diff --git a/docs/changelog/120267.yaml b/docs/changelog/120267.yaml new file mode 100644 index 0000000000000..66a30717429c8 --- /dev/null +++ b/docs/changelog/120267.yaml @@ -0,0 +1,16 @@ +pr: 120267 +summary: Set allow_partial_search_results=true by default +area: EQL +type: breaking +issues: [] +breaking: + title: Set allow_partial_search_results=true by default + area: REST API + details: + Before this change, in case of shard failures, EQL queries always returned an error. + With this change, they will keep running and will return partial results. + impact: + EQL queries that would previously fail due to shard failures, will now succeed and return partial results. + The previous defaults can be restored by setting `xpack.eql.default_allow_partial_results` cluster setting to `false` + or setting with `allow_partial_search_results` to `false` in the query request. + notable: false diff --git a/docs/reference/eql/eql-search-api.asciidoc b/docs/reference/eql/eql-search-api.asciidoc index 544e4d7325c5b..e3203163aa818 100644 --- a/docs/reference/eql/eql-search-api.asciidoc +++ b/docs/reference/eql/eql-search-api.asciidoc @@ -102,10 +102,10 @@ If `false`, the request returns an error if one or more shards involved in the q If `true`, the query is executed only on the available shards, ignoring shard request timeouts and <>. + -Defaults to `false`. +Defaults to `true`. + To override the default for this field, set the -`xpack.eql.default_allow_partial_results` cluster setting to `true`. +`xpack.eql.default_allow_partial_results` cluster setting to `false`. [IMPORTANT] diff --git a/rest-api-spec/src/main/resources/rest-api-spec/api/eql.search.json b/rest-api-spec/src/main/resources/rest-api-spec/api/eql.search.json index 0f9af508f4c16..0b1a7ad5a38d3 100644 --- a/rest-api-spec/src/main/resources/rest-api-spec/api/eql.search.json +++ b/rest-api-spec/src/main/resources/rest-api-spec/api/eql.search.json @@ -45,7 +45,7 @@ "allow_partial_search_results": { "type":"boolean", "description":"Control whether the query should keep running in case of shard failures, and return partial results", - "default":false + "default":true }, "allow_partial_sequence_results": { "type":"boolean", diff --git a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java index 3557114e2f4c7..05ba6762ec3ad 100644 --- a/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java +++ b/x-pack/plugin/eql/qa/common/src/main/java/org/elasticsearch/test/eql/BaseEqlSpecTestCase.java @@ -187,29 +187,29 @@ protected ObjectPath runQuery(String index, String query) throws Exception { builder.field("max_samples_per_key", maxSamplesPerKey); } boolean allowPartialResultsInBody = randomBoolean(); - if (allowPartialSearchResults != null) { - if (allowPartialResultsInBody) { + + if (allowPartialResultsInBody) { + if (allowPartialSearchResults != null) { builder.field("allow_partial_search_results", String.valueOf(allowPartialSearchResults)); - if (allowPartialSequenceResults != null) { - builder.field("allow_partial_sequence_results", String.valueOf(allowPartialSequenceResults)); - } - } else { - // these will be overwritten by the path params, that have higher priority than the query (JSON body) params - if (allowPartialSearchResults != null) { - builder.field("allow_partial_search_results", randomBoolean()); - } - if (allowPartialSequenceResults != null) { - builder.field("allow_partial_sequence_results", randomBoolean()); - } + } else if (randomBoolean()) { + builder.field("allow_partial_search_results", true); + } + if (allowPartialSequenceResults != null) { + builder.field("allow_partial_sequence_results", String.valueOf(allowPartialSequenceResults)); + } else if (randomBoolean()) { + builder.field("allow_partial_sequence_results", false); } } else { - // Tests that don't specify a setting for these parameters should always pass. - // These params should be irrelevant. - if (randomBoolean()) { + // these will be overwritten by the path params, that have higher priority than the query (JSON body) params + if (allowPartialSearchResults != null) { builder.field("allow_partial_search_results", randomBoolean()); + } else if (randomBoolean()) { + builder.field("allow_partial_search_results", true); } - if (randomBoolean()) { + if (allowPartialSequenceResults != null) { builder.field("allow_partial_sequence_results", randomBoolean()); + } else if (randomBoolean()) { + builder.field("allow_partial_sequence_results", false); } } builder.endObject(); @@ -219,23 +219,17 @@ protected ObjectPath runQuery(String index, String query) throws Exception { if (ccsMinimizeRoundtrips != null) { request.addParameter("ccs_minimize_roundtrips", ccsMinimizeRoundtrips.toString()); } - if (allowPartialSearchResults != null) { - if (allowPartialResultsInBody == false) { + if (allowPartialResultsInBody == false) { + if (allowPartialSearchResults != null) { request.addParameter("allow_partial_search_results", String.valueOf(allowPartialSearchResults)); - if (allowPartialSequenceResults != null) { - request.addParameter("allow_partial_sequence_results", String.valueOf(allowPartialSequenceResults)); - } + } else if (randomBoolean()) { + request.addParameter("allow_partial_search_results", String.valueOf(true)); } - } else { - // Tests that don't specify a setting for these parameters should always pass. - // These params should be irrelevant. - if (randomBoolean()) { - request.addParameter("allow_partial_search_results", String.valueOf(randomBoolean())); - } - if (randomBoolean()) { - request.addParameter("allow_partial_sequence_results", String.valueOf(randomBoolean())); + if (allowPartialSequenceResults != null) { + request.addParameter("allow_partial_sequence_results", String.valueOf(allowPartialSequenceResults)); } } + int timeout = Math.toIntExact(timeout().millis()); RequestConfig config = RequestConfig.copy(RequestConfig.DEFAULT) .setConnectionRequestTimeout(timeout) diff --git a/x-pack/plugin/eql/qa/common/src/main/resources/test_failing_shards.toml b/x-pack/plugin/eql/qa/common/src/main/resources/test_failing_shards.toml index a551c66fd48bd..dd0638a7e6e79 100644 --- a/x-pack/plugin/eql/qa/common/src/main/resources/test_failing_shards.toml +++ b/x-pack/plugin/eql/qa/common/src/main/resources/test_failing_shards.toml @@ -10,6 +10,13 @@ expect_shard_failures = false [[queries]] name = "eventQueryShardFailures" query = 'process where serial_event_id == 1 or broken == 1' +expected_event_ids = [1] +expect_shard_failures = true + + +[[queries]] +name = "eventQueryShardFailuresTrue" +query = 'process where serial_event_id == 1 or broken == 1' allow_partial_search_results = true expected_event_ids = [1] expect_shard_failures = true @@ -18,7 +25,6 @@ expect_shard_failures = true [[queries]] name = "eventQueryShardFailuresOptionalField" query = 'process where serial_event_id == 1 and ?optional_field_default_null == null or broken == 1' -allow_partial_search_results = true expected_event_ids = [1] expect_shard_failures = true @@ -26,7 +32,6 @@ expect_shard_failures = true [[queries]] name = "eventQueryShardFailuresOptionalFieldMatching" query = 'process where serial_event_id == 2 and ?subtype == "create" or broken == 1' -allow_partial_search_results = true expected_event_ids = [2] expect_shard_failures = true @@ -64,7 +69,6 @@ sequence [process where serial_event_id == 1] [process where serial_event_id == 2] ''' -allow_partial_search_results = true expected_event_ids = [1, 2] expect_shard_failures = false @@ -76,6 +80,17 @@ sequence [process where serial_event_id == 1 or broken == 1] [process where serial_event_id == 2] ''' +expected_event_ids = [] +expect_shard_failures = true + + +[[queries]] +name = "sequenceQueryMissingShardsTrue" +query = ''' +sequence + [process where serial_event_id == 1 or broken == 1] + [process where serial_event_id == 2] +''' allow_partial_search_results = true expected_event_ids = [] expect_shard_failures = true @@ -88,6 +103,18 @@ sequence [process where serial_event_id == 1 or broken == 1] [process where serial_event_id == 2] ''' +allow_partial_sequence_results = true +expected_event_ids = [1, 2] +expect_shard_failures = true + + +[[queries]] +name = "sequenceQueryMissingShardsPartialResultsTrue" +query = ''' +sequence + [process where serial_event_id == 1 or broken == 1] + [process where serial_event_id == 2] +''' allow_partial_search_results = true allow_partial_sequence_results = true expected_event_ids = [1, 2] @@ -101,7 +128,6 @@ sequence [process where ?serial_event_id == 1 or broken == 1] [process where serial_event_id == 2] ''' -allow_partial_search_results = true allow_partial_sequence_results = true expected_event_ids = [1, 2] expect_shard_failures = true @@ -114,7 +140,6 @@ sequence with maxspan=100000d [process where serial_event_id == 1 and ?subtype == "create" or broken == 1] [process where serial_event_id == 2] ''' -allow_partial_search_results = true allow_partial_sequence_results = true expected_event_ids = [1, 2] expect_shard_failures = true @@ -128,7 +153,6 @@ sequence with maxspan=100000d ![process where broken == 1] [process where serial_event_id == 2] ''' -allow_partial_search_results = true allow_partial_sequence_results = true expected_event_ids = [1, -1, 2] expect_shard_failures = true @@ -142,7 +166,6 @@ sequence with maxspan=100000d ![process where broken == 1] [process where serial_event_id == 2] ''' -allow_partial_search_results = true allow_partial_sequence_results = true expected_event_ids = [1, -1, 2] expect_shard_failures = true @@ -155,6 +178,17 @@ sample by event_subtype_full [process where serial_event_id == 1 or broken == 1] [process where serial_event_id == 2] ''' +expected_event_ids = [1, 2] +expect_shard_failures = true + + +[[queries]] +name = "sampleQueryMissingShardsPartialResultsTrue" +query = ''' +sample by event_subtype_full + [process where serial_event_id == 1 or broken == 1] + [process where serial_event_id == 2] +''' allow_partial_search_results = true expected_event_ids = [1, 2] expect_shard_failures = true @@ -167,7 +201,6 @@ sample by event_subtype_full [process where serial_event_id == 1 and ?subtype == "create" or broken == 1] [process where serial_event_id == 2] ''' -allow_partial_search_results = true expected_event_ids = [1, 2] expect_shard_failures = true diff --git a/x-pack/plugin/eql/qa/mixed-node/src/javaRestTest/java/org/elasticsearch/xpack/eql/qa/mixed_node/EqlSearchIT.java b/x-pack/plugin/eql/qa/mixed-node/src/javaRestTest/java/org/elasticsearch/xpack/eql/qa/mixed_node/EqlSearchIT.java index 60c7fb1c7ad25..9ad69a9a8eabe 100644 --- a/x-pack/plugin/eql/qa/mixed-node/src/javaRestTest/java/org/elasticsearch/xpack/eql/qa/mixed_node/EqlSearchIT.java +++ b/x-pack/plugin/eql/qa/mixed-node/src/javaRestTest/java/org/elasticsearch/xpack/eql/qa/mixed_node/EqlSearchIT.java @@ -410,10 +410,10 @@ private void assertMultiValueFunctionQuery( StringBuilder payload = new StringBuilder("{\"query\":\"" + query + "\""); if (randomBoolean()) { - payload.append(", \"allow_partial_search_results\": true"); + payload.append(", \"allow_partial_search_results\": " + randomBoolean()); } if (randomBoolean()) { - payload.append(", \"allow_partial_sequence_results\": true"); + payload.append(", \"allow_partial_sequence_results\": " + randomBoolean()); } payload.append("}"); request.setJsonEntity(payload.toString()); diff --git a/x-pack/plugin/eql/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/eql/10_basic.yml b/x-pack/plugin/eql/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/eql/10_basic.yml index c7974f3b584b4..17ca924c009ac 100644 --- a/x-pack/plugin/eql/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/eql/10_basic.yml +++ b/x-pack/plugin/eql/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/eql/10_basic.yml @@ -509,6 +509,30 @@ setup: --- + +"Execute query shard failures": + - do: + eql.search: + index: eql_test* + body: + query: 'process where user == "SYSTEM" and day_of_week == "Monday"' + fields: [{"field":"@timestamp","format":"epoch_millis"},"id","valid","day_of_week"] + allow_partial_search_results: true + + - match: {timed_out: false} + - match: {hits.total.value: 1} + - match: {hits.total.relation: "eq"} + - match: {hits.events.0._source.user: "SYSTEM"} + - match: {hits.events.0._id: "1"} + - match: {hits.events.0.fields.@timestamp: ["1580733296000"]} + - match: {hits.events.0.fields.id: [123]} + - match: {hits.events.0.fields.valid: [false]} + - match: {hits.events.0.fields.day_of_week: ["Monday"]} + - match: {shard_failures.0.index: "eql_test_rebel"} + + +--- + "Execute query shard failures and with allow_partial_search_results": - do: eql.search: @@ -535,7 +559,6 @@ setup: - do: eql.search: index: eql_test* - allow_partial_search_results: true body: query: 'process where user == "SYSTEM" and day_of_week == "Monday"' fields: [{"field":"@timestamp","format":"epoch_millis"},"id","valid","day_of_week"] @@ -575,7 +598,6 @@ setup: body: query: 'sequence [process where user == "SYSTEM" and day_of_week == "Monday"] [process where user == "SYSTEM" and day_of_week == "Tuesday"]' fields: [{"field":"@timestamp","format":"epoch_millis"},"id","valid","day_of_week"] - allow_partial_search_results: true allow_partial_sequence_results: true - match: {timed_out: false} @@ -600,7 +622,6 @@ setup: - do: eql.search: index: eql_test* - allow_partial_search_results: true allow_partial_sequence_results: true body: query: 'sequence [process where user == "SYSTEM" and day_of_week == "Monday"] [process where user == "SYSTEM" and day_of_week == "Tuesday"]' diff --git a/x-pack/plugin/eql/src/internalClusterTest/java/org/elasticsearch/xpack/eql/action/CCSPartialResultsIT.java b/x-pack/plugin/eql/src/internalClusterTest/java/org/elasticsearch/xpack/eql/action/CCSPartialResultsIT.java index da6bb6180428b..6cf4bf54f1f23 100644 --- a/x-pack/plugin/eql/src/internalClusterTest/java/org/elasticsearch/xpack/eql/action/CCSPartialResultsIT.java +++ b/x-pack/plugin/eql/src/internalClusterTest/java/org/elasticsearch/xpack/eql/action/CCSPartialResultsIT.java @@ -9,6 +9,7 @@ import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsAction; import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsRequest; +import org.elasticsearch.action.search.SearchPhaseExecutionException; import org.elasticsearch.client.internal.Client; import org.elasticsearch.cluster.metadata.IndexMetadata; import org.elasticsearch.common.settings.Settings; @@ -26,6 +27,7 @@ import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.is; public class CCSPartialResultsIT extends AbstractMultiClustersTestCase { @@ -222,9 +224,10 @@ public void testAllowPartialSearchAndSequence_event() throws ExecutionException, cluster(REMOTE_CLUSTER).stopNode(remoteNode); // event query - var request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("process where true") - .allowPartialSearchResults(true); + var request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*").query("process where true"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } var response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().events().size(), equalTo(5)); for (int i = 0; i < 5; i++) { @@ -244,8 +247,10 @@ public void testAllowPartialSearchAndSequence_sequence() throws ExecutionExcepti // sequence query on both shards var request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") .query("sequence [process where value == 1] [process where value == 2]") - .allowPartialSearchResults(true) .allowPartialSequenceResults(true); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } var response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -255,8 +260,10 @@ public void testAllowPartialSearchAndSequence_sequence() throws ExecutionExcepti // sequence query on the available shard only request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") .query("sequence [process where value == 1] [process where value == 3]") - .allowPartialSearchResults(true) .allowPartialSequenceResults(true); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(1)); var sequence = response.hits().sequences().get(0); @@ -269,8 +276,10 @@ public void testAllowPartialSearchAndSequence_sequence() throws ExecutionExcepti // sequence query on the unavailable shard only request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") .query("sequence [process where value == 0] [process where value == 2]") - .allowPartialSearchResults(true) .allowPartialSequenceResults(true); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -280,8 +289,10 @@ public void testAllowPartialSearchAndSequence_sequence() throws ExecutionExcepti // sequence query with missing event on unavailable shard. THIS IS A FALSE POSITIVE request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") .query("sequence with maxspan=10s [process where value == 1] ![process where value == 2] [process where value == 3]") - .allowPartialSearchResults(true) .allowPartialSequenceResults(true); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(1)); sequence = response.hits().sequences().get(0); @@ -303,9 +314,10 @@ public void testAllowPartialSearchAndSequence_sample() throws ExecutionException // sample query on both shards var request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sample by key [process where value == 2] [process where value == 1]") - .allowPartialSearchResults(true) - .allowPartialSequenceResults(true); + .query("sample by key [process where value == 2] [process where value == 1]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } var response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -314,9 +326,10 @@ public void testAllowPartialSearchAndSequence_sample() throws ExecutionException // sample query on the available shard only request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sample by key [process where value == 3] [process where value == 1]") - .allowPartialSearchResults(true) - .allowPartialSequenceResults(true); + .query("sample by key [process where value == 3] [process where value == 1]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(1)); var sample = response.hits().sequences().get(0); @@ -328,9 +341,10 @@ public void testAllowPartialSearchAndSequence_sample() throws ExecutionException // sample query on the unavailable shard only request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sample by key [process where value == 2] [process where value == 0]") - .allowPartialSearchResults(true) - .allowPartialSequenceResults(true); + .query("sample by key [process where value == 2] [process where value == 0]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -353,9 +367,10 @@ public void testAllowPartialSearch_event() throws ExecutionException, Interrupte cluster(REMOTE_CLUSTER).stopNode(remoteNode); // event query - var request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("process where true") - .allowPartialSearchResults(true); + var request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*").query("process where true"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } var response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().events().size(), equalTo(5)); for (int i = 0; i < 5; i++) { @@ -375,8 +390,10 @@ public void testAllowPartialSearch_sequence() throws ExecutionException, Interru // sequence query on both shards var request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sequence [process where value == 1] [process where value == 2]") - .allowPartialSearchResults(true); + .query("sequence [process where value == 1] [process where value == 2]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } var response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -385,8 +402,10 @@ public void testAllowPartialSearch_sequence() throws ExecutionException, Interru // sequence query on the available shard only request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sequence [process where value == 1] [process where value == 3]") - .allowPartialSearchResults(true); + .query("sequence [process where value == 1] [process where value == 3]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -395,8 +414,10 @@ public void testAllowPartialSearch_sequence() throws ExecutionException, Interru // sequence query on the unavailable shard only request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sequence [process where value == 0] [process where value == 2]") - .allowPartialSearchResults(true); + .query("sequence [process where value == 0] [process where value == 2]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -405,8 +426,10 @@ public void testAllowPartialSearch_sequence() throws ExecutionException, Interru // sequence query with missing event on unavailable shard. THIS IS A FALSE POSITIVE request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sequence with maxspan=10s [process where value == 1] ![process where value == 2] [process where value == 3]") - .allowPartialSearchResults(true); + .query("sequence with maxspan=10s [process where value == 1] ![process where value == 2] [process where value == 3]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -425,8 +448,10 @@ public void testAllowPartialSearch_sample() throws ExecutionException, Interrupt // sample query on both shards var request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sample by key [process where value == 2] [process where value == 1]") - .allowPartialSearchResults(true); + .query("sample by key [process where value == 2] [process where value == 1]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } var response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -435,8 +460,10 @@ public void testAllowPartialSearch_sample() throws ExecutionException, Interrupt // sample query on the available shard only request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sample by key [process where value == 3] [process where value == 1]") - .allowPartialSearchResults(true); + .query("sample by key [process where value == 3] [process where value == 1]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(1)); var sample = response.hits().sequences().get(0); @@ -448,8 +475,10 @@ public void testAllowPartialSearch_sample() throws ExecutionException, Interrupt // sample query on the unavailable shard only request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sample by key [process where value == 2] [process where value == 0]") - .allowPartialSearchResults(true); + .query("sample by key [process where value == 2] [process where value == 0]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -459,7 +488,7 @@ public void testAllowPartialSearch_sample() throws ExecutionException, Interrupt } // ------------------------------------------------------------------------ - // same queries, with missing shards and with default xpack.eql.default_allow_partial_results=true + // same queries, with missing shards and with default xpack.eql.default_allow_partial_results=false // ------------------------------------------------------------------------ public void testClusterSetting_event() throws ExecutionException, InterruptedException, IOException { @@ -474,19 +503,13 @@ public void testClusterSetting_event() throws ExecutionException, InterruptedExc .execute( ClusterUpdateSettingsAction.INSTANCE, new ClusterUpdateSettingsRequest(TimeValue.THIRTY_SECONDS, TimeValue.THIRTY_SECONDS).persistentSettings( - Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), true) + Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), false) ) ) .get(); // event query - var request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*").query("process where true"); - var response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().events().size(), equalTo(5)); - for (int i = 0; i < 5; i++) { - assertThat(response.hits().events().get(i).toString(), containsString("\"value\" : " + (i * 2 + 1))); - } - assertThat(response.shardFailures().length, is(1)); + shouldFailWithDefaults("process where true"); localClient().execute( ClusterUpdateSettingsAction.INSTANCE, @@ -508,45 +531,23 @@ public void testClusterSetting_sequence() throws ExecutionException, Interrupted .execute( ClusterUpdateSettingsAction.INSTANCE, new ClusterUpdateSettingsRequest(TimeValue.THIRTY_SECONDS, TimeValue.THIRTY_SECONDS).persistentSettings( - Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), true) + Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), false) ) ) .get(); // sequence query on both shards - var request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sequence [process where value == 1] [process where value == 2]"); - var response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1-remote")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFailWithDefaults("sequence [process where value == 1] [process where value == 2]"); // sequence query on the available shard only - request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sequence [process where value == 1] [process where value == 3]"); - response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1-remote")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFailWithDefaults("sequence [process where value == 1] [process where value == 3]"); // sequence query on the unavailable shard only - request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sequence [process where value == 0] [process where value == 2]"); - response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1-remote")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFailWithDefaults("sequence [process where value == 0] [process where value == 2]"); // sequence query with missing event on unavailable shard. THIS IS A FALSE POSITIVE - request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sequence with maxspan=10s [process where value == 1] ![process where value == 2] [process where value == 3]"); - response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1-remote")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFailWithDefaults( + "sequence with maxspan=10s [process where value == 1] ![process where value == 2] [process where value == 3]" + ); localClient().execute( ClusterUpdateSettingsAction.INSTANCE, @@ -568,40 +569,19 @@ public void testClusterSetting_sample() throws ExecutionException, InterruptedEx .execute( ClusterUpdateSettingsAction.INSTANCE, new ClusterUpdateSettingsRequest(TimeValue.THIRTY_SECONDS, TimeValue.THIRTY_SECONDS).persistentSettings( - Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), true) + Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), false) ) ) .get(); // sample query on both shards - var request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sample by key [process where value == 2] [process where value == 1]"); - var response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1-remote")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFailWithDefaults("sample by key [process where value == 2] [process where value == 1]"); // sample query on the available shard only - request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sample by key [process where value == 3] [process where value == 1]"); - response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(1)); - var sample = response.hits().sequences().get(0); - assertThat(sample.events().get(0).toString(), containsString("\"value\" : 3")); - assertThat(sample.events().get(1).toString(), containsString("\"value\" : 1")); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1-remote")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFailWithDefaults("sample by key [process where value == 3] [process where value == 1]"); // sample query on the unavailable shard only - request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*") - .query("sample by key [process where value == 2] [process where value == 0]"); - response = localClient().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1-remote")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFailWithDefaults("sample by key [process where value == 2] [process where value == 0]"); localClient().execute( ClusterUpdateSettingsAction.INSTANCE, @@ -610,4 +590,17 @@ public void testClusterSetting_sample() throws ExecutionException, InterruptedEx ) ).get(); } + + private void shouldFailWithDefaults(String query) throws InterruptedException { + EqlSearchRequest request = new EqlSearchRequest().indices(REMOTE_CLUSTER + ":test-*").query(query); + if (randomBoolean()) { + request = request.allowPartialSequenceResults(randomBoolean()); + } + try { + localClient().execute(EqlSearchAction.INSTANCE, request).get(); + fail(); + } catch (ExecutionException e) { + assertThat(e.getCause().getCause(), instanceOf(SearchPhaseExecutionException.class)); + } + } } diff --git a/x-pack/plugin/eql/src/internalClusterTest/java/org/elasticsearch/xpack/eql/action/PartialSearchResultsIT.java b/x-pack/plugin/eql/src/internalClusterTest/java/org/elasticsearch/xpack/eql/action/PartialSearchResultsIT.java index 9048d11f4eddf..712695fa1b9ce 100644 --- a/x-pack/plugin/eql/src/internalClusterTest/java/org/elasticsearch/xpack/eql/action/PartialSearchResultsIT.java +++ b/x-pack/plugin/eql/src/internalClusterTest/java/org/elasticsearch/xpack/eql/action/PartialSearchResultsIT.java @@ -274,7 +274,10 @@ public void testAllowPartialSearchAndSequenceResults_event() throws Exception { internalCluster().stopNode(assignedNodeForIndex1); // event query - var request = new EqlSearchRequest().indices("test-*").query("process where true").allowPartialSearchResults(true); + var request = new EqlSearchRequest().indices("test-*").query("process where true"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } var response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().events().size(), equalTo(5)); for (int i = 0; i < 5; i++) { @@ -295,8 +298,11 @@ public void testAllowPartialSearchAndSequenceResults_sequence() throws Exception // sequence query on both shards var request = new EqlSearchRequest().indices("test-*") .query("sequence [process where value == 1] [process where value == 2]") - .allowPartialSearchResults(true) .allowPartialSequenceResults(true); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } + var response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -306,8 +312,10 @@ public void testAllowPartialSearchAndSequenceResults_sequence() throws Exception // sequence query on the available shard only request = new EqlSearchRequest().indices("test-*") .query("sequence [process where value == 1] [process where value == 3]") - .allowPartialSearchResults(true) .allowPartialSequenceResults(true); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(1)); var sequence = response.hits().sequences().get(0); @@ -320,8 +328,10 @@ public void testAllowPartialSearchAndSequenceResults_sequence() throws Exception // sequence query on the unavailable shard only request = new EqlSearchRequest().indices("test-*") .query("sequence [process where value == 0] [process where value == 2]") - .allowPartialSearchResults(true) .allowPartialSequenceResults(true); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -331,8 +341,10 @@ public void testAllowPartialSearchAndSequenceResults_sequence() throws Exception // sequence query with missing event on unavailable shard. THIS IS A FALSE POSITIVE request = new EqlSearchRequest().indices("test-*") .query("sequence with maxspan=10s [process where value == 1] ![process where value == 2] [process where value == 3]") - .allowPartialSearchResults(true) .allowPartialSequenceResults(true); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(1)); sequence = response.hits().sequences().get(0); @@ -355,8 +367,10 @@ public void testAllowPartialSearchAndSequenceResults_sample() throws Exception { // sample query on both shards var request = new EqlSearchRequest().indices("test-*") .query("sample by key [process where value == 2] [process where value == 1]") - .allowPartialSearchResults(true) .allowPartialSequenceResults(true); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } var response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -366,8 +380,10 @@ public void testAllowPartialSearchAndSequenceResults_sample() throws Exception { // sample query on the available shard only request = new EqlSearchRequest().indices("test-*") .query("sample by key [process where value == 3] [process where value == 1]") - .allowPartialSearchResults(true) .allowPartialSequenceResults(true); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(1)); var sample = response.hits().sequences().get(0); @@ -380,8 +396,10 @@ public void testAllowPartialSearchAndSequenceResults_sample() throws Exception { // sample query on the unavailable shard only request = new EqlSearchRequest().indices("test-*") .query("sample by key [process where value == 2] [process where value == 0]") - .allowPartialSearchResults(true) .allowPartialSequenceResults(true); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -404,7 +422,10 @@ public void testAllowPartialSearchResults_event() throws Exception { internalCluster().stopNode(assignedNodeForIndex1); // event query - var request = new EqlSearchRequest().indices("test-*").query("process where true").allowPartialSearchResults(true); + var request = new EqlSearchRequest().indices("test-*").query("process where true"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } var response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().events().size(), equalTo(5)); for (int i = 0; i < 5; i++) { @@ -423,9 +444,10 @@ public void testAllowPartialSearchResults_sequence() throws Exception { internalCluster().stopNode(assignedNodeForIndex1); // sequence query on both shards - var request = new EqlSearchRequest().indices("test-*") - .query("sequence [process where value == 1] [process where value == 2]") - .allowPartialSearchResults(true); + var request = new EqlSearchRequest().indices("test-*").query("sequence [process where value == 1] [process where value == 2]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } var response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -433,9 +455,10 @@ public void testAllowPartialSearchResults_sequence() throws Exception { assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); // sequence query on the available shard only - request = new EqlSearchRequest().indices("test-*") - .query("sequence [process where value == 1] [process where value == 3]") - .allowPartialSearchResults(true); + request = new EqlSearchRequest().indices("test-*").query("sequence [process where value == 1] [process where value == 3]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -443,9 +466,10 @@ public void testAllowPartialSearchResults_sequence() throws Exception { assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); // sequence query on the unavailable shard only - request = new EqlSearchRequest().indices("test-*") - .query("sequence [process where value == 0] [process where value == 2]") - .allowPartialSearchResults(true); + request = new EqlSearchRequest().indices("test-*").query("sequence [process where value == 0] [process where value == 2]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -454,8 +478,10 @@ public void testAllowPartialSearchResults_sequence() throws Exception { // sequence query with missing event on unavailable shard. THIS IS A FALSE POSITIVE request = new EqlSearchRequest().indices("test-*") - .query("sequence with maxspan=10s [process where value == 1] ![process where value == 2] [process where value == 3]") - .allowPartialSearchResults(true); + .query("sequence with maxspan=10s [process where value == 1] ![process where value == 2] [process where value == 3]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -473,9 +499,10 @@ public void testAllowPartialSearchResults_sample() throws Exception { internalCluster().stopNode(assignedNodeForIndex1); // sample query on both shards - var request = new EqlSearchRequest().indices("test-*") - .query("sample by key [process where value == 2] [process where value == 1]") - .allowPartialSearchResults(true); + var request = new EqlSearchRequest().indices("test-*").query("sample by key [process where value == 2] [process where value == 1]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } var response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -483,9 +510,10 @@ public void testAllowPartialSearchResults_sample() throws Exception { assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); // sample query on the available shard only - request = new EqlSearchRequest().indices("test-*") - .query("sample by key [process where value == 3] [process where value == 1]") - .allowPartialSearchResults(true); + request = new EqlSearchRequest().indices("test-*").query("sample by key [process where value == 3] [process where value == 1]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(1)); var sample = response.hits().sequences().get(0); @@ -496,9 +524,10 @@ public void testAllowPartialSearchResults_sample() throws Exception { assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); // sample query on the unavailable shard only - request = new EqlSearchRequest().indices("test-*") - .query("sample by key [process where value == 2] [process where value == 0]") - .allowPartialSearchResults(true); + request = new EqlSearchRequest().indices("test-*").query("sample by key [process where value == 2] [process where value == 0]"); + if (randomBoolean()) { + request = request.allowPartialSearchResults(true); + } response = client().execute(EqlSearchAction.INSTANCE, request).get(); assertThat(response.hits().sequences().size(), equalTo(0)); assertThat(response.shardFailures().length, is(1)); @@ -605,7 +634,7 @@ public void testAsyncAllowPartialSearchResults_sample() throws Exception { } // ------------------------------------------------------------------------ - // same queries, with missing shards and with default xpack.eql.default_allow_partial_results=true + // same queries, with missing shards and with default xpack.eql.default_allow_partial_results=false // ------------------------------------------------------------------------ public void testClusterSetting_event() throws Exception { @@ -619,18 +648,12 @@ public void testClusterSetting_event() throws Exception { client().execute( ClusterUpdateSettingsAction.INSTANCE, new ClusterUpdateSettingsRequest(TimeValue.THIRTY_SECONDS, TimeValue.THIRTY_SECONDS).persistentSettings( - Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), true) + Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), false) ) ).get(); // event query - var request = new EqlSearchRequest().indices("test-*").query("process where true"); - var response = client().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().events().size(), equalTo(5)); - for (int i = 0; i < 5; i++) { - assertThat(response.hits().events().get(i).toString(), containsString("\"value\" : " + (i * 2 + 1))); - } - assertThat(response.shardFailures().length, is(1)); + shouldFail("process where true"); client().execute( ClusterUpdateSettingsAction.INSTANCE, @@ -651,41 +674,20 @@ public void testClusterSetting_sequence() throws Exception { client().execute( ClusterUpdateSettingsAction.INSTANCE, new ClusterUpdateSettingsRequest(TimeValue.THIRTY_SECONDS, TimeValue.THIRTY_SECONDS).persistentSettings( - Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), true) + Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), false) ) ).get(); // sequence query on both shards - var request = new EqlSearchRequest().indices("test-*").query("sequence [process where value == 1] [process where value == 2]"); - var response = client().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFail("sequence [process where value == 1] [process where value == 2]"); // sequence query on the available shard only - request = new EqlSearchRequest().indices("test-*").query("sequence [process where value == 1] [process where value == 3]"); - response = client().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFail("sequence [process where value == 1] [process where value == 3]"); // sequence query on the unavailable shard only - request = new EqlSearchRequest().indices("test-*").query("sequence [process where value == 0] [process where value == 2]"); - response = client().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFail("sequence [process where value == 0] [process where value == 2]"); // sequence query with missing event on unavailable shard. THIS IS A FALSE POSITIVE - request = new EqlSearchRequest().indices("test-*") - .query("sequence with maxspan=10s [process where value == 1] ![process where value == 2] [process where value == 3]"); - response = client().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFail("sequence with maxspan=10s [process where value == 1] ![process where value == 2] [process where value == 3]"); client().execute( ClusterUpdateSettingsAction.INSTANCE, @@ -706,36 +708,18 @@ public void testClusterSetting_sample() throws Exception { client().execute( ClusterUpdateSettingsAction.INSTANCE, new ClusterUpdateSettingsRequest(TimeValue.THIRTY_SECONDS, TimeValue.THIRTY_SECONDS).persistentSettings( - Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), true) + Settings.builder().put(EqlPlugin.DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS.getKey(), false) ) ).get(); // sample query on both shards - var request = new EqlSearchRequest().indices("test-*").query("sample by key [process where value == 2] [process where value == 1]"); - var response = client().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFail("sample by key [process where value == 2] [process where value == 1]"); // sample query on the available shard only - request = new EqlSearchRequest().indices("test-*").query("sample by key [process where value == 3] [process where value == 1]"); - response = client().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(1)); - var sample = response.hits().sequences().get(0); - assertThat(sample.events().get(0).toString(), containsString("\"value\" : 3")); - assertThat(sample.events().get(1).toString(), containsString("\"value\" : 1")); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFail("sample by key [process where value == 3] [process where value == 1]"); // sample query on the unavailable shard only - request = new EqlSearchRequest().indices("test-*").query("sample by key [process where value == 2] [process where value == 0]"); - response = client().execute(EqlSearchAction.INSTANCE, request).get(); - assertThat(response.hits().sequences().size(), equalTo(0)); - assertThat(response.shardFailures().length, is(1)); - assertThat(response.shardFailures()[0].index(), is("test-1")); - assertThat(response.shardFailures()[0].reason(), containsString("NoShardAvailableActionException")); + shouldFail("sample by key [process where value == 2] [process where value == 0]"); client().execute( ClusterUpdateSettingsAction.INSTANCE, @@ -751,7 +735,9 @@ private static EqlSearchResponse runAsync(String query, Boolean allowPartialSear EqlSearchResponse response; request = new EqlSearchRequest().indices("test-*").query(query).waitForCompletionTimeout(TimeValue.ZERO); if (allowPartialSearchResults != null) { - request = request.allowPartialSearchResults(allowPartialSearchResults); + if (allowPartialSearchResults == false || randomBoolean()) request = request.allowPartialSearchResults( + allowPartialSearchResults + ); } response = client().execute(EqlSearchAction.INSTANCE, request).get(); while (response.isRunning()) { @@ -764,9 +750,7 @@ private static EqlSearchResponse runAsync(String query, Boolean allowPartialSear private static void shouldFail(String query) throws InterruptedException { EqlSearchRequest request = new EqlSearchRequest().indices("test-*").query(query); - if (randomBoolean()) { - request = request.allowPartialSearchResults(false); - } + request = request.allowPartialSearchResults(false); if (randomBoolean()) { request = request.allowPartialSequenceResults(randomBoolean()); } diff --git a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/plugin/EqlPlugin.java b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/plugin/EqlPlugin.java index 210f88c991539..62f4110f9f457 100644 --- a/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/plugin/EqlPlugin.java +++ b/x-pack/plugin/eql/src/main/java/org/elasticsearch/xpack/eql/plugin/EqlPlugin.java @@ -62,7 +62,7 @@ public class EqlPlugin extends Plugin implements ActionPlugin, CircuitBreakerPlu public static final Setting DEFAULT_ALLOW_PARTIAL_SEARCH_RESULTS = Setting.boolSetting( "xpack.eql.default_allow_partial_results", - false, + true, Setting.Property.NodeScope, Setting.Property.Dynamic );