[Logs UI] Use fields API in log analysis results (#77147)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2020-09-21 16:59:41 +02:00 · 2020-09-21 16:59:41 +02:00 · 414529a348
parent 4e7b7bf65f
commit 414529a348
2 changed files with 21 additions and 17 deletions
--- a/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts
+++ b/x-pack/plugins/infra/server/lib/log_analysis/log_entry_anomalies.ts
@ -262,18 +262,18 @@ async function fetchLogEntryAnomalies(
      bucket_span: duration,
      timestamp: anomalyStartTime,
      by_field_value: categoryId,
-    } = result._source;
+    } = result.fields;

    return {
      id: result._id,
-      anomalyScore,
-      dataset,
+      anomalyScore: anomalyScore[0],
+      dataset: dataset[0],
      typical: typical[0],
      actual: actual[0],
-      jobId: job_id,
-      startTime: anomalyStartTime,
-      duration: duration * 1000,
-      categoryId,
+      jobId: job_id[0],
+      startTime: parseInt(anomalyStartTime[0], 10),
+      duration: duration[0] * 1000,
+      categoryId: categoryId?.[0],
    };
  });

--- a/x-pack/plugins/infra/server/lib/log_analysis/queries/log_entry_anomalies.ts
+++ b/x-pack/plugins/infra/server/lib/log_analysis/queries/log_entry_anomalies.ts
@ -46,13 +46,16 @@ export const createLogEntryAnomaliesQuery = (
    ...createDatasetsFilters(datasets),
  ];

-  const sourceFields = [
+  const fields = [
    'job_id',
    'record_score',
    'typical',
    'actual',
    'partition_field_value',
-    'timestamp',
+    {
+      field: 'timestamp',
+      format: 'epoch_millis',
+    },
    'bucket_span',
    'by_field_value',
  ];
@ -75,7 +78,8 @@ export const createLogEntryAnomaliesQuery = (
      search_after: queryCursor,
      sort: sortOptions,
      size: pageSize,
-      _source: sourceFields,
+      _source: false,
+      fields,
    },
  };

@ -84,18 +88,18 @@ export const createLogEntryAnomaliesQuery = (

 export const logEntryAnomalyHitRT = rt.type({
  _id: rt.string,
-  _source: rt.intersection([
+  fields: rt.intersection([
    rt.type({
-      job_id: rt.string,
-      record_score: rt.number,
+      job_id: rt.array(rt.string),
+      record_score: rt.array(rt.number),
      typical: rt.array(rt.number),
      actual: rt.array(rt.number),
-      partition_field_value: rt.string,
-      bucket_span: rt.number,
-      timestamp: rt.number,
+      partition_field_value: rt.array(rt.string),
+      bucket_span: rt.array(rt.number),
+      timestamp: rt.array(rt.string),
    }),
    rt.partial({
-      by_field_value: rt.string,
+      by_field_value: rt.array(rt.string),
    }),
  ]),
  sort: rt.tuple([rt.union([rt.string, rt.number]), rt.union([rt.string, rt.number])]),