ mappings.put(adjustedFieldName, fullMappingType);
+ }
+ return "%{" + grokPatternName + ":" + adjustedFieldName + "}";
+ }
+ }
+
+ /**
+ * Unlike the {@link ValueOnlyGrokPatternCandidate} an object of this class is not immutable and not thread safe.
+ * When a given object matches a set of strings it chooses a field name. Then that same field name is used when
+ * processing captures from the pattern. Hence only a single thread may use any particular instance of this
+ * class.
+ */
+ static class KeyValueGrokPatternCandidate implements GrokPatternCandidate {
+
+ private static final Pattern kvFinder = Pattern.compile("\\b(\\w+)=[\\w.-]+");
+ private final List explanation;
+ private String fieldName;
+
+ KeyValueGrokPatternCandidate(List explanation) {
+ this.explanation = explanation;
+ }
+
+ @Override
+ public boolean matchesAll(Collection snippets) {
+ Set candidateNames = new LinkedHashSet<>();
+ boolean isFirst = true;
+ for (String snippet : snippets) {
+ if (isFirst) {
+ Matcher matcher = kvFinder.matcher(snippet);
+ while (matcher.find()) {
+ candidateNames.add(matcher.group(1));
+ }
+ isFirst = false;
+ } else {
+ candidateNames.removeIf(candidateName ->
+ Pattern.compile("\\b" + candidateName + "=[\\w.-]+").matcher(snippet).find() == false);
+ }
+ if (candidateNames.isEmpty()) {
+ break;
+ }
+ }
+ return (fieldName = candidateNames.stream().findFirst().orElse(null)) != null;
+ }
+
+ @Override
+ public String processCaptures(Map fieldNameCountStore, Collection snippets, Collection prefaces,
+ Collection epilogues, Map mappings) {
+ if (fieldName == null) {
+ throw new IllegalStateException("Cannot process KV matches until a field name has been determined");
+ }
+ Grok grok = new Grok(Grok.getBuiltinPatterns(), "(?m)%{DATA:" + PREFACE + "}\\b" +
+ fieldName + "=%{USER:" + VALUE + "}%{GREEDYDATA:" + EPILOGUE + "}");
+ Collection values = new ArrayList<>();
+ for (String snippet : snippets) {
+ Map captures = grok.captures(snippet);
+ // If the pattern doesn't match then captures will be null
+ if (captures == null) {
+ throw new IllegalStateException("[\\b" + fieldName + "=%{USER}] does not match snippet [" + snippet + "]");
+ }
+ prefaces.add(captures.getOrDefault(PREFACE, "").toString());
+ values.add(captures.getOrDefault(VALUE, "").toString());
+ epilogues.add(captures.getOrDefault(EPILOGUE, "").toString());
+ }
+ String adjustedFieldName = buildFieldName(fieldNameCountStore, fieldName);
+ if (mappings != null) {
+ mappings.put(adjustedFieldName, LogStructureUtils.guessScalarMapping(explanation, adjustedFieldName, values));
+ }
+ return "\\b" + fieldName + "=%{USER:" + adjustedFieldName + "}";
+ }
+ }
+
+ /**
+ * A Grok pattern candidate that matches a single named Grok pattern but will not update mappings.
+ */
+ static class NoMappingGrokPatternCandidate extends ValueOnlyGrokPatternCandidate {
+
+ NoMappingGrokPatternCandidate(String grokPatternName, String fieldName) {
+ super(grokPatternName, null, fieldName);
+ }
+
+ @Override
+ public String processCaptures(Map fieldNameCountStore, Collection snippets, Collection prefaces,
+ Collection epilogues, Map mappings) {
+ return super.processCaptures(fieldNameCountStore, snippets, prefaces, epilogues, null);
+ }
+ }
+
+ /**
+ * Used to check whether a single Grok pattern matches every sample message in its entirety.
+ */
+ static class FullMatchGrokPatternCandidate {
+
+ private final String grokString;
+ private final String timeField;
+ private final Grok grok;
+
+ FullMatchGrokPatternCandidate(String grokPatternName, String timeField) {
+ grokString = "%{" + grokPatternName + "}";
+ this.timeField = timeField;
+ grok = new Grok(Grok.getBuiltinPatterns(), grokString);
+ }
+
+ public boolean matchesAll(Collection sampleMessages) {
+ return sampleMessages.stream().allMatch(grok::match);
+ }
+
+ /**
+ * This must only be called if {@link #matchesAll} returns true.
+ * @return A tuple of (time field name, Grok string).
+ */
+ public Tuple processMatch(List explanation, Collection sampleMessages,
+ Map mappings) {
+
+ explanation.add("A full message Grok pattern [" + grokString.substring(2, grokString.length() - 1) + "] looks appropriate");
+
+ if (mappings != null) {
+ Map> valuesPerField = new HashMap<>();
+
+ for (String sampleMessage : sampleMessages) {
+ Map captures = grok.captures(sampleMessage);
+ // If the pattern doesn't match then captures will be null
+ if (captures == null) {
+ throw new IllegalStateException("[" + grokString + "] does not match snippet [" + sampleMessage + "]");
+ }
+ for (Map.Entry capture : captures.entrySet()) {
+
+ String fieldName = capture.getKey();
+ String fieldValue = capture.getValue().toString();
+
+ // Exclude the time field because that will be dropped and replaced with @timestamp
+ if (fieldName.equals(timeField) == false) {
+ valuesPerField.compute(fieldName, (k, v) -> {
+ if (v == null) {
+ return new ArrayList<>(Collections.singletonList(fieldValue));
+ } else {
+ v.add(fieldValue);
+ return v;
+ }
+ });
+ }
+ }
+ }
+
+ for (Map.Entry> valuesForField : valuesPerField.entrySet()) {
+ String fieldName = valuesForField.getKey();
+ mappings.put(fieldName,
+ LogStructureUtils.guessScalarMapping(explanation, fieldName, valuesForField.getValue()));
+ }
+ }
+
+ return new Tuple<>(timeField, grokString);
+ }
+ }
+}
diff --git a/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/JsonLogStructureFinder.java b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/JsonLogStructureFinder.java
new file mode 100644
index 0000000000000..98e8a0213fbef
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/JsonLogStructureFinder.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.ml.logstructurefinder;
+
+import org.elasticsearch.common.collect.Tuple;
+import org.elasticsearch.common.xcontent.DeprecationHandler;
+import org.elasticsearch.common.xcontent.NamedXContentRegistry;
+import org.elasticsearch.common.xcontent.XContentParser;
+import org.elasticsearch.xpack.ml.logstructurefinder.TimestampFormatFinder.TimestampMatch;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.SortedMap;
+import java.util.stream.Collectors;
+
+import static org.elasticsearch.common.xcontent.json.JsonXContent.jsonXContent;
+
+/**
+ * Really ND-JSON.
+ */
+public class JsonLogStructureFinder implements LogStructureFinder {
+
+ private final List sampleMessages;
+ private final LogStructure structure;
+
+ static JsonLogStructureFinder makeJsonLogStructureFinder(List explanation, String sample, String charsetName,
+ Boolean hasByteOrderMarker) throws IOException {
+
+ List> sampleRecords = new ArrayList<>();
+
+ List sampleMessages = Arrays.asList(sample.split("\n"));
+ for (String sampleMessage : sampleMessages) {
+ XContentParser parser = jsonXContent.createParser(NamedXContentRegistry.EMPTY, DeprecationHandler.THROW_UNSUPPORTED_OPERATION,
+ sampleMessage);
+ sampleRecords.add(parser.mapOrdered());
+ }
+
+ LogStructure.Builder structureBuilder = new LogStructure.Builder(LogStructure.Format.JSON)
+ .setCharset(charsetName)
+ .setHasByteOrderMarker(hasByteOrderMarker)
+ .setSampleStart(sampleMessages.stream().limit(2).collect(Collectors.joining("\n", "", "\n")))
+ .setNumLinesAnalyzed(sampleMessages.size())
+ .setNumMessagesAnalyzed(sampleRecords.size());
+
+ Tuple timeField = LogStructureUtils.guessTimestampField(explanation, sampleRecords);
+ if (timeField != null) {
+ structureBuilder.setTimestampField(timeField.v1())
+ .setTimestampFormats(timeField.v2().dateFormats)
+ .setNeedClientTimezone(timeField.v2().hasTimezoneDependentParsing());
+ }
+
+ SortedMap mappings = LogStructureUtils.guessMappings(explanation, sampleRecords);
+ mappings.put(LogStructureUtils.DEFAULT_TIMESTAMP_FIELD, Collections.singletonMap(LogStructureUtils.MAPPING_TYPE_SETTING, "date"));
+
+ LogStructure structure = structureBuilder
+ .setMappings(mappings)
+ .setExplanation(explanation)
+ .build();
+
+ return new JsonLogStructureFinder(sampleMessages, structure);
+ }
+
+ private JsonLogStructureFinder(List sampleMessages, LogStructure structure) {
+ this.sampleMessages = Collections.unmodifiableList(sampleMessages);
+ this.structure = structure;
+ }
+
+ @Override
+ public List getSampleMessages() {
+ return sampleMessages;
+ }
+
+ @Override
+ public LogStructure getStructure() {
+ return structure;
+ }
+}
diff --git a/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/JsonLogStructureFinderFactory.java b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/JsonLogStructureFinderFactory.java
new file mode 100644
index 0000000000000..c5da103eb0560
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/JsonLogStructureFinderFactory.java
@@ -0,0 +1,87 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.ml.logstructurefinder;
+
+import org.elasticsearch.common.xcontent.DeprecationHandler;
+import org.elasticsearch.common.xcontent.NamedXContentRegistry;
+import org.elasticsearch.common.xcontent.XContentParser;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.util.List;
+import java.util.Locale;
+
+import static org.elasticsearch.common.xcontent.json.JsonXContent.jsonXContent;
+
+public class JsonLogStructureFinderFactory implements LogStructureFinderFactory {
+
+ /**
+ * This format matches if the sample consists of one or more JSON documents.
+ * If there is more than one, they must be newline-delimited. The
+ * documents must be non-empty, to prevent lines containing "{}" from matching.
+ */
+ @Override
+ public boolean canCreateFromSample(List explanation, String sample) {
+
+ int completeDocCount = 0;
+
+ try {
+ String[] sampleLines = sample.split("\n");
+ for (String sampleLine : sampleLines) {
+ try (XContentParser parser = jsonXContent.createParser(NamedXContentRegistry.EMPTY,
+ DeprecationHandler.THROW_UNSUPPORTED_OPERATION, new ContextPrintingStringReader(sampleLine))) {
+
+ if (parser.map().isEmpty()) {
+ explanation.add("Not JSON because an empty object was parsed: [" + sampleLine + "]");
+ return false;
+ }
+ ++completeDocCount;
+ if (parser.nextToken() != null) {
+ explanation.add("Not newline delimited JSON because a line contained more than a single object: [" +
+ sampleLine + "]");
+ return false;
+ }
+ }
+ }
+ } catch (IOException | IllegalStateException e) {
+ explanation.add("Not JSON because there was a parsing exception: [" + e.getMessage().replaceAll("\\s?\r?\n\\s?", " ") + "]");
+ return false;
+ }
+
+ if (completeDocCount == 0) {
+ explanation.add("Not JSON because sample didn't contain a complete document");
+ return false;
+ }
+
+ explanation.add("Deciding sample is newline delimited JSON");
+ return true;
+ }
+
+ @Override
+ public LogStructureFinder createFromSample(List explanation, String sample, String charsetName, Boolean hasByteOrderMarker)
+ throws IOException {
+ return JsonLogStructureFinder.makeJsonLogStructureFinder(explanation, sample, charsetName, hasByteOrderMarker);
+ }
+
+ private static class ContextPrintingStringReader extends StringReader {
+
+ private final String str;
+
+ ContextPrintingStringReader(String str) {
+ super(str);
+ this.str = str;
+ }
+
+ @Override
+ public String toString() {
+ if (str.length() <= 80) {
+ return String.format(Locale.ROOT, "\"%s\"", str);
+ } else {
+ return String.format(Locale.ROOT, "\"%.77s...\"", str);
+ }
+ }
+ }
+}
diff --git a/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructure.java b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructure.java
new file mode 100644
index 0000000000000..64a00d20899c1
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructure.java
@@ -0,0 +1,614 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.ml.logstructurefinder;
+
+import org.elasticsearch.common.ParseField;
+import org.elasticsearch.common.xcontent.ObjectParser;
+import org.elasticsearch.common.xcontent.ToXContentObject;
+import org.elasticsearch.common.xcontent.XContentBuilder;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Objects;
+import java.util.SortedMap;
+import java.util.TreeMap;
+
+/**
+ * Stores the log file format determined by a {@link LogStructureFinder}.
+ */
+public class LogStructure implements ToXContentObject {
+
+ public enum Format {
+
+ JSON, XML, CSV, TSV, SEMI_COLON_SEPARATED_VALUES, PIPE_SEPARATED_VALUES, SEMI_STRUCTURED_TEXT;
+
+ public Character separator() {
+ switch (this) {
+ case JSON:
+ case XML:
+ return null;
+ case CSV:
+ return ',';
+ case TSV:
+ return '\t';
+ case SEMI_COLON_SEPARATED_VALUES:
+ return ';';
+ case PIPE_SEPARATED_VALUES:
+ return '|';
+ case SEMI_STRUCTURED_TEXT:
+ return null;
+ default:
+ throw new IllegalStateException("enum value [" + this + "] missing from switch.");
+ }
+ }
+
+ public boolean supportsNesting() {
+ switch (this) {
+ case JSON:
+ case XML:
+ return true;
+ case CSV:
+ case TSV:
+ case SEMI_COLON_SEPARATED_VALUES:
+ case PIPE_SEPARATED_VALUES:
+ case SEMI_STRUCTURED_TEXT:
+ return false;
+ default:
+ throw new IllegalStateException("enum value [" + this + "] missing from switch.");
+ }
+ }
+
+ public boolean isStructured() {
+ switch (this) {
+ case JSON:
+ case XML:
+ case CSV:
+ case TSV:
+ case SEMI_COLON_SEPARATED_VALUES:
+ case PIPE_SEPARATED_VALUES:
+ return true;
+ case SEMI_STRUCTURED_TEXT:
+ return false;
+ default:
+ throw new IllegalStateException("enum value [" + this + "] missing from switch.");
+ }
+ }
+
+ public boolean isSemiStructured() {
+ switch (this) {
+ case JSON:
+ case XML:
+ case CSV:
+ case TSV:
+ case SEMI_COLON_SEPARATED_VALUES:
+ case PIPE_SEPARATED_VALUES:
+ return false;
+ case SEMI_STRUCTURED_TEXT:
+ return true;
+ default:
+ throw new IllegalStateException("enum value [" + this + "] missing from switch.");
+ }
+ }
+
+ public boolean isSeparatedValues() {
+ switch (this) {
+ case JSON:
+ case XML:
+ return false;
+ case CSV:
+ case TSV:
+ case SEMI_COLON_SEPARATED_VALUES:
+ case PIPE_SEPARATED_VALUES:
+ return true;
+ case SEMI_STRUCTURED_TEXT:
+ return false;
+ default:
+ throw new IllegalStateException("enum value [" + this + "] missing from switch.");
+ }
+ }
+
+ public static Format fromSeparator(char separator) {
+ switch (separator) {
+ case ',':
+ return CSV;
+ case '\t':
+ return TSV;
+ case ';':
+ return SEMI_COLON_SEPARATED_VALUES;
+ case '|':
+ return PIPE_SEPARATED_VALUES;
+ default:
+ throw new IllegalArgumentException("No known format has separator [" + separator + "]");
+ }
+ }
+
+ public static Format fromString(String name) {
+ return valueOf(name.trim().toUpperCase(Locale.ROOT));
+ }
+
+ @Override
+ public String toString() {
+ return name().toLowerCase(Locale.ROOT);
+ }
+ }
+
+ static final ParseField NUM_LINES_ANALYZED = new ParseField("num_lines_analyzed");
+ static final ParseField NUM_MESSAGES_ANALYZED = new ParseField("num_messages_analyzed");
+ static final ParseField SAMPLE_START = new ParseField("sample_start");
+ static final ParseField CHARSET = new ParseField("charset");
+ static final ParseField HAS_BYTE_ORDER_MARKER = new ParseField("has_byte_order_marker");
+ static final ParseField STRUCTURE = new ParseField("format");
+ static final ParseField MULTILINE_START_PATTERN = new ParseField("multiline_start_pattern");
+ static final ParseField EXCLUDE_LINES_PATTERN = new ParseField("exclude_lines_pattern");
+ static final ParseField INPUT_FIELDS = new ParseField("input_fields");
+ static final ParseField HAS_HEADER_ROW = new ParseField("has_header_row");
+ static final ParseField SEPARATOR = new ParseField("separator");
+ static final ParseField SHOULD_TRIM_FIELDS = new ParseField("should_trim_fields");
+ static final ParseField GROK_PATTERN = new ParseField("grok_pattern");
+ static final ParseField TIMESTAMP_FIELD = new ParseField("timestamp_field");
+ static final ParseField TIMESTAMP_FORMATS = new ParseField("timestamp_formats");
+ static final ParseField NEED_CLIENT_TIMEZONE = new ParseField("need_client_timezone");
+ static final ParseField MAPPINGS = new ParseField("mappings");
+ static final ParseField EXPLANATION = new ParseField("explanation");
+
+ public static final ObjectParser PARSER = new ObjectParser<>("log_file_structure", false, Builder::new);
+
+ static {
+ PARSER.declareInt(Builder::setNumLinesAnalyzed, NUM_LINES_ANALYZED);
+ PARSER.declareInt(Builder::setNumMessagesAnalyzed, NUM_MESSAGES_ANALYZED);
+ PARSER.declareString(Builder::setSampleStart, SAMPLE_START);
+ PARSER.declareString(Builder::setCharset, CHARSET);
+ PARSER.declareBoolean(Builder::setHasByteOrderMarker, HAS_BYTE_ORDER_MARKER);
+ PARSER.declareString((p, c) -> p.setFormat(Format.fromString(c)), STRUCTURE);
+ PARSER.declareString(Builder::setMultilineStartPattern, MULTILINE_START_PATTERN);
+ PARSER.declareString(Builder::setExcludeLinesPattern, EXCLUDE_LINES_PATTERN);
+ PARSER.declareStringArray(Builder::setInputFields, INPUT_FIELDS);
+ PARSER.declareBoolean(Builder::setHasHeaderRow, HAS_HEADER_ROW);
+ PARSER.declareString((p, c) -> p.setSeparator(c.charAt(0)), SEPARATOR);
+ PARSER.declareBoolean(Builder::setShouldTrimFields, SHOULD_TRIM_FIELDS);
+ PARSER.declareString(Builder::setGrokPattern, GROK_PATTERN);
+ PARSER.declareString(Builder::setTimestampField, TIMESTAMP_FIELD);
+ PARSER.declareStringArray(Builder::setTimestampFormats, TIMESTAMP_FORMATS);
+ PARSER.declareBoolean(Builder::setNeedClientTimezone, NEED_CLIENT_TIMEZONE);
+ PARSER.declareObject(Builder::setMappings, (p, c) -> new TreeMap<>(p.map()), MAPPINGS);
+ PARSER.declareStringArray(Builder::setExplanation, EXPLANATION);
+ }
+
+ private final int numLinesAnalyzed;
+ private final int numMessagesAnalyzed;
+ private final String sampleStart;
+ private final String charset;
+ private final Boolean hasByteOrderMarker;
+ private final Format format;
+ private final String multilineStartPattern;
+ private final String excludeLinesPattern;
+ private final List inputFields;
+ private final Boolean hasHeaderRow;
+ private final Character separator;
+ private final Boolean shouldTrimFields;
+ private final String grokPattern;
+ private final List timestampFormats;
+ private final String timestampField;
+ private final boolean needClientTimezone;
+ private final SortedMap mappings;
+ private final List explanation;
+
+ public LogStructure(int numLinesAnalyzed, int numMessagesAnalyzed, String sampleStart, String charset, Boolean hasByteOrderMarker,
+ Format format, String multilineStartPattern, String excludeLinesPattern, List inputFields,
+ Boolean hasHeaderRow, Character separator, Boolean shouldTrimFields, String grokPattern, String timestampField,
+ List timestampFormats, boolean needClientTimezone, Map mappings,
+ List explanation) {
+
+ this.numLinesAnalyzed = numLinesAnalyzed;
+ this.numMessagesAnalyzed = numMessagesAnalyzed;
+ this.sampleStart = Objects.requireNonNull(sampleStart);
+ this.charset = Objects.requireNonNull(charset);
+ this.hasByteOrderMarker = hasByteOrderMarker;
+ this.format = Objects.requireNonNull(format);
+ this.multilineStartPattern = multilineStartPattern;
+ this.excludeLinesPattern = excludeLinesPattern;
+ this.inputFields = (inputFields == null) ? null : Collections.unmodifiableList(new ArrayList<>(inputFields));
+ this.hasHeaderRow = hasHeaderRow;
+ this.separator = separator;
+ this.shouldTrimFields = shouldTrimFields;
+ this.grokPattern = grokPattern;
+ this.timestampField = timestampField;
+ this.timestampFormats = (timestampFormats == null) ? null : Collections.unmodifiableList(new ArrayList<>(timestampFormats));
+ this.needClientTimezone = needClientTimezone;
+ this.mappings = Collections.unmodifiableSortedMap(new TreeMap<>(mappings));
+ this.explanation = Collections.unmodifiableList(new ArrayList<>(explanation));
+ }
+
+ public int getNumLinesAnalyzed() {
+ return numLinesAnalyzed;
+ }
+
+ public int getNumMessagesAnalyzed() {
+ return numMessagesAnalyzed;
+ }
+
+ public String getSampleStart() {
+ return sampleStart;
+ }
+
+ public String getCharset() {
+ return charset;
+ }
+
+ public Boolean getHasByteOrderMarker() {
+ return hasByteOrderMarker;
+ }
+
+ public Format getFormat() {
+ return format;
+ }
+
+ public String getMultilineStartPattern() {
+ return multilineStartPattern;
+ }
+
+ public String getExcludeLinesPattern() {
+ return excludeLinesPattern;
+ }
+
+ public List getInputFields() {
+ return inputFields;
+ }
+
+ public Boolean getHasHeaderRow() {
+ return hasHeaderRow;
+ }
+
+ public Character getSeparator() {
+ return separator;
+ }
+
+ public Boolean getShouldTrimFields() {
+ return shouldTrimFields;
+ }
+
+ public String getGrokPattern() {
+ return grokPattern;
+ }
+
+ public String getTimestampField() {
+ return timestampField;
+ }
+
+ public List getTimestampFormats() {
+ return timestampFormats;
+ }
+
+ public boolean needClientTimezone() {
+ return needClientTimezone;
+ }
+
+ public SortedMap getMappings() {
+ return mappings;
+ }
+
+ public List getExplanation() {
+ return explanation;
+ }
+
+ @Override
+ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
+
+ builder.startObject();
+ builder.field(NUM_LINES_ANALYZED.getPreferredName(), numLinesAnalyzed);
+ builder.field(NUM_MESSAGES_ANALYZED.getPreferredName(), numMessagesAnalyzed);
+ builder.field(SAMPLE_START.getPreferredName(), sampleStart);
+ builder.field(CHARSET.getPreferredName(), charset);
+ if (hasByteOrderMarker != null) {
+ builder.field(HAS_BYTE_ORDER_MARKER.getPreferredName(), hasByteOrderMarker.booleanValue());
+ }
+ builder.field(STRUCTURE.getPreferredName(), format);
+ if (multilineStartPattern != null && multilineStartPattern.isEmpty() == false) {
+ builder.field(MULTILINE_START_PATTERN.getPreferredName(), multilineStartPattern);
+ }
+ if (excludeLinesPattern != null && excludeLinesPattern.isEmpty() == false) {
+ builder.field(EXCLUDE_LINES_PATTERN.getPreferredName(), excludeLinesPattern);
+ }
+ if (inputFields != null && inputFields.isEmpty() == false) {
+ builder.field(INPUT_FIELDS.getPreferredName(), inputFields);
+ }
+ if (hasHeaderRow != null) {
+ builder.field(HAS_HEADER_ROW.getPreferredName(), hasHeaderRow.booleanValue());
+ }
+ if (separator != null) {
+ builder.field(SEPARATOR.getPreferredName(), String.valueOf(separator));
+ }
+ if (shouldTrimFields != null) {
+ builder.field(SHOULD_TRIM_FIELDS.getPreferredName(), shouldTrimFields.booleanValue());
+ }
+ if (grokPattern != null && grokPattern.isEmpty() == false) {
+ builder.field(GROK_PATTERN.getPreferredName(), grokPattern);
+ }
+ if (timestampField != null && timestampField.isEmpty() == false) {
+ builder.field(TIMESTAMP_FIELD.getPreferredName(), timestampField);
+ }
+ if (timestampFormats != null && timestampFormats.isEmpty() == false) {
+ builder.field(TIMESTAMP_FORMATS.getPreferredName(), timestampFormats);
+ }
+ builder.field(NEED_CLIENT_TIMEZONE.getPreferredName(), needClientTimezone);
+ builder.field(MAPPINGS.getPreferredName(), mappings);
+ builder.field(EXPLANATION.getPreferredName(), explanation);
+ builder.endObject();
+
+ return builder;
+ }
+
+ @Override
+ public int hashCode() {
+
+ return Objects.hash(numLinesAnalyzed, numMessagesAnalyzed, sampleStart, charset, hasByteOrderMarker, format,
+ multilineStartPattern, excludeLinesPattern, inputFields, hasHeaderRow, separator, shouldTrimFields, grokPattern, timestampField,
+ timestampFormats, needClientTimezone, mappings, explanation);
+ }
+
+ @Override
+ public boolean equals(Object other) {
+
+ if (this == other) {
+ return true;
+ }
+
+ if (other == null || getClass() != other.getClass()) {
+ return false;
+ }
+
+ LogStructure that = (LogStructure) other;
+ return this.numLinesAnalyzed == that.numLinesAnalyzed &&
+ this.numMessagesAnalyzed == that.numMessagesAnalyzed &&
+ this.needClientTimezone == that.needClientTimezone &&
+ Objects.equals(this.sampleStart, that.sampleStart) &&
+ Objects.equals(this.charset, that.charset) &&
+ Objects.equals(this.hasByteOrderMarker, that.hasByteOrderMarker) &&
+ Objects.equals(this.format, that.format) &&
+ Objects.equals(this.multilineStartPattern, that.multilineStartPattern) &&
+ Objects.equals(this.excludeLinesPattern, that.excludeLinesPattern) &&
+ Objects.equals(this.inputFields, that.inputFields) &&
+ Objects.equals(this.hasHeaderRow, that.hasHeaderRow) &&
+ Objects.equals(this.separator, that.separator) &&
+ Objects.equals(this.shouldTrimFields, that.shouldTrimFields) &&
+ Objects.equals(this.grokPattern, that.grokPattern) &&
+ Objects.equals(this.timestampField, that.timestampField) &&
+ Objects.equals(this.timestampFormats, that.timestampFormats) &&
+ Objects.equals(this.mappings, that.mappings) &&
+ Objects.equals(this.explanation, that.explanation);
+ }
+
+ public static class Builder {
+
+ private int numLinesAnalyzed;
+ private int numMessagesAnalyzed;
+ private String sampleStart;
+ private String charset;
+ private Boolean hasByteOrderMarker;
+ private Format format;
+ private String multilineStartPattern;
+ private String excludeLinesPattern;
+ private List inputFields;
+ private Boolean hasHeaderRow;
+ private Character separator;
+ private Boolean shouldTrimFields;
+ private String grokPattern;
+ private String timestampField;
+ private List timestampFormats;
+ private boolean needClientTimezone;
+ private Map mappings;
+ private List explanation;
+
+ public Builder() {
+ this(Format.SEMI_STRUCTURED_TEXT);
+ }
+
+ public Builder(Format format) {
+ setFormat(format);
+ }
+
+ public Builder setNumLinesAnalyzed(int numLinesAnalyzed) {
+ this.numLinesAnalyzed = numLinesAnalyzed;
+ return this;
+ }
+
+ public Builder setNumMessagesAnalyzed(int numMessagesAnalyzed) {
+ this.numMessagesAnalyzed = numMessagesAnalyzed;
+ return this;
+ }
+
+ public Builder setSampleStart(String sampleStart) {
+ this.sampleStart = Objects.requireNonNull(sampleStart);
+ return this;
+ }
+
+ public Builder setCharset(String charset) {
+ this.charset = Objects.requireNonNull(charset);
+ return this;
+ }
+
+ public Builder setHasByteOrderMarker(Boolean hasByteOrderMarker) {
+ this.hasByteOrderMarker = hasByteOrderMarker;
+ return this;
+ }
+
+ public Builder setFormat(Format format) {
+ this.format = Objects.requireNonNull(format);
+ this.separator = format.separator();
+ return this;
+ }
+
+ public Builder setMultilineStartPattern(String multilineStartPattern) {
+ this.multilineStartPattern = multilineStartPattern;
+ return this;
+ }
+
+ public Builder setExcludeLinesPattern(String excludeLinesPattern) {
+ this.excludeLinesPattern = excludeLinesPattern;
+ return this;
+ }
+
+ public Builder setInputFields(List inputFields) {
+ this.inputFields = inputFields;
+ return this;
+ }
+
+ public Builder setHasHeaderRow(Boolean hasHeaderRow) {
+ this.hasHeaderRow = hasHeaderRow;
+ return this;
+ }
+
+ public Builder setShouldTrimFields(Boolean shouldTrimFields) {
+ this.shouldTrimFields = shouldTrimFields;
+ return this;
+ }
+
+ public Builder setSeparator(Character separator) {
+ this.separator = separator;
+ return this;
+ }
+
+ public Builder setGrokPattern(String grokPattern) {
+ this.grokPattern = grokPattern;
+ return this;
+ }
+
+ public Builder setTimestampField(String timestampField) {
+ this.timestampField = timestampField;
+ return this;
+ }
+
+ public Builder setTimestampFormats(List timestampFormats) {
+ this.timestampFormats = timestampFormats;
+ return this;
+ }
+
+ public Builder setNeedClientTimezone(boolean needClientTimezone) {
+ this.needClientTimezone = needClientTimezone;
+ return this;
+ }
+
+ public Builder setMappings(Map mappings) {
+ this.mappings = Objects.requireNonNull(mappings);
+ return this;
+ }
+
+ public Builder setExplanation(List explanation) {
+ this.explanation = Objects.requireNonNull(explanation);
+ return this;
+ }
+
+ @SuppressWarnings("fallthrough")
+ public LogStructure build() {
+
+ if (numLinesAnalyzed <= 0) {
+ throw new IllegalArgumentException("Number of lines analyzed must be positive.");
+ }
+
+ if (numMessagesAnalyzed <= 0) {
+ throw new IllegalArgumentException("Number of messages analyzed must be positive.");
+ }
+
+ if (numMessagesAnalyzed > numLinesAnalyzed) {
+ throw new IllegalArgumentException("Number of messages analyzed cannot be greater than number of lines analyzed.");
+ }
+
+ if (sampleStart == null || sampleStart.isEmpty()) {
+ throw new IllegalArgumentException("Sample start must be specified.");
+ }
+
+ if (charset == null || charset.isEmpty()) {
+ throw new IllegalArgumentException("A character set must be specified.");
+ }
+
+ if (charset.toUpperCase(Locale.ROOT).startsWith("UTF") == false && hasByteOrderMarker != null) {
+ throw new IllegalArgumentException("A byte order marker is only possible for UTF character sets.");
+ }
+
+ switch (format) {
+ case JSON:
+ if (shouldTrimFields != null) {
+ throw new IllegalArgumentException("Should trim fields may not be specified for [" + format + "] structures.");
+ }
+ // $FALL-THROUGH$
+ case XML:
+ if (hasHeaderRow != null) {
+ throw new IllegalArgumentException("Has header row may not be specified for [" + format + "] structures.");
+ }
+ if (separator != null) {
+ throw new IllegalArgumentException("Separator may not be specified for [" + format + "] structures.");
+ }
+ if (grokPattern != null) {
+ throw new IllegalArgumentException("Grok pattern may not be specified for [" + format + "] structures.");
+ }
+ break;
+ case CSV:
+ case TSV:
+ case SEMI_COLON_SEPARATED_VALUES:
+ case PIPE_SEPARATED_VALUES:
+ if (inputFields == null || inputFields.isEmpty()) {
+ throw new IllegalArgumentException("Input fields must be specified for [" + format + "] structures.");
+ }
+ if (hasHeaderRow == null) {
+ throw new IllegalArgumentException("Has header row must be specified for [" + format + "] structures.");
+ }
+ Character expectedSeparator = format.separator();
+ assert expectedSeparator != null;
+ if (expectedSeparator.equals(separator) == false) {
+ throw new IllegalArgumentException("Separator must be [" + expectedSeparator + "] for [" + format +
+ "] structures.");
+ }
+ if (grokPattern != null) {
+ throw new IllegalArgumentException("Grok pattern may not be specified for [" + format + "] structures.");
+ }
+ break;
+ case SEMI_STRUCTURED_TEXT:
+ if (inputFields != null) {
+ throw new IllegalArgumentException("Input fields may not be specified for [" + format + "] structures.");
+ }
+ if (hasHeaderRow != null) {
+ throw new IllegalArgumentException("Has header row may not be specified for [" + format + "] structures.");
+ }
+ if (separator != null) {
+ throw new IllegalArgumentException("Separator may not be specified for [" + format + "] structures.");
+ }
+ if (shouldTrimFields != null) {
+ throw new IllegalArgumentException("Should trim fields may not be specified for [" + format + "] structures.");
+ }
+ if (grokPattern == null || grokPattern.isEmpty()) {
+ throw new IllegalArgumentException("Grok pattern must be specified for [" + format + "] structures.");
+ }
+ break;
+ default:
+ throw new IllegalStateException("enum value [" + format + "] missing from switch.");
+ }
+
+ if ((timestampField == null) != (timestampFormats == null || timestampFormats.isEmpty())) {
+ throw new IllegalArgumentException("Timestamp field and timestamp formats must both be specified or neither be specified.");
+ }
+
+ if (needClientTimezone && timestampField == null) {
+ throw new IllegalArgumentException("Client timezone cannot be needed if there is no timestamp field.");
+ }
+
+ if (mappings == null || mappings.isEmpty()) {
+ throw new IllegalArgumentException("Mappings must be specified.");
+ }
+
+ if (explanation == null || explanation.isEmpty()) {
+ throw new IllegalArgumentException("Explanation must be specified.");
+ }
+
+ return new LogStructure(numLinesAnalyzed, numMessagesAnalyzed, sampleStart, charset, hasByteOrderMarker, format,
+ multilineStartPattern, excludeLinesPattern, inputFields, hasHeaderRow, separator, shouldTrimFields, grokPattern,
+ timestampField, timestampFormats, needClientTimezone, mappings, explanation);
+ }
+ }
+}
diff --git a/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureFinder.java b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureFinder.java
new file mode 100644
index 0000000000000..ea2e9efc5fb34
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureFinder.java
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.ml.logstructurefinder;
+
+import java.util.List;
+
+public interface LogStructureFinder {
+
+ /**
+ * The (possibly multi-line) messages that the log sample was split into.
+ * @return A list of messages.
+ */
+ List getSampleMessages();
+
+ /**
+ * Retrieve the structure of the log file used to instantiate the finder.
+ * @return The log file structure.
+ */
+ LogStructure getStructure();
+}
diff --git a/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureFinderFactory.java b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureFinderFactory.java
new file mode 100644
index 0000000000000..af322ee4bf0e0
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureFinderFactory.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.ml.logstructurefinder;
+
+import java.util.List;
+
+public interface LogStructureFinderFactory {
+
+ /**
+ * Given a sample of a log file, decide whether this factory will be able
+ * to create an appropriate object to represent its ingestion configs.
+ * @param explanation List of reasons for making decisions. May contain items when passed and new reasons
+ * can be appended by this method.
+ * @param sample A sample from the log file to be ingested.
+ * @return true if this factory can create an appropriate log
+ * file structure given the sample; otherwise false.
+ */
+ boolean canCreateFromSample(List explanation, String sample);
+
+ /**
+ * Create an object representing the structure of a log file.
+ * @param explanation List of reasons for making decisions. May contain items when passed and new reasons
+ * can be appended by this method.
+ * @param sample A sample from the log file to be ingested.
+ * @param charsetName The name of the character set in which the sample was provided.
+ * @param hasByteOrderMarker Did the sample have a byte order marker? null means "not relevant".
+ * @return A log file structure object suitable for ingesting the supplied sample.
+ * @throws Exception if something goes wrong during creation.
+ */
+ LogStructureFinder createFromSample(List explanation, String sample, String charsetName, Boolean hasByteOrderMarker)
+ throws Exception;
+}
diff --git a/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureFinderManager.java b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureFinderManager.java
new file mode 100644
index 0000000000000..7f18445e505e3
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureFinderManager.java
@@ -0,0 +1,232 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.ml.logstructurefinder;
+
+import com.ibm.icu.text.CharsetDetector;
+import com.ibm.icu.text.CharsetMatch;
+import org.elasticsearch.common.collect.Tuple;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Reader;
+import java.nio.charset.Charset;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Locale;
+import java.util.Optional;
+import java.util.Set;
+
+/**
+ * Runs the high-level steps needed to create ingest configs for the specified log file. In order:
+ * 1. Determine the most likely character set (UTF-8, UTF-16LE, ISO-8859-2, etc.)
+ * 2. Load a sample of the file, consisting of the first 1000 lines of the file
+ * 3. Determine the most likely file structure - one of ND-JSON, XML, CSV, TSV or semi-structured text
+ * 4. Create an appropriate structure object and delegate writing configs to it
+ */
+public final class LogStructureFinderManager {
+
+ public static final int MIN_SAMPLE_LINE_COUNT = 2;
+
+ static final Set FILEBEAT_SUPPORTED_ENCODINGS = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
+ "866", "ansi_x3.4-1968", "arabic", "ascii", "asmo-708", "big5", "big5-hkscs", "chinese", "cn-big5", "cp1250", "cp1251", "cp1252",
+ "cp1253", "cp1254", "cp1255", "cp1256", "cp1257", "cp1258", "cp819", "cp866", "csbig5", "cseuckr", "cseucpkdfmtjapanese",
+ "csgb2312", "csibm866", "csiso2022jp", "csiso2022kr", "csiso58gb231280", "csiso88596e", "csiso88596i", "csiso88598e", "csiso88598i",
+ "csisolatin1", "csisolatin2", "csisolatin3", "csisolatin4", "csisolatin5", "csisolatin6", "csisolatin9", "csisolatinarabic",
+ "csisolatincyrillic", "csisolatingreek", "csisolatinhebrew", "cskoi8r", "csksc56011987", "csmacintosh", "csshiftjis", "cyrillic",
+ "dos-874", "ecma-114", "ecma-118", "elot_928", "euc-jp", "euc-kr", "gb18030", "gb2312", "gb_2312", "gb_2312-80", "gbk", "greek",
+ "greek8", "hebrew", "hz-gb-2312", "ibm819", "ibm866", "iso-2022-cn", "iso-2022-cn-ext", "iso-2022-jp", "iso-2022-kr", "iso-8859-1",
+ "iso-8859-10", "iso-8859-11", "iso-8859-13", "iso-8859-14", "iso-8859-15", "iso-8859-16", "iso-8859-2", "iso-8859-3", "iso-8859-4",
+ "iso-8859-5", "iso-8859-6", "iso-8859-6-e", "iso-8859-6-i", "iso-8859-7", "iso-8859-8", "iso-8859-8-e", "iso-8859-8-i",
+ "iso-8859-9", "iso-ir-100", "iso-ir-101", "iso-ir-109", "iso-ir-110", "iso-ir-126", "iso-ir-127", "iso-ir-138", "iso-ir-144",
+ "iso-ir-148", "iso-ir-149", "iso-ir-157", "iso-ir-58", "iso8859-1", "iso8859-10", "iso8859-11", "iso8859-13", "iso8859-14",
+ "iso8859-15", "iso8859-2", "iso8859-3", "iso8859-4", "iso8859-5", "iso8859-6", "iso8859-6e", "iso8859-6i", "iso8859-7", "iso8859-8",
+ "iso8859-8e", "iso8859-8i", "iso8859-9", "iso88591", "iso885910", "iso885911", "iso885913", "iso885914", "iso885915", "iso88592",
+ "iso88593", "iso88594", "iso88595", "iso88596", "iso88597", "iso88598", "iso88599", "iso_8859-1", "iso_8859-15", "iso_8859-1:1987",
+ "iso_8859-2", "iso_8859-2:1987", "iso_8859-3", "iso_8859-3:1988", "iso_8859-4", "iso_8859-4:1988", "iso_8859-5", "iso_8859-5:1988",
+ "iso_8859-6", "iso_8859-6:1987", "iso_8859-7", "iso_8859-7:1987", "iso_8859-8", "iso_8859-8:1988", "iso_8859-9", "iso_8859-9:1989",
+ "koi", "koi8", "koi8-r", "koi8-ru", "koi8-u", "koi8_r", "korean", "ks_c_5601-1987", "ks_c_5601-1989", "ksc5601", "ksc_5601", "l1",
+ "l2", "l3", "l4", "l5", "l6", "l9", "latin1", "latin2", "latin3", "latin4", "latin5", "latin6", "logical", "mac", "macintosh",
+ "ms932", "ms_kanji", "shift-jis", "shift_jis", "sjis", "sun_eu_greek", "tis-620", "unicode-1-1-utf-8", "us-ascii", "utf-16",
+ "utf-16-bom", "utf-16be", "utf-16be-bom", "utf-16le", "utf-16le-bom", "utf-8", "utf8", "visual", "windows-1250", "windows-1251",
+ "windows-1252", "windows-1253", "windows-1254", "windows-1255", "windows-1256", "windows-1257", "windows-1258", "windows-31j",
+ "windows-874", "windows-949", "x-cp1250", "x-cp1251", "x-cp1252", "x-cp1253", "x-cp1254", "x-cp1255", "x-cp1256", "x-cp1257",
+ "x-cp1258", "x-euc-jp", "x-gbk", "x-mac-cyrillic", "x-mac-roman", "x-mac-ukrainian", "x-sjis", "x-x-big5"
+ )));
+
+ /**
+ * These need to be ordered so that the more generic formats come after the more specific ones
+ */
+ private static final List ORDERED_STRUCTURE_FACTORIES = Collections.unmodifiableList(Arrays.asList(
+ new JsonLogStructureFinderFactory(),
+ new XmlLogStructureFinderFactory(),
+ // ND-JSON will often also be valid (although utterly weird) CSV, so JSON must come before CSV
+ new CsvLogStructureFinderFactory(),
+ new TsvLogStructureFinderFactory(),
+ new SemiColonSeparatedValuesLogStructureFinderFactory(),
+ new PipeSeparatedValuesLogStructureFinderFactory(),
+ new TextLogStructureFinderFactory()
+ ));
+
+ private static final int BUFFER_SIZE = 8192;
+
+ /**
+ * Given a stream of data from some log file, determine its structure.
+ * @param idealSampleLineCount Ideally, how many lines from the stream will be read to determine the structure?
+ * If the stream has fewer lines then an attempt will still be made, providing at
+ * least {@link #MIN_SAMPLE_LINE_COUNT} lines can be read.
+ * @param fromFile A stream from which the sample will be read.
+ * @return A {@link LogStructureFinder} object from which the structure and messages can be queried.
+ * @throws Exception A variety of problems could occur at various stages of the structure finding process.
+ */
+ public LogStructureFinder findLogStructure(int idealSampleLineCount, InputStream fromFile) throws Exception {
+ return findLogStructure(new ArrayList<>(), idealSampleLineCount, fromFile);
+ }
+
+ public LogStructureFinder findLogStructure(List explanation, int idealSampleLineCount, InputStream fromFile)
+ throws Exception {
+
+ CharsetMatch charsetMatch = findCharset(explanation, fromFile);
+ String charsetName = charsetMatch.getName();
+
+ Tuple sampleInfo = sampleFile(charsetMatch.getReader(), charsetName, MIN_SAMPLE_LINE_COUNT,
+ Math.max(MIN_SAMPLE_LINE_COUNT, idealSampleLineCount));
+
+ return makeBestStructureFinder(explanation, sampleInfo.v1(), charsetName, sampleInfo.v2());
+ }
+
+ CharsetMatch findCharset(List explanation, InputStream inputStream) throws Exception {
+
+ // We need an input stream that supports mark and reset, so wrap the argument
+ // in a BufferedInputStream if it doesn't already support this feature
+ if (inputStream.markSupported() == false) {
+ inputStream = new BufferedInputStream(inputStream, BUFFER_SIZE);
+ }
+
+ // This is from ICU4J
+ CharsetDetector charsetDetector = new CharsetDetector().setText(inputStream);
+ CharsetMatch[] charsetMatches = charsetDetector.detectAll();
+
+ // Determine some extra characteristics of the input to compensate for some deficiencies of ICU4J
+ boolean pureAscii = true;
+ boolean containsZeroBytes = false;
+ inputStream.mark(BUFFER_SIZE);
+ byte[] workspace = new byte[BUFFER_SIZE];
+ int remainingLength = BUFFER_SIZE;
+ do {
+ int bytesRead = inputStream.read(workspace, 0, remainingLength);
+ if (bytesRead <= 0) {
+ break;
+ }
+ for (int i = 0; i < bytesRead && containsZeroBytes == false; ++i) {
+ if (workspace[i] == 0) {
+ containsZeroBytes = true;
+ pureAscii = false;
+ } else {
+ pureAscii = pureAscii && workspace[i] > 0 && workspace[i] < 128;
+ }
+ }
+ remainingLength -= bytesRead;
+ } while (containsZeroBytes == false && remainingLength > 0);
+ inputStream.reset();
+
+ if (pureAscii) {
+ // If the input is pure ASCII then many single byte character sets will match. We want to favour
+ // UTF-8 in this case, as it avoids putting a bold declaration of a dubious character set choice
+ // in the config files.
+ Optional utf8CharsetMatch = Arrays.stream(charsetMatches)
+ .filter(charsetMatch -> StandardCharsets.UTF_8.name().equals(charsetMatch.getName())).findFirst();
+ if (utf8CharsetMatch.isPresent()) {
+ explanation.add("Using character encoding [" + StandardCharsets.UTF_8.name() +
+ "], which matched the input with [" + utf8CharsetMatch.get().getConfidence() + "%] confidence - first [" +
+ (BUFFER_SIZE / 1024) + "kB] of input was pure ASCII");
+ return utf8CharsetMatch.get();
+ }
+ }
+
+ // Input wasn't pure ASCII, so use the best matching character set that's supported by both Java and Go.
+ // Additionally, if the input contains zero bytes then avoid single byte character sets, as ICU4J will
+ // suggest these for binary files but then
+ for (CharsetMatch charsetMatch : charsetMatches) {
+ String name = charsetMatch.getName();
+ if (Charset.isSupported(name) && FILEBEAT_SUPPORTED_ENCODINGS.contains(name.toLowerCase(Locale.ROOT))) {
+
+ // This extra test is to avoid trying to read binary files as text. Running the log config
+ // deduction algorithms on binary files is very slow as the binary files generally appear to
+ // have very long lines.
+ boolean spaceEncodingContainsZeroByte = false;
+ byte[] spaceBytes = " ".getBytes(name);
+ for (int i = 0; i < spaceBytes.length && spaceEncodingContainsZeroByte == false; ++i) {
+ spaceEncodingContainsZeroByte = (spaceBytes[i] == 0);
+ }
+ if (containsZeroBytes && spaceEncodingContainsZeroByte == false) {
+ explanation.add("Character encoding [" + name + "] matched the input with [" + charsetMatch.getConfidence() +
+ "%] confidence but was rejected as the input contains zero bytes and the [" + name + "] encoding does not");
+ } else {
+ explanation.add("Using character encoding [" + name + "], which matched the input with [" +
+ charsetMatch.getConfidence() + "%] confidence");
+ return charsetMatch;
+ }
+ } else {
+ explanation.add("Character encoding [" + name + "] matched the input with [" + charsetMatch.getConfidence() +
+ "%] confidence but was rejected as it is not supported by [" +
+ (Charset.isSupported(name) ? "Filebeat" : "the JVM") + "]");
+ }
+ }
+
+ throw new IllegalArgumentException("Could not determine a usable character encoding for the input" +
+ (containsZeroBytes ? " - could it be binary data?" : ""));
+ }
+
+ LogStructureFinder makeBestStructureFinder(List explanation, String sample, String charsetName, Boolean hasByteOrderMarker)
+ throws Exception {
+
+ for (LogStructureFinderFactory factory : ORDERED_STRUCTURE_FACTORIES) {
+ if (factory.canCreateFromSample(explanation, sample)) {
+ return factory.createFromSample(explanation, sample, charsetName, hasByteOrderMarker);
+ }
+ }
+ throw new IllegalArgumentException("Input did not match any known formats");
+ }
+
+ private Tuple sampleFile(Reader reader, String charsetName, int minLines, int maxLines) throws IOException {
+
+ int lineCount = 0;
+ BufferedReader bufferedReader = new BufferedReader(reader);
+ StringBuilder sample = new StringBuilder();
+
+ // Don't include any byte-order-marker in the sample. (The logic to skip it works for both
+ // UTF-8 and UTF-16 assuming the character set of the reader was correctly detected.)
+ Boolean hasByteOrderMarker = null;
+ if (charsetName.toUpperCase(Locale.ROOT).startsWith("UTF")) {
+ int maybeByteOrderMarker = reader.read();
+ hasByteOrderMarker = ((char) maybeByteOrderMarker == '\uFEFF');
+ if (maybeByteOrderMarker >= 0 && hasByteOrderMarker == false && (char) maybeByteOrderMarker != '\r')
+ {
+ sample.appendCodePoint(maybeByteOrderMarker);
+ if ((char) maybeByteOrderMarker == '\n') {
+ ++lineCount;
+ }
+ }
+ }
+
+ String line;
+ while ((line = bufferedReader.readLine()) != null && ++lineCount <= maxLines) {
+ sample.append(line).append('\n');
+ }
+
+ if (lineCount < minLines) {
+ throw new IllegalArgumentException("Input contained too few lines to sample");
+ }
+
+ return new Tuple<>(sample.toString(), hasByteOrderMarker);
+ }
+}
diff --git a/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureUtils.java b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureUtils.java
new file mode 100644
index 0000000000000..b1dfee22ee64a
--- /dev/null
+++ b/x-pack/plugin/ml/log-structure-finder/src/main/java/org/elasticsearch/xpack/ml/logstructurefinder/LogStructureUtils.java
@@ -0,0 +1,238 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.ml.logstructurefinder;
+
+import org.elasticsearch.common.collect.Tuple;
+import org.elasticsearch.grok.Grok;
+import org.elasticsearch.xpack.ml.logstructurefinder.TimestampFormatFinder.TimestampMatch;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.SortedMap;
+import java.util.TreeMap;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+final class LogStructureUtils {
+
+ static final String DEFAULT_TIMESTAMP_FIELD = "@timestamp";
+ static final String MAPPING_TYPE_SETTING = "type";
+ static final String MAPPING_FORMAT_SETTING = "format";
+ static final String MAPPING_PROPERTIES_SETTING = "properties";
+
+ // NUMBER Grok pattern doesn't support scientific notation, so we extend it
+ private static final Grok NUMBER_GROK = new Grok(Grok.getBuiltinPatterns(), "^%{NUMBER}(?:[eE][+-]?[0-3]?[0-9]{1,2})?$");
+ private static final Grok IP_GROK = new Grok(Grok.getBuiltinPatterns(), "^%{IP}$");
+ private static final int KEYWORD_MAX_LEN = 256;
+ private static final int KEYWORD_MAX_SPACES = 5;
+
+ private LogStructureUtils() {
+ }
+
+ /**
+ * Given one or more sample records, find a timestamp field that is consistently present in them all.
+ * To be returned the timestamp field:
+ * - Must exist in every record
+ * - Must have the same timestamp format in every record
+ * If multiple fields meet these criteria then the one that occurred first in the first sample record
+ * is chosen.
+ * @param explanation List of reasons for choosing the overall log structure. This list
+ * may be non-empty when the method is called, and this method may
+ * append to it.
+ * @param sampleRecords List of records derived from the provided log sample.
+ * @return A tuple of (field name, timestamp format) if one can be found, or null if
+ * there is no consistent timestamp.
+ */
+ static Tuple guessTimestampField(List explanation, List> sampleRecords) {
+ if (sampleRecords.isEmpty()) {
+ return null;
+ }
+
+ // Accept the first match from the first sample that is compatible with all the other samples
+ for (Tuple candidate : findCandidates(explanation, sampleRecords)) {
+
+ boolean allGood = true;
+ for (Map sampleRecord : sampleRecords.subList(1, sampleRecords.size())) {
+ Object fieldValue = sampleRecord.get(candidate.v1());
+ if (fieldValue == null) {
+ explanation.add("First sample match [" + candidate.v1() + "] ruled out because record [" + sampleRecord +
+ "] doesn't have field");
+ allGood = false;
+ break;
+ }
+
+ TimestampMatch match = TimestampFormatFinder.findFirstFullMatch(fieldValue.toString());
+ if (match == null || match.candidateIndex != candidate.v2().candidateIndex) {
+ explanation.add("First sample match [" + candidate.v1() + "] ruled out because record [" + sampleRecord +
+ "] matches differently: [" + match + "]");
+ allGood = false;
+ break;
+ }
+ }
+
+ if (allGood) {
+ explanation.add("Guessing timestamp field is [" + candidate.v1() + "] with format [" + candidate.v2() + "]");
+ return candidate;
+ }
+ }
+
+ return null;
+ }
+
+ private static List> findCandidates(List explanation, List> sampleRecords) {
+
+ List> candidates = new ArrayList<>();
+
+ // Get candidate timestamps from the first sample record
+ for (Map.Entry entry : sampleRecords.get(0).entrySet()) {
+ Object value = entry.getValue();
+ if (value != null) {
+ TimestampMatch match = TimestampFormatFinder.findFirstFullMatch(value.toString());
+ if (match != null) {
+ Tuple candidate = new Tuple<>(entry.getKey(), match);
+ candidates.add(candidate);
+ explanation.add("First sample timestamp match [" + candidate + "]");
+ }
+ }
+ }
+
+ return candidates;
+ }
+
+ /**
+ * Given the sampled records, guess appropriate Elasticsearch mappings.
+ * @param sampleRecords The sampled records.
+ * @return A map of field name to mapping settings.
+ */
+ static SortedMap guessMappings(List explanation, List> sampleRecords) {
+
+ SortedMap mappings = new TreeMap<>();
+
+ for (Map sampleRecord : sampleRecords) {
+ for (String fieldName : sampleRecord.keySet()) {
+ mappings.computeIfAbsent(fieldName, key -> guessMapping(explanation, fieldName,
+ sampleRecords.stream().flatMap(record -> {
+ Object fieldValue = record.get(fieldName);
+ return (fieldValue == null) ? Stream.empty() : Stream.of(fieldValue);
+ }
+ ).collect(Collectors.toList())));
+ }
+ }
+
+ return mappings;
+ }
+
+ static Map guessMapping(List explanation, String fieldName, List