[ES|QL] TS Disallow renaming into timestamp prior to implicit use #137713
Conversation
limotova
changed the title
limotova
force-pushed
the
disallow-renaming-timestamp
branch
from
703e816 to
446cffd
Compare
elasticsearchmachine
added
the
needs:triage
limotova
added
>bug
:StorageEngine/ES|QL
|
Pinging @elastic/es-storage-engine (Team:StorageEngine) |
|
Hi @limotova, I've created a changelog YAML for you. |
| @Override | ||
| public String toString() { | ||
| return "rate(" + field() + ")"; | ||
| return "rate(" + field() + ", " + timestamp() + ")"; |
There was a problem hiding this comment.
Why was this added? Is it necessary?
There was a problem hiding this comment.
It wasn't necessary but @bpintea recommended it in our conversation and I agreed it made sense to add
There was a problem hiding this comment.
@dnhatn wdyt?
If we want this, we'll have to update all time-series aggregate functions.
There was a problem hiding this comment.
I'm not sure about the benefits of adding this, but I'm not against it either
There was a problem hiding this comment.
not sure about the benefits of adding this
When seeing the failed query (in the issue this addresses), I wanted to quickly see what's happening in a running instance with debug on I hand running, but failed, because @timestamp isn't "visible". Since it's a parameter of the function, even if implicit, I think it can help. It's a nice to have though, not a strict necessity. And can be done here or some other PR.
dnhatn
left a comment
dnhatn
left a comment
There was a problem hiding this comment.
I've left a question, thanks Larisa!
| } | ||
| } | ||
| } | ||
| if (aggregate.child().output().contains(timestamp.get()) == false) { |
There was a problem hiding this comment.
I wonder if we should run this check in TimeSeriesAggregate#postAnalysisVerification instead. What about TBucket? It seems we aren't checking it here.
There was a problem hiding this comment.
Oh you're right; TBucket is a TimestampAware function so I thought it would be getting caught there but it doesn't end up in the list of timeSeriesAggs so it's getting skipped over. I'll see what I can do about both of those
There was a problem hiding this comment.
I rewrote it (edit: or so i thought; it didnt actually work) to be checked in TimeSeriesAggregate#postAnalysisVerification but it looks like something else actually catches the TBucket case already
stack_trace: "org.elasticsearch.xpack.esql.VerificationException: Found 1 problem\n\
line 3:68: [tbucket(5minute)] requires the [@timestamp] field, which was either\
\ not present in the source index, or has been dropped or renamed
There was a problem hiding this comment.
Indeed, all the TimestampAware functions that are created by the Analyzer will have the UnresolvedTimestamp injected and if during reference resolution this isn't swapped out, it'll get caught into the Verifier.
There was a problem hiding this comment.
Also, I guess we're doing this to prevent @timestamp be altered at all, right? Like maybe shifted with a TZ delta.
If so, maybe we'll want to add a test for it to testTranslateMetricsAfterRenamingTimestamp(), like ... | EVAL @timestamp = @timestamp + 1 day
| @Override | ||
| public String toString() { | ||
| return "rate(" + field() + ")"; | ||
| return "rate(" + field() + ", " + timestamp() + ")"; |
There was a problem hiding this comment.
I'm not sure about the benefits of adding this, but I'm not against it either
| } | ||
| } | ||
| } | ||
| if (aggregate.child().output().contains(timestamp.get()) == false) { |
There was a problem hiding this comment.
Indeed, all the TimestampAware functions that are created by the Analyzer will have the UnresolvedTimestamp injected and if during reference resolution this isn't swapped out, it'll get caught into the Verifier.
| + "[" | ||
| + String.join(", ", timestampAwareFunctions.subList(0, Math.min(size, 3))) | ||
| + (size > 3 ? ", ..." : "") | ||
| + "] requires a @timestamp field of type date to be present when run with the TS command, but it was not present." |
There was a problem hiding this comment.
You'll probably want to do the plural dance with the require/s too.
Also, can @timestamp be of nanos resolution, or just date?
There was a problem hiding this comment.
Yeah @timestamp can be nanos. I'll change the phrase a bit and look into adding tests for that in a bit (we don't have an index with a date_nanos timestamp that's set up as a time series index in the CSV tests)
| } | ||
| } | ||
| } | ||
| if (aggregate.child().output().contains(timestamp.get()) == false) { |
There was a problem hiding this comment.
Also, I guess we're doing this to prevent @timestamp be altered at all, right? Like maybe shifted with a TZ delta.
If so, maybe we'll want to add a test for it to testTranslateMetricsAfterRenamingTimestamp(), like ... | EVAL @timestamp = @timestamp + 1 day
| @Override | ||
| public String toString() { | ||
| return "rate(" + field() + ")"; | ||
| return "rate(" + field() + ", " + timestamp() + ")"; |
There was a problem hiding this comment.
not sure about the benefits of adding this
When seeing the failed query (in the issue this addresses), I wanted to quickly see what's happening in a running instance with debug on I hand running, but failed, because @timestamp isn't "visible". Since it's a parameter of the function, even if implicit, I think it can help. It's a nice to have though, not a strict necessity. And can be done here or some other PR.
5 participants
This commit adds a check after translating STATS run with the TS command that the
@timestampfield still exists for commands that require it (TimestampAware functions and functions that bucket on it) and errors if it is missing.Resolves #137655