def test_query_with_unixms(ea):
ea.rules[0]['timestamp_type'] = 'unixms'
ea.rules[0]['dt_to_ts'] = dt_to_unixms
ea.current_es.search.return_value = {'hits': {'hits': []}}
ea.run_query(ea.rules[0], START, END)
start_unix = dt_to_unixms(START)
end_unix = dt_to_unixms(END)
ea.current_es.search.assert_called_with(body={
'filter': {
'bool': {
'must': [{
'range': {
'@timestamp': {
'lte': end_unix,
'gt': start_unix
}
}
}]
}
},
'sort': [{
'@timestamp': {
'order': 'asc'
}
}]
},
index='idx',
_source_include=['@timestamp'],
ignore_unavailable=True,
size=ea.rules[0]['max_query_size'])
def test_query_with_unixms(ea):
ea.rules[0]['timestamp_type'] = 'unixms'
ea.rules[0]['dt_to_ts'] = dt_to_unixms
ea.current_es.search.return_value = {'hits': {'hits': []}}
ea.run_query(ea.rules[0], START, END)
start_unix = dt_to_unixms(START)
end_unix = dt_to_unixms(END)
ea.current_es.search.assert_called_with(body={'filter': {'bool': {'must': [{'range': {'@timestamp': {'lte': end_unix, 'gt': start_unix}}}]}}, 'sort': [{'@timestamp': {'order': 'asc'}}]}, index='idx', _source_include=['@timestamp'], ignore_unavailable=True, size=100000)