Skip to content

Add MV_CONTAINS function #133099

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 33 commits into from
Aug 27, 2025
Merged

Add MV_CONTAINS function #133099

merged 33 commits into from
Aug 27, 2025

Conversation

@mjmbischoff
Copy link
Contributor

@mjmbischoff mjmbischoff commented Aug 18, 2025
edited
Loading

Adding the MV_CONTAINS_ALL function.

The function checks if the multivalue expression that is supplied as the first argument resolves to all values yielded by the multivalue expression that is the second argument. Effectively establishing if the first argument is a super set of the second argument which would then be the subset. This allows for a contains element function that also has the flexibility to work with multivalue arguments. Since we compare each entry duplicates collapse as we simply match against the same entry on the other side.

This avoids the need to abuse string functions to check if something is one of the multi values.:

FROM main_data_index
| LOOKUP JOIN my_lookup_index ON destination.ip
| WHERE CONTAINS(CONCAT("#",MV_CONCAT(destination.denied_ports::STRING, "#"),"#"), CONCAT("#",destination.port::STRING,"#"))
| KEEP message, destination.*

FROM main_data_index
| LOOKUP JOIN my_lookup_index ON destination.ip
| WHERE MV_CONTAINS(destination.denied_ports, destination.port)
| KEEP message, destination.*

the function allows for multivalue so the following should also work:

MV_CONTAINS(roles, ["read", "write"])

TODO

  • Regenerate docs
  • Rename MV_CONTAINS_ALL to MV_CONTAINS (pending decision - jumped the gun but should check for consensus)
  • Introduce as PREVIEW or straight to GA?

@elasticsearchmachine elasticsearchmachine added external-contributor Pull request authored by a developer outside the Elasticsearch team v9.2.0 labels Aug 18, 2025
@mjmbischoff mjmbischoff mentioned this pull request Aug 19, 2025
Open
@github-actions
Copy link
Contributor

github-actions bot commented Aug 19, 2025
edited
Loading

🔍 Preview links for changed docs

@mjmbischoff mjmbischoff added :Analytics/ES|QL AKA ESQL auto-backport Automatically create backport pull requests when merged labels Aug 19, 2025
@mjmbischoff
Enhance mv_contains_all function with additional examples and docum…
f02c400 
…entation improvements.

Fix issue with byteref being empty, which caused fold to fail.
@mjmbischoff mjmbischoff marked this pull request as ready for review August 19, 2025 06:31
@elasticsearchmachine elasticsearchmachine added the Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo) label Aug 19, 2025
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Aug 19, 2025

Pinging @elastic/es-analytical-engine (Team:Analytics)

@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Aug 19, 2025

Hi @mjmbischoff, I've created a changelog YAML for you.

@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Aug 19, 2025

Hi @mjmbischoff, I've updated the changelog YAML for you.

@mjmbischoff
Copy link
Contributor Author

mjmbischoff commented Aug 23, 2025
edited
Loading

If we do want to introduce infix operators for this, and want the operator to be IN, then it would be correct for it to have the opposite parameter order from the MV_CONTAINS_ALL function.

Agree. If we add an infix operator will create a class for it as invert the operator order, but that will be a followup PR.

@mjmbischoff mjmbischoff changed the title Add MV_CONTAINS_ALL function Add MV_CONTAINS function Aug 24, 2025
mjmbischoff and others added 3 commits August 24, 2025 14:04
@mjmbischoff
- Renamed MV_CONTAINS_ALL to MV_CONTAINS
b0c959d 
- Fixing tests by removing logic to return null if all parameters are null. The standard generator had to be circumvented, should follow up with separate PR to make it more intelligent to avoid it.
- Overwritten part of the test methods to avoid the null expectation.
[CI] Auto commit changes from spotless
fbe8a2b
@mjmbischoff
Update documentation to reflect MV_CONTAINS_ALL renaming to `MV_CON…
f71848f 
…TAINS`
@mjmbischoff
Copy link
Contributor Author

mjmbischoff commented Aug 24, 2025

Had to do quite a bit(too much?) to follow the contract of always returning a boolean vs null if any argument is null, which the test classes seem to expect.

@mjmbischoff mjmbischoff requested a review from ivancea August 25, 2025 10:54
ivancea
ivancea approved these changes Aug 25, 2025
View reviewed changes
Copy link
Contributor

@ivancea ivancea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks good! It's a shame you had to create a custom evaluator; I guess we'll have to invest some extra time there, as MV functions can usually handle nulls

@mjmbischoff mjmbischoff merged commit 1e58428 into elastic:main Aug 27, 2025
33 checks passed
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Aug 27, 2025

💔 Backport failed

The backport operation could not be completed due to the following error:

There are no branches to backport to. Aborting.

You can use sqren/backport to manually backport by running backport --upstream elastic/elasticsearch --pr 133099

@ivancea ivancea mentioned this pull request Aug 27, 2025
Open
DaveCTurner added a commit that referenced this pull request Aug 27, 2025
@DaveCTurner
Revert "Add MV_CONTAINS function (#133099)"
b22e953 
This reverts commit 1e58428.
@DaveCTurner
Copy link
Contributor

DaveCTurner commented Aug 27, 2025

This commit introduced compile errors, I have reverted it from main.

mjmbischoff added a commit to mjmbischoff/elasticsearch that referenced this pull request Aug 27, 2025
@mjmbischoff
Add memory usage reporting to MvContains evaluators
277249a 
ESQL: Track memory in evaluators (elastic#133392) got merged to main at the same as Add MV_CONTAINS function elastic#133099 which caused a compile-error and the merge was reverted. This commit addresses the compile-error.
@mjmbischoff mjmbischoff mentioned this pull request Aug 27, 2025
Merged
This was referenced Sep 30, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@craigtaverner craigtaverner craigtaverner left review comments

@leemthompo leemthompo leemthompo left review comments

@ivancea ivancea ivancea approved these changes

@nik9000 nik9000 Awaiting requested review from nik9000

Assignees

@mjmbischoff mjmbischoff

Labels

:Analytics/ES|QL AKA ESQL auto-backport Automatically create backport pull requests when merged >enhancement external-contributor Pull request authored by a developer outside the Elasticsearch team Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@mjmbischoff @elasticsearchmachine @craigtaverner @DaveCTurner @ivancea @leemthompo