Module: Elasticsearch::API::TextStructure::Actions

Included in:

TextStructureClient

Defined in:

lib/elasticsearch/api/namespace/text_structure.rb,
lib/elasticsearch/api/actions/text_structure/find_structure.rb,
lib/elasticsearch/api/actions/text_structure/test_grok_pattern.rb,
lib/elasticsearch/api/actions/text_structure/find_field_structure.rb,
lib/elasticsearch/api/actions/text_structure/find_message_structure.rb

Instance Method Summary

• #find_field_structure(arguments = {}) ⇒ Object

  Find the structure of a text field.

• #find_message_structure(arguments = {}) ⇒ Object

  Find the structure of text messages.

• #find_structure(arguments = {}) ⇒ Object

  Find the structure of a text file.

• #test_grok_pattern(arguments = {}) ⇒ Object

  Test a Grok pattern.

Instance Method Details

#find_field_structure(arguments = {}) ⇒ Object

Find the structure of a text field

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :index (String) —

  The index containing the analyzed field (Required)

• :field (String) —

  The field that should be analyzed (Required)

• :documents_to_sample (Integer) —

  How many documents should be included in the analysis

• :timeout (Time) —

  Timeout after which the analysis will be aborted

• :format (String) —

  Optional parameter to specify the high level file format (options: ndjson, xml, delimited, semi_structured_text)

• :column_names (List) —

  Optional parameter containing a comma separated list of the column names for a delimited file

• :delimiter (String) —

  Optional parameter to specify the delimiter character for a delimited file - must be a single character

• :quote (String) —

  Optional parameter to specify the quote character for a delimited file - must be a single character

• :should_trim_fields (Boolean) —

  Optional parameter to specify whether the values between delimiters in a delimited file should have whitespace trimmed from them

• :grok_pattern (String) —

  Optional parameter to specify the Grok pattern that should be used to extract fields from messages in a semi-structured text file

• :ecs_compatibility (String) —

  The mode of compatibility with ECS compliant Grok patterns. Use this parameter to specify whether to use ECS Grok patterns instead of legacy ones when the structure finder creates a Grok pattern. This setting primarily has an impact when a whole message Grok pattern such as ‘%CATALINALOG` matches the input. If the structure finder identifies a common structure but has no idea of the meaning then generic field names such as `path`, `ipaddress`, `field1`, and `field2` are used in the `grok_pattern` output. The intention in that situation is that a user who knows the meanings will rename the fields before using them. (options: disabled, v1)

• :timestamp_field (String) —

  Optional parameter to specify the timestamp field in the file

• :timestamp_format (String) —

  Optional parameter to specify the timestamp format in the file - may be either a Joda or Java time format

• :explain (Boolean) —

  Whether to include a commentary on how the structure was derived

• :headers (Hash) —

  Custom HTTP headers

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/8.19/find-field-structure.html

# File 'lib/elasticsearch/api/actions/text_structure/find_field_structure.rb', line 45

def find_field_structure(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'text_structure.find_field_structure' }

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body   = nil

  method = Elasticsearch::API::HTTP_GET
  path   = '_text_structure/find_field_structure'
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#find_message_structure(arguments = {}) ⇒ Object

Find the structure of text messages

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :timeout (Time) —

  Timeout after which the analysis will be aborted

• :format (String) —

  Optional parameter to specify the high level file format (options: ndjson, xml, delimited, semi_structured_text)

• :column_names (List) —

  Optional parameter containing a comma separated list of the column names for a delimited file

• :delimiter (String) —

  Optional parameter to specify the delimiter character for a delimited file - must be a single character

• :quote (String) —

  Optional parameter to specify the quote character for a delimited file - must be a single character

• :should_trim_fields (Boolean) —

  Optional parameter to specify whether the values between delimiters in a delimited file should have whitespace trimmed from them

• :grok_pattern (String) —

  Optional parameter to specify the Grok pattern that should be used to extract fields from messages in a semi-structured text file

• :ecs_compatibility (String) —

  The mode of compatibility with ECS compliant Grok patterns. Use this parameter to specify whether to use ECS Grok patterns instead of legacy ones when the structure finder creates a Grok pattern. This setting primarily has an impact when a whole message Grok pattern such as ‘%CATALINALOG` matches the input. If the structure finder identifies a common structure but has no idea of meaning then generic field names such as `path`, `ipaddress`, `field1`, and `field2` are used in the `grok_pattern` output, with the intention that a user who knows the meanings rename these fields before using it. (options: disabled, v1)

• :timestamp_field (String) —

  Optional parameter to specify the timestamp field in the file

• :timestamp_format (String) —

  Optional parameter to specify the timestamp format in the file - may be either a Joda or Java time format

• :explain (Boolean) —

  Whether to include a commentary on how the structure was derived

• :headers (Hash) —

  Custom HTTP headers

• :body (Hash) —

  JSON object with one field [messages], containing an array of messages to be analyzed (Required)

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/8.19/find-message-structure.html

# File 'lib/elasticsearch/api/actions/text_structure/find_message_structure.rb', line 43

def find_message_structure(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'text_structure.find_message_structure' }

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body   = arguments.delete(:body)

  method = Elasticsearch::API::HTTP_POST
  path   = '_text_structure/find_message_structure'
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#find_structure(arguments = {}) ⇒ Object

Find the structure of a text file

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :lines_to_sample (Integer) —

  How many lines of the file should be included in the analysis

• :line_merge_size_limit (Integer) —

  Maximum number of characters permitted in a single message when lines are merged to create messages.

• :timeout (Time) —

  Timeout after which the analysis will be aborted

• :charset (String) —

  Optional parameter to specify the character set of the file

• :format (String) —

  Optional parameter to specify the high level file format (options: ndjson, xml, delimited, semi_structured_text)

• :has_header_row (Boolean) —

  Optional parameter to specify whether a delimited file includes the column names in its first row

• :column_names (List) —

  Optional parameter containing a comma separated list of the column names for a delimited file

• :delimiter (String) —

  Optional parameter to specify the delimiter character for a delimited file - must be a single character

• :quote (String) —

  Optional parameter to specify the quote character for a delimited file - must be a single character

• :should_trim_fields (Boolean) —

  Optional parameter to specify whether the values between delimiters in a delimited file should have whitespace trimmed from them

• :grok_pattern (String) —

  Optional parameter to specify the Grok pattern that should be used to extract fields from messages in a semi-structured text file

• :ecs_compatibility (String) —

  Optional parameter to specify the compatibility mode with ECS Grok patterns - may be either ‘v1’ or ‘disabled’

• :timestamp_field (String) —

  Optional parameter to specify the timestamp field in the file

• :timestamp_format (String) —

  Optional parameter to specify the timestamp format in the file - may be either a Joda or Java time format

• :explain (Boolean) —

  Whether to include a commentary on how the structure was derived

• :headers (Hash) —

  Custom HTTP headers

• :body (Hash) —

  The contents of the file to be analyzed (Required)

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/8.19/find-structure.html

# File 'lib/elasticsearch/api/actions/text_structure/find_structure.rb', line 47

def find_structure(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'text_structure.find_structure' }

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body   = arguments.delete(:body)

  method = Elasticsearch::API::HTTP_POST
  path   = '_text_structure/find_structure'
  params = Utils.process_params(arguments)

  payload = if body.is_a? Array
              Elasticsearch::API::Utils.__bulkify(body)
            else
              body
            end

  headers.merge!('Content-Type' => 'application/x-ndjson')
  Elasticsearch::API::Response.new(
    perform_request(method, path, params, payload, headers, request_opts)
  )
end

#test_grok_pattern(arguments = {}) ⇒ Object

Test a Grok pattern

Parameters:

• arguments (Hash) (defaults to: {}) —

  a customizable set of options

Options Hash (arguments):

• :ecs_compatibility (String) —

  Optional parameter to specify the compatibility mode with ECS Grok patterns - may be either ‘v1’ or ‘disabled’

• :headers (Hash) —

  Custom HTTP headers

• :body (Hash) —

  The Grok pattern and text. (Required)

Raises:

• (ArgumentError)

See Also:

• https://www.elastic.co/guide/en/elasticsearch/reference/8.19/test-grok-pattern.html

# File 'lib/elasticsearch/api/actions/text_structure/test_grok_pattern.rb', line 33

def test_grok_pattern(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || 'text_structure.test_grok_pattern' }

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body   = arguments.delete(:body)

  method = Elasticsearch::API::HTTP_POST
  path   = '_text_structure/test_grok_pattern'
  params = Utils.process_params(arguments)

  Elasticsearch::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end