From 95cf598423926d930ccece2f2e8f57e08dcddb5a Mon Sep 17 00:00:00 2001 From: Ivana Huckova <30407135+ivanahuckova@users.noreply.github.com> Date: Thu, 4 May 2023 19:33:00 +0200 Subject: [PATCH] Elasticsearch: Fix processing of logs with not-recognized time format (#67767) * Elasticsearch: Fix parsing of invalid time * Fix lint * Add more test data to data.js * Add tests * Fix lint * Update pkg/tsdb/elasticsearch/client/search_request.go --- devenv/docker/blocks/elastic/data/data.js | 15 ++++++ .../elasticsearch/client/search_request.go | 6 +++ pkg/tsdb/elasticsearch/data_query.go | 3 ++ pkg/tsdb/elasticsearch/response_parser.go | 27 ++++++++-- .../elasticsearch/response_parser_test.go | 52 ++++++++++++++----- .../testdata_request/logs.request.line1.json | 9 +++- .../testdata_response/logs.a.golden.jsonc | 32 ++++++------ .../testdata_response/logs.response.json | 35 +++++++++++-- 8 files changed, 142 insertions(+), 37 deletions(-) diff --git a/devenv/docker/blocks/elastic/data/data.js b/devenv/docker/blocks/elastic/data/data.js index efff9370005..080ae9f8f94 100644 --- a/devenv/docker/blocks/elastic/data/data.js +++ b/devenv/docker/blocks/elastic/data/data.js @@ -64,6 +64,18 @@ async function elasticSetupIndexTemplate() { '@timestamp': { type: 'date', }, + '@timestamp_custom': { + type: 'date', + format: 'yyyy_MM_dd_HH_mm_ss' + }, + '@timestamp_unix': { + type: 'date', + format: 'epoch_millis' + }, + '@timestamp_nanos': { + type: 'date_nanos', + format: 'strict_date_optional_time_nanos' + }, counter: { type: 'integer', }, @@ -115,6 +127,9 @@ function getRandomLogItem(counter, timestamp) { const maybeAnsiText = Math.random() < 0.5 ? 'with ANSI \u001b[31mpart of the text\u001b[0m' : ''; return { '@timestamp': timestamp.toISOString(), + '@timestamp_custom': timestamp.toISOString().split('.')[0].replace(/[T:-]/g,'_'), + '@timestamp_unix': timestamp.getTime(), + '@timestamp_nanos': timestamp.toISOString().slice(0,-1) + '123Z', line: `log text ${maybeAnsiText} [${randomText}]`, counter: counter.toString(), float: 100 * Math.random().toString(), diff --git a/pkg/tsdb/elasticsearch/client/search_request.go b/pkg/tsdb/elasticsearch/client/search_request.go index d267210f103..cafd25f16f5 100644 --- a/pkg/tsdb/elasticsearch/client/search_request.go +++ b/pkg/tsdb/elasticsearch/client/search_request.go @@ -99,6 +99,12 @@ func (b *SearchRequestBuilder) Sort(order SortOrder, field string, unmappedType return b } +// AddTimeFieldWithStandardizedFormat adds a time field to fields with standardized time format +func (b *SearchRequestBuilder) AddTimeFieldWithStandardizedFormat(timeField string) *SearchRequestBuilder { + b.customProps["fields"] = []map[string]string{{"field": timeField, "format": "strict_date_optional_time_nanos"}} + return b +} + // AddDocValueField adds a doc value field to the search request func (b *SearchRequestBuilder) AddDocValueField(field string) *SearchRequestBuilder { b.customProps["docvalue_fields"] = []string{field} diff --git a/pkg/tsdb/elasticsearch/data_query.go b/pkg/tsdb/elasticsearch/data_query.go index f725ce441b6..8e48c7bebcc 100644 --- a/pkg/tsdb/elasticsearch/data_query.go +++ b/pkg/tsdb/elasticsearch/data_query.go @@ -325,6 +325,9 @@ func processLogsQuery(q *Query, b *es.SearchRequestBuilder, from, to int64, defa b.Sort(sort, defaultTimeField, "boolean") b.Sort(sort, "_doc", "") b.AddDocValueField(defaultTimeField) + // We need to add timeField as field with standardized time format to not receive + // invalid formats that elasticsearch can parse, but our frontend can't (e.g. yyyy_MM_dd_HH_mm_ss) + b.AddTimeFieldWithStandardizedFormat(defaultTimeField) b.Size(stringToIntWithDefaultValue(metric.Settings.Get("limit").MustString(), defaultSize)) b.AddHighlight() diff --git a/pkg/tsdb/elasticsearch/response_parser.go b/pkg/tsdb/elasticsearch/response_parser.go index fd32aef692d..86c3a66b9c4 100644 --- a/pkg/tsdb/elasticsearch/response_parser.go +++ b/pkg/tsdb/elasticsearch/response_parser.go @@ -122,6 +122,15 @@ func processLogsResponse(res *es.SearchResponse, target *Query, configuredFields } } + if hit["fields"] != nil { + source, ok := hit["fields"].(map[string]interface{}) + if ok { + for k, v := range source { + doc[k] = v + } + } + } + for key := range doc { propNames[key] = true } @@ -258,15 +267,27 @@ func processDocsToDataFrameFields(docs []map[string]interface{}, propNames []str size := len(docs) isFilterable := true allFields := make([]*data.Field, len(propNames)) + timeString := "" + timeStringOk := false for propNameIdx, propName := range propNames { // Special handling for time field if propName == configuredFields.TimeField { timeVector := make([]*time.Time, size) for i, doc := range docs { - timeString, ok := doc[configuredFields.TimeField].(string) - if !ok { - continue + // Check if time field is a string + timeString, timeStringOk = doc[configuredFields.TimeField].(string) + // If not, it might be an array with one time string + if !timeStringOk { + timeList, ok := doc[configuredFields.TimeField].([]interface{}) + if !ok || len(timeList) != 1 { + continue + } + // Check if the first element is a string + timeString, timeStringOk = timeList[0].(string) + if !timeStringOk { + continue + } } timeValue, err := time.Parse(time.RFC3339Nano, timeString) if err != nil { diff --git a/pkg/tsdb/elasticsearch/response_parser_test.go b/pkg/tsdb/elasticsearch/response_parser_test.go index 770e42e4b2c..c245be3e776 100644 --- a/pkg/tsdb/elasticsearch/response_parser_test.go +++ b/pkg/tsdb/elasticsearch/response_parser_test.go @@ -50,7 +50,7 @@ func TestProcessLogsResponse(t *testing.T) { "_type": "_doc", "_index": "mock-index", "_source": { - "testtime": "2019-06-24T09:51:19.765Z", + "testtime": "06/24/2019", "host": "djisaodjsoad", "number": 1, "line": "hello, i am a message", @@ -58,17 +58,20 @@ func TestProcessLogsResponse(t *testing.T) { "fields": { "lvl": "debug" } }, "highlight": { - "message": [ - "@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@" - ] - } + "message": [ + "@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@" + ] + }, + "fields": { + "testtime": [ "2019-06-24T09:51:19.765Z" ] + } }, { "_id": "kdospaidopa", "_type": "_doc", "_index": "mock-index", "_source": { - "testtime": "2019-06-24T09:52:19.765Z", + "testtime": "06/24/2019", "host": "dsalkdakdop", "number": 2, "line": "hello, i am also message", @@ -76,10 +79,13 @@ func TestProcessLogsResponse(t *testing.T) { "fields": { "lvl": "info" } }, "highlight": { - "message": [ - "@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@" - ] - } + "message": [ + "@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@" + ] + }, + "fields": { + "testtime": [ "2019-06-24T09:52:19.765Z" ] + } } ] } @@ -141,14 +147,14 @@ func TestProcessLogsResponse(t *testing.T) { "level": "debug", "line": "hello, i am a message", "number": 1, - "testtime": "2019-06-24T09:51:19.765Z", + "testtime": "06/24/2019", "line": "hello, i am a message" } ` expectedJson2 := ` { - "testtime": "2019-06-24T09:52:19.765Z", + "testtime": "06/24/2019", "host": "dsalkdakdop", "number": 2, "line": "hello, i am also message", @@ -180,6 +186,28 @@ func TestProcessLogsResponse(t *testing.T) { requireStringAt(t, "debug", field, 0) requireStringAt(t, "error", field, 1) }) + + t.Run("gets correct time field from fields", func(t *testing.T) { + result, err := queryDataTest(query, response) + require.NoError(t, err) + + require.Len(t, result.response.Responses, 1) + frames := result.response.Responses["A"].Frames + require.Len(t, frames, 1) + + logsFrame := frames[0] + + logsFieldMap := make(map[string]*data.Field) + for _, field := range logsFrame.Fields { + logsFieldMap[field.Name] = field + } + t0 := time.Date(2019, time.June, 24, 9, 51, 19, 765000000, time.UTC) + t1 := time.Date(2019, time.June, 24, 9, 52, 19, 765000000, time.UTC) + require.Contains(t, logsFieldMap, "testtime") + require.Equal(t, data.FieldTypeNullableTime, logsFieldMap["testtime"].Type()) + require.Equal(t, &t0, logsFieldMap["testtime"].At(0)) + require.Equal(t, &t1, logsFieldMap["testtime"].At(1)) + }) }) t.Run("Empty response", func(t *testing.T) { query := []byte(` diff --git a/pkg/tsdb/elasticsearch/testdata_request/logs.request.line1.json b/pkg/tsdb/elasticsearch/testdata_request/logs.request.line1.json index 0e105e19d31..586b29fd6ba 100644 --- a/pkg/tsdb/elasticsearch/testdata_request/logs.request.line1.json +++ b/pkg/tsdb/elasticsearch/testdata_request/logs.request.line1.json @@ -55,5 +55,12 @@ "*": {} } - } + }, + "fields": + [ + { + "field": "testtime", + "format": "strict_date_optional_time_nanos" + } + ] } \ No newline at end of file diff --git a/pkg/tsdb/elasticsearch/testdata_response/logs.a.golden.jsonc b/pkg/tsdb/elasticsearch/testdata_response/logs.a.golden.jsonc index a5ebe01bac3..1ce38625103 100644 --- a/pkg/tsdb/elasticsearch/testdata_response/logs.a.golden.jsonc +++ b/pkg/tsdb/elasticsearch/testdata_response/logs.a.golden.jsonc @@ -15,17 +15,17 @@ // } // Name: // Dimensions: 17 Fields by 5 Rows -// +-----------------------------------+---------------------------+----------------------+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------+-----------------+------------------+--------------------+--------------------------------------------------------------------------------------------------------------------------------+---------------+-----------------+-----------------+-----------------------------------------+------------------------------------+---------------------------------------------------------------------------------+--------------------------+ -// | Name: testtime | Name: line | Name: _id | Name: _index | Name: _source | Name: _type | Name: abc | Name: counter | Name: float | Name: highlight | Name: is_true | Name: label | Name: level | Name: location | Name: nested_field.internal.nested | Name: shapes | Name: sort | -// | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | -// | Type: []*time.Time | Type: []*string | Type: []*string | Type: []*string | Type: []*json.RawMessage | Type: []*json.RawMessage | Type: []*string | Type: []*float64 | Type: []*float64 | Type: []*json.RawMessage | Type: []*bool | Type: []*string | Type: []*string | Type: []*string | Type: []*string | Type: []*json.RawMessage | Type: []*json.RawMessage | -// +-----------------------------------+---------------------------+----------------------+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------+-----------------+------------------+--------------------+--------------------------------------------------------------------------------------------------------------------------------+---------------+-----------------+-----------------+-----------------------------------------+------------------------------------+---------------------------------------------------------------------------------+--------------------------+ -// | 2023-02-09 14:40:01.475 +0000 UTC | log text [106619125] | g2aeNoYB7vaC3bq-ezfK | logs-2023.02.09 | {"abc":null,"counter":81,"float":10.911972180833306,"is_true":true,"label":"val3","line":"log text [106619125]","location":"-42.73465234425797, -14.097854057104112","lvl":"info","nested_field.internal.nested":"value1","shapes":[{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}],"testtime":"2023-02-09T14:40:01.475Z"} | null | null | 81 | 10.911972180833306 | {"duplicated":["@HIGHLIGHT@hello@/HIGHLIGHT@"],"line":["@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@"]} | true | val3 | info | -42.73465234425797, -14.097854057104112 | value1 | [{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}] | [1675953601475,4] | -// | 2023-02-09 14:40:00.513 +0000 UTC | log text with [781660944] | gmaeNoYB7vaC3bq-eDcN | logs-2023.02.09 | {"abc":null,"counter":80,"float":62.94120607636795,"is_true":false,"label":"val3","line":"log text with [781660944]","location":"42.07571917624318, 15.95725088484611","lvl":"error","nested_field.internal.nested":"value2","shapes":[{"type":"triangle"},{"type":"square"}],"testtime":"2023-02-09T14:40:00.513Z"} | null | null | 80 | 62.94120607636795 | {"duplicated":["@HIGHLIGHT@hello@/HIGHLIGHT@"],"line":["@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@"]} | false | val3 | error | 42.07571917624318, 15.95725088484611 | value2 | [{"type":"triangle"},{"type":"square"}] | [1675953600513,7] | -// | 2023-02-09 14:39:59.556 +0000 UTC | log text [894867430] | gWaeNoYB7vaC3bq-dDdL | logs-2023.02.09 | {"abc":"def","counter":79,"float":53.323706427230455,"is_true":true,"label":"val1","line":"log text [894867430]","location":"-38.27341566189766, -23.66739642570781","lvl":"info","nested_field.internal.nested":"value3","shapes":[{"type":"triangle"},{"type":"square"}],"testtime":"2023-02-09T14:39:59.556Z"} | null | def | 79 | 53.323706427230455 | {"duplicated":["@HIGHLIGHT@hello@/HIGHLIGHT@"],"line":["@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@"]} | true | val1 | info | -38.27341566189766, -23.66739642570781 | value3 | [{"type":"triangle"},{"type":"square"}] | [1675953599556,10] | -// | 2023-02-09 14:39:58.608 +0000 UTC | log text [478598889] | gGaeNoYB7vaC3bq-cDeY | logs-2023.02.09 | {"abc":"def","counter":78,"float":82.72012623471589,"is_true":false,"label":"val1","line":"log text [478598889]","location":"12.373240290451287, 43.265493464362024","lvl":"info","nested_field.internal.nested":"value4","shapes":[{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}],"testtime":"2023-02-09T14:39:58.608Z"} | null | def | 78 | 82.72012623471589 | {"duplicated":["@HIGHLIGHT@hello@/HIGHLIGHT@"],"line":["@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@"]} | false | val1 | info | 12.373240290451287, 43.265493464362024 | value4 | [{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}] | [1675953598608,15] | -// | 2023-02-09 14:39:57.665 +0000 UTC | log text [526995818] | f2aeNoYB7vaC3bq-bDf7 | logs-2023.02.09 | {"abc":"def","counter":77,"float":35.05784443331803,"is_true":false,"label":"val3","line":"log text [526995818]","location":"-31.524344042228194, -32.11254790120572","lvl":"info","nested_field.internal.nested":"value5","shapes":[{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}],"testtime":"2023-02-09T14:39:57.665Z"} | null | def | 77 | 35.05784443331803 | {"duplicated":["@HIGHLIGHT@hello@/HIGHLIGHT@"],"line":["@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@"]} | false | val3 | info | -31.524344042228194, -32.11254790120572 | value5 | [{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}] | [1675953597665,20] | -// +-----------------------------------+---------------------------+----------------------+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------+-----------------+------------------+--------------------+--------------------------------------------------------------------------------------------------------------------------------+---------------+-----------------+-----------------+-----------------------------------------+------------------------------------+---------------------------------------------------------------------------------+--------------------------+ +// +-----------------------------------+---------------------------+----------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------+-----------------+------------------+--------------------+--------------------------------------------------------------------------------------------------------------------------------+---------------+-----------------+-----------------+-----------------------------------------+------------------------------------+---------------------------------------------------------------------------------+--------------------------+ +// | Name: testtime | Name: line | Name: _id | Name: _index | Name: _source | Name: _type | Name: abc | Name: counter | Name: float | Name: highlight | Name: is_true | Name: label | Name: level | Name: location | Name: nested_field.internal.nested | Name: shapes | Name: sort | +// | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | Labels: | +// | Type: []*time.Time | Type: []*string | Type: []*string | Type: []*string | Type: []*json.RawMessage | Type: []*json.RawMessage | Type: []*string | Type: []*float64 | Type: []*float64 | Type: []*json.RawMessage | Type: []*bool | Type: []*string | Type: []*string | Type: []*string | Type: []*string | Type: []*json.RawMessage | Type: []*json.RawMessage | +// +-----------------------------------+---------------------------+----------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------+-----------------+------------------+--------------------+--------------------------------------------------------------------------------------------------------------------------------+---------------+-----------------+-----------------+-----------------------------------------+------------------------------------+---------------------------------------------------------------------------------+--------------------------+ +// | 2023-02-09 14:40:01.475 +0000 UTC | log text [106619125] | g2aeNoYB7vaC3bq-ezfK | logs-2023.02.09 | {"abc":null,"counter":81,"float":10.911972180833306,"is_true":true,"label":"val3","line":"log text [106619125]","location":"-42.73465234425797, -14.097854057104112","lvl":"info","nested_field.internal.nested":"value1","shapes":[{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}],"testtime":"09/02/2023"} | null | null | 81 | 10.911972180833306 | {"duplicated":["@HIGHLIGHT@hello@/HIGHLIGHT@"],"line":["@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@"]} | true | val3 | info | -42.73465234425797, -14.097854057104112 | value1 | [{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}] | [1675953601475,4] | +// | 2023-02-09 14:40:00.513 +0000 UTC | log text with [781660944] | gmaeNoYB7vaC3bq-eDcN | logs-2023.02.09 | {"abc":null,"counter":80,"float":62.94120607636795,"is_true":false,"label":"val3","line":"log text with [781660944]","location":"42.07571917624318, 15.95725088484611","lvl":"error","nested_field.internal.nested":"value2","shapes":[{"type":"triangle"},{"type":"square"}],"testtime":"09/02/2023"} | null | null | 80 | 62.94120607636795 | {"duplicated":["@HIGHLIGHT@hello@/HIGHLIGHT@"],"line":["@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@"]} | false | val3 | error | 42.07571917624318, 15.95725088484611 | value2 | [{"type":"triangle"},{"type":"square"}] | [1675953600513,7] | +// | 2023-02-09 14:39:59.556 +0000 UTC | log text [894867430] | gWaeNoYB7vaC3bq-dDdL | logs-2023.02.09 | {"abc":"def","counter":79,"float":53.323706427230455,"is_true":true,"label":"val1","line":"log text [894867430]","location":"-38.27341566189766, -23.66739642570781","lvl":"info","nested_field.internal.nested":"value3","shapes":[{"type":"triangle"},{"type":"square"}],"testtime":"09/02/2023"} | null | def | 79 | 53.323706427230455 | {"duplicated":["@HIGHLIGHT@hello@/HIGHLIGHT@"],"line":["@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@"]} | true | val1 | info | -38.27341566189766, -23.66739642570781 | value3 | [{"type":"triangle"},{"type":"square"}] | [1675953599556,10] | +// | 2023-02-09 14:39:58.608 +0000 UTC | log text [478598889] | gGaeNoYB7vaC3bq-cDeY | logs-2023.02.09 | {"abc":"def","counter":78,"float":82.72012623471589,"is_true":false,"label":"val1","line":"log text [478598889]","location":"12.373240290451287, 43.265493464362024","lvl":"info","nested_field.internal.nested":"value4","shapes":[{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}],"testtime":"09/02/2023"} | null | def | 78 | 82.72012623471589 | {"duplicated":["@HIGHLIGHT@hello@/HIGHLIGHT@"],"line":["@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@"]} | false | val1 | info | 12.373240290451287, 43.265493464362024 | value4 | [{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}] | [1675953598608,15] | +// | 2023-02-09 14:39:57.665 +0000 UTC | log text [526995818] | f2aeNoYB7vaC3bq-bDf7 | logs-2023.02.09 | {"abc":"def","counter":77,"float":35.05784443331803,"is_true":false,"label":"val3","line":"log text [526995818]","location":"-31.524344042228194, -32.11254790120572","lvl":"info","nested_field.internal.nested":"value5","shapes":[{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}],"testtime":"09/02/2023"} | null | def | 77 | 35.05784443331803 | {"duplicated":["@HIGHLIGHT@hello@/HIGHLIGHT@"],"line":["@HIGHLIGHT@hello@/HIGHLIGHT@, i am a @HIGHLIGHT@message@/HIGHLIGHT@"]} | false | val3 | info | -31.524344042228194, -32.11254790120572 | value5 | [{"type":"triangle"},{"type":"triangle"},{"type":"triangle"},{"type":"square"}] | [1675953597665,20] | +// +-----------------------------------+---------------------------+----------------------+-----------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------------------+-----------------+------------------+--------------------+--------------------------------------------------------------------------------------------------------------------------------+---------------+-----------------+-----------------+-----------------------------------------+------------------------------------+---------------------------------------------------------------------------------+--------------------------+ // // // 🌟 This was machine generated. Do not edit. 🌟 @@ -292,7 +292,7 @@ "type": "square" } ], - "testtime": "2023-02-09T14:40:01.475Z" + "testtime": "09/02/2023" }, { "abc": null, @@ -312,7 +312,7 @@ "type": "square" } ], - "testtime": "2023-02-09T14:40:00.513Z" + "testtime": "09/02/2023" }, { "abc": "def", @@ -332,7 +332,7 @@ "type": "square" } ], - "testtime": "2023-02-09T14:39:59.556Z" + "testtime": "09/02/2023" }, { "abc": "def", @@ -358,7 +358,7 @@ "type": "square" } ], - "testtime": "2023-02-09T14:39:58.608Z" + "testtime": "09/02/2023" }, { "abc": "def", @@ -384,7 +384,7 @@ "type": "square" } ], - "testtime": "2023-02-09T14:39:57.665Z" + "testtime": "09/02/2023" } ], [ diff --git a/pkg/tsdb/elasticsearch/testdata_response/logs.response.json b/pkg/tsdb/elasticsearch/testdata_response/logs.response.json index d0aacacf455..061019ec19b 100644 --- a/pkg/tsdb/elasticsearch/testdata_response/logs.response.json +++ b/pkg/tsdb/elasticsearch/testdata_response/logs.response.json @@ -28,7 +28,7 @@ "_source": { "abc": null, "is_true": true, - "testtime": "2023-02-09T14:40:01.475Z", + "testtime": "09/02/2023", "line": "log text [106619125]", "counter": 81, "float": 10.911972180833306, @@ -55,6 +55,11 @@ } } }, + "fields": { + "testtime": [ + "2023-02-09T14:40:01.475Z" + ] + }, "sort": [ 1675953601475, 4 @@ -71,7 +76,7 @@ "_source": { "abc": null, "is_true": false, - "testtime": "2023-02-09T14:40:00.513Z", + "testtime": "09/02/2023", "line": "log text with [781660944]", "counter": 80, "float": 62.94120607636795, @@ -92,6 +97,11 @@ } } }, + "fields": { + "testtime": [ + "2023-02-09T14:40:00.513Z" + ] + }, "sort": [ 1675953600513, 7 @@ -108,7 +118,7 @@ "_source": { "abc": "def", "is_true": true, - "testtime": "2023-02-09T14:39:59.556Z", + "testtime": "09/02/2023", "line": "log text [894867430]", "counter": 79, "float": 53.323706427230455, @@ -129,6 +139,11 @@ } } }, + "fields": { + "testtime": [ + "2023-02-09T14:39:59.556Z" + ] + }, "sort": [ 1675953599556, 10 @@ -145,7 +160,7 @@ "_source": { "abc": "def", "is_true": false, - "testtime": "2023-02-09T14:39:58.608Z", + "testtime": "09/02/2023", "line": "log text [478598889]", "counter": 78, "float": 82.72012623471589, @@ -172,6 +187,11 @@ } } }, + "fields": { + "testtime": [ + "2023-02-09T14:39:58.608Z" + ] + }, "sort": [ 1675953598608, 15 @@ -188,7 +208,7 @@ "_source": { "abc": "def", "is_true": false, - "testtime": "2023-02-09T14:39:57.665Z", + "testtime": "09/02/2023", "line": "log text [526995818]", "counter": 77, "float": 35.05784443331803, @@ -215,6 +235,11 @@ } } }, + "fields": { + "testtime": [ + "2023-02-09T14:39:57.665Z" + ] + }, "sort": [ 1675953597665, 20