Elasticsearch: Fix processing of raw_data with not-recognized time format #78262
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
matyax
reviewed
Nov 16, 2023
ivanahuckova
added a commit
that referenced
this pull request
Nov 20, 2023
…ed time format (#78380) Elasticsearch: Fix processing of raw_data with not-recognized time format (#78262) * Elasticsearch: Fix non-standard time field in raw data queries * Update snapshot tests * Refactor (cherry picked from commit 28f4c3e) Co-authored-by: Ivana Huckova <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is pretty much the same as #67767 where we fixed processing of
logsqueries with not-recognized time format. At that time, I did not realized that this is going to be an issue forraw_dataqueries as well. Therefore in this PR, we are fixing processing of unrecognized time formats forraw_dataqueries. Forraw_documentqueries this is not needed as we are not parsing time field.More detailed information:
This is a bug fix for processing time field in ES on backend, when time field uses format that golang does not recognize (e.g. MM/DD/YYY, unix timestamp with nanoseconds decimal point, ...). To fix this for
raw_dataqueries, we are usingfieldsto get time field instrict_date_optional_time_nanosformat that is recognizable by golang and also supports nanosecond precision.To test this:
make devenv sources=elasticenableElasticsearchBackendQueryingis set totruehttps://localhost:9200and for time field add@timestamp_custom.raw_dataquery - you should not seenullvalues in time column@timestamp,@timestamp_unix,@timestamp_nanosto ensure all formats work as expected.Fixed:
Current main (broken):
Fixes: #77114