|
| 1 | +/* |
| 2 | + * Licensed to Elasticsearch B.V. under one or more contributor |
| 3 | + * license agreements. See the NOTICE file distributed with |
| 4 | + * this work for additional information regarding copyright |
| 5 | + * ownership. Elasticsearch B.V. licenses this file to you under |
| 6 | + * the Apache License, Version 2.0 (the "License"); you may |
| 7 | + * not use this file except in compliance with the License. |
| 8 | + * You may obtain a copy of the License at |
| 9 | + * |
| 10 | + * http://www.apache.org/licenses/LICENSE-2.0 |
| 11 | + * |
| 12 | + * Unless required by applicable law or agreed to in writing, |
| 13 | + * software distributed under the License is distributed on an |
| 14 | + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| 15 | + * KIND, either express or implied. See the License for the |
| 16 | + * specific language governing permissions and limitations |
| 17 | + * under the License. |
| 18 | + */ |
| 19 | + |
| 20 | +import { RequestBase } from '@_types/Base' |
| 21 | +import { Field, GrokPattern, IndexName } from '@_types/common' |
| 22 | +import { uint } from '@_types/Numeric' |
| 23 | +import { Duration } from '@_types/Time' |
| 24 | +import { EcsCompatibilityType, FormatType } from '../_types/Structure' |
| 25 | + |
| 26 | +/** |
| 27 | + * Find the structure of a text field. |
| 28 | + * Find the structure of a text field in an Elasticsearch index. |
| 29 | + * @rest_spec_name text_structure.find_field_structure |
| 30 | + * @availability stack stability=stable visibility=public |
| 31 | + * @cluster_privileges monitor_text_structure |
| 32 | + * @doc_id find-field-structure |
| 33 | + */ |
| 34 | +interface Request extends RequestBase { |
| 35 | + query_parameters: { |
| 36 | + /** |
| 37 | + * If `format` is set to `delimited`, you can specify the column names in a comma-separated list. |
| 38 | + * If this parameter is not specified, the structure finder uses the column names from the header row of the text. |
| 39 | + * If the text does not have a header row, columns are named "column1", "column2", "column3", for example. |
| 40 | + */ |
| 41 | + column_names?: string |
| 42 | + /** |
| 43 | + * If you have set `format` to `delimited`, you can specify the character used to delimit the values in each row. |
| 44 | + * Only a single character is supported; the delimiter cannot have multiple characters. |
| 45 | + * By default, the API considers the following possibilities: comma, tab, semi-colon, and pipe (`|`). |
| 46 | + * In this default scenario, all rows must have the same number of fields for the delimited format to be detected. |
| 47 | + * If you specify a delimiter, up to 10% of the rows can have a different number of columns than the first row. |
| 48 | + */ |
| 49 | + delimiter?: string |
| 50 | + /** |
| 51 | + * The number of documents to include in the structural analysis. |
| 52 | + * The minimum value is 2. |
| 53 | + * @server_default 1000 |
| 54 | + */ |
| 55 | + documents_to_sample?: uint |
| 56 | + /** |
| 57 | + * The mode of compatibility with ECS compliant Grok patterns. |
| 58 | + * Use this parameter to specify whether to use ECS Grok patterns instead of legacy ones when the structure finder creates a Grok pattern. |
| 59 | + * This setting primarily has an impact when a whole message Grok pattern such as `%{CATALINALOG}` matches the input. |
| 60 | + * If the structure finder identifies a common structure but has no idea of the meaning then generic field names such as `path`, `ipaddress`, `field1`, and `field2` are used in the `grok_pattern` output. |
| 61 | + * The intention in that situation is that a user who knows the meanings will rename the fields before using them. |
| 62 | + * @server_default disabled |
| 63 | + */ |
| 64 | + ecs_compatibility?: EcsCompatibilityType |
| 65 | + /** |
| 66 | + * If true, the response includes a field named `explanation`, which is an array of strings that indicate how the structure finder produced its result. |
| 67 | + * @server_default false |
| 68 | + */ |
| 69 | + explain?: boolean |
| 70 | + /** |
| 71 | + * The field that should be analyzed. |
| 72 | + */ |
| 73 | + field: Field |
| 74 | + /** |
| 75 | + * The high level structure of the text. |
| 76 | + * By default, the API chooses the format. |
| 77 | + * In this default scenario, all rows must have the same number of fields for a delimited format to be detected. |
| 78 | + * If the format is set to delimited and the delimiter is not set, however, the API tolerates up to 5% of rows that have a different number of columns than the first row. |
| 79 | + */ |
| 80 | + format?: FormatType |
| 81 | + /** |
| 82 | + * If the format is `semi_structured_text`, you can specify a Grok pattern that is used to extract fields from every message in the text. |
| 83 | + * The name of the timestamp field in the Grok pattern must match what is specified in the `timestamp_field` parameter. |
| 84 | + * If that parameter is not specified, the name of the timestamp field in the Grok pattern must match "timestamp". |
| 85 | + * If `grok_pattern` is not specified, the structure finder creates a Grok pattern. |
| 86 | + */ |
| 87 | + grok_pattern?: GrokPattern |
| 88 | + /** |
| 89 | + * The name of the index that contains the analyzed field. |
| 90 | + */ |
| 91 | + index: IndexName |
| 92 | + /** |
| 93 | + * If the format is `delimited`, you can specify the character used to quote the values in each row if they contain newlines or the delimiter character. |
| 94 | + * Only a single character is supported. |
| 95 | + * If this parameter is not specified, the default value is a double quote (`"`). |
| 96 | + * If your delimited text format does not use quoting, a workaround is to set this argument to a character that does not appear anywhere in the sample. |
| 97 | + */ |
| 98 | + quote?: string |
| 99 | + /** |
| 100 | + * If the format is `delimited`, you can specify whether values between delimiters should have whitespace trimmed from them. |
| 101 | + * If this parameter is not specified and the delimiter is pipe (`|`), the default value is true. |
| 102 | + * Otherwise, the default value is false. |
| 103 | + */ |
| 104 | + should_trim_fields?: boolean |
| 105 | + /** |
| 106 | + * The maximum amount of time that the structure analysis can take. |
| 107 | + * If the analysis is still running when the timeout expires, it will be stopped. |
| 108 | + * @server_default 25s |
| 109 | + */ |
| 110 | + timeout?: Duration |
| 111 | + /** |
| 112 | + * The name of the field that contains the primary timestamp of each record in the text. |
| 113 | + * In particular, if the text was ingested into an index, this is the field that would be used to populate the `@timestamp` field. |
| 114 | + * |
| 115 | + * If the format is `semi_structured_text`, this field must match the name of the appropriate extraction in the `grok_pattern`. |
| 116 | + * Therefore, for semi-structured text, it is best not to specify this parameter unless `grok_pattern` is also specified. |
| 117 | + * |
| 118 | + * For structured text, if you specify this parameter, the field must exist within the text. |
| 119 | + * |
| 120 | + * If this parameter is not specified, the structure finder makes a decision about which field (if any) is the primary timestamp field. |
| 121 | + * For structured text, it is not compulsory to have a timestamp in the text. |
| 122 | + */ |
| 123 | + timestamp_field?: Field |
| 124 | + /** |
| 125 | + * The Java time format of the timestamp field in the text. |
| 126 | + * Only a subset of Java time format letter groups are supported: |
| 127 | + * |
| 128 | + * * `a` |
| 129 | + * * `d` |
| 130 | + * * `dd` |
| 131 | + * * `EEE` |
| 132 | + * * `EEEE` |
| 133 | + * * `H` |
| 134 | + * * `HH` |
| 135 | + * * `h` |
| 136 | + * * `M` |
| 137 | + * * `MM` |
| 138 | + * * `MMM` |
| 139 | + * * `MMMM` |
| 140 | + * * `mm` |
| 141 | + * * `ss` |
| 142 | + * * `XX` |
| 143 | + * * `XXX` |
| 144 | + * * `yy` |
| 145 | + * * `yyyy` |
| 146 | + * * `zzz` |
| 147 | + * |
| 148 | + * Additionally `S` letter groups (fractional seconds) of length one to nine are supported providing they occur after `ss` and are separated from the `ss` by a period (`.`), comma (`,`), or colon (`:`). |
| 149 | + * Spacing and punctuation is also permitted with the exception a question mark (`?`), newline, and carriage return, together with literal text enclosed in single quotes. |
| 150 | + * For example, `MM/dd HH.mm.ss,SSSSSS 'in' yyyy` is a valid override format. |
| 151 | + * |
| 152 | + * One valuable use case for this parameter is when the format is semi-structured text, there are multiple timestamp formats in the text, and you know which format corresponds to the primary timestamp, but you do not want to specify the full `grok_pattern`. |
| 153 | + * Another is when the timestamp format is one that the structure finder does not consider by default. |
| 154 | + * |
| 155 | + * If this parameter is not specified, the structure finder chooses the best format from a built-in set. |
| 156 | + * |
| 157 | + * If the special value `null` is specified, the structure finder will not look for a primary timestamp in the text. |
| 158 | + * When the format is semi-structured text, this will result in the structure finder treating the text as single-line messages. |
| 159 | + */ |
| 160 | + timestamp_format?: string |
| 161 | + } |
| 162 | +} |
0 commit comments