Examples with Group org.apache.metron.indexing.dao.search.Group used on opensource projects

Search in sources :

Example 1 with Group

use of org.apache.metron.indexing.dao.search.Group in project metron by apache.

the class ElasticsearchDao method getGroupsTermBuilder.

private TermsAggregationBuilder getGroupsTermBuilder(GroupRequest groupRequest, int index) {
    List<Group> groups = groupRequest.getGroups();
    Group group = groups.get(index);
    String aggregationName = getGroupByAggregationName(group.getField());
    TermsAggregationBuilder termsBuilder = AggregationBuilders.terms(aggregationName);
    termsBuilder.field(group.getField()).size(accessConfig.getMaxSearchGroups()).order(getElasticsearchGroupOrder(group.getOrder()));
    if (index < groups.size() - 1) {
        termsBuilder.subAggregation(getGroupsTermBuilder(groupRequest, index + 1));
    }
    Optional<String> scoreField = groupRequest.getScoreField();
    if (scoreField.isPresent()) {
        SumAggregationBuilder scoreSumAggregationBuilder = AggregationBuilders.sum(getSumAggregationName(scoreField.get())).field(scoreField.get()).missing(0);
        termsBuilder.subAggregation(scoreSumAggregationBuilder);
    }
    return termsBuilder;
}
Also used : SumAggregationBuilder(org.elasticsearch.search.aggregations.metrics.sum.SumAggregationBuilder) Group(org.apache.metron.indexing.dao.search.Group) TermsAggregationBuilder(org.elasticsearch.search.aggregations.bucket.terms.TermsAggregationBuilder)

Example 2 with Group

use of org.apache.metron.indexing.dao.search.Group in project metron by apache.

the class ElasticsearchSearchDao method getGroupResults.

private List<GroupResult> getGroupResults(GroupRequest groupRequest, int index, Aggregations aggregations, Map<String, FieldType> commonColumnMetadata) {
    List<Group> groups = groupRequest.getGroups();
    String field = groups.get(index).getField();
    List<GroupResult> searchResultGroups = new ArrayList<>();
    if (aggregations != null) {
        Terms terms = aggregations.get(getGroupByAggregationName(field));
        for (Bucket bucket : terms.getBuckets()) {
            GroupResult groupResult = new GroupResult();
            groupResult.setKey(formatKey(bucket.getKey(), commonColumnMetadata.get(field)));
            groupResult.setTotal(bucket.getDocCount());
            Optional<String> scoreField = groupRequest.getScoreField();
            if (scoreField.isPresent()) {
                Sum score = bucket.getAggregations().get(getSumAggregationName(scoreField.get()));
                groupResult.setScore(score.getValue());
            }
            if (index < groups.size() - 1) {
                groupResult.setGroupedBy(groups.get(index + 1).getField());
                groupResult.setGroupResults(getGroupResults(groupRequest, index + 1, bucket.getAggregations(), commonColumnMetadata));
            }
            searchResultGroups.add(groupResult);
        }
    }
    return searchResultGroups;
}
Also used : Group(org.apache.metron.indexing.dao.search.Group) Bucket(org.elasticsearch.search.aggregations.bucket.terms.Terms.Bucket) GroupResult(org.apache.metron.indexing.dao.search.GroupResult) ArrayList(java.util.ArrayList) Terms(org.elasticsearch.search.aggregations.bucket.terms.Terms) Sum(org.elasticsearch.search.aggregations.metrics.sum.Sum)

Example 3 with Group

use of org.apache.metron.indexing.dao.search.Group in project metron by apache.

the class SolrSearchDao method getGroupResults.

protected List<GroupResult> getGroupResults(GroupRequest groupRequest, int index, List<PivotField> pivotFields) {
    List<Group> groups = groupRequest.getGroups();
    List<GroupResult> searchResultGroups = new ArrayList<>();
    final GroupOrder groupOrder = groups.get(index).getOrder();
    pivotFields.sort((o1, o2) -> {
        String s1 = groupOrder.getGroupOrderType() == GroupOrderType.TERM ? o1.getValue().toString() : Integer.toString(o1.getCount());
        String s2 = groupOrder.getGroupOrderType() == GroupOrderType.TERM ? o2.getValue().toString() : Integer.toString(o2.getCount());
        if (groupOrder.getSortOrder() == SortOrder.ASC) {
            return s1.compareTo(s2);
        } else {
            return s2.compareTo(s1);
        }
    });
    for (PivotField pivotField : pivotFields) {
        GroupResult groupResult = new GroupResult();
        groupResult.setKey(pivotField.getValue().toString());
        groupResult.setTotal(pivotField.getCount());
        Optional<String> scoreField = groupRequest.getScoreField();
        if (scoreField.isPresent()) {
            groupResult.setScore((Double) pivotField.getFieldStatsInfo().get(scoreField.get()).getSum());
        }
        if (index < groups.size() - 1) {
            groupResult.setGroupedBy(groups.get(index + 1).getField());
            groupResult.setGroupResults(getGroupResults(groupRequest, index + 1, pivotField.getPivot()));
        }
        searchResultGroups.add(groupResult);
    }
    return searchResultGroups;
}
Also used : Group(org.apache.metron.indexing.dao.search.Group) GroupResult(org.apache.metron.indexing.dao.search.GroupResult) ArrayList(java.util.ArrayList) PivotField(org.apache.solr.client.solrj.response.PivotField) GroupOrder(org.apache.metron.indexing.dao.search.GroupOrder)

Example 4 with Group

use of org.apache.metron.indexing.dao.search.Group in project metron by apache.

the class ElasticsearchDao method getGroupResults.

private List<GroupResult> getGroupResults(GroupRequest groupRequest, int index, Aggregations aggregations, Map<String, FieldType> commonColumnMetadata) {
    List<Group> groups = groupRequest.getGroups();
    String field = groups.get(index).getField();
    Terms terms = aggregations.get(getGroupByAggregationName(field));
    List<GroupResult> searchResultGroups = new ArrayList<>();
    for (Bucket bucket : terms.getBuckets()) {
        GroupResult groupResult = new GroupResult();
        groupResult.setKey(formatKey(bucket.getKey(), commonColumnMetadata.get(field)));
        groupResult.setTotal(bucket.getDocCount());
        Optional<String> scoreField = groupRequest.getScoreField();
        if (scoreField.isPresent()) {
            Sum score = bucket.getAggregations().get(getSumAggregationName(scoreField.get()));
            groupResult.setScore(score.getValue());
        }
        if (index < groups.size() - 1) {
            groupResult.setGroupedBy(groups.get(index + 1).getField());
            groupResult.setGroupResults(getGroupResults(groupRequest, index + 1, bucket.getAggregations(), commonColumnMetadata));
        }
        searchResultGroups.add(groupResult);
    }
    return searchResultGroups;
}
Also used : Group(org.apache.metron.indexing.dao.search.Group) Bucket(org.elasticsearch.search.aggregations.bucket.terms.Terms.Bucket) Terms(org.elasticsearch.search.aggregations.bucket.terms.Terms) GroupResult(org.apache.metron.indexing.dao.search.GroupResult) ArrayList(java.util.ArrayList) Sum(org.elasticsearch.search.aggregations.metrics.sum.Sum)

Example 5 with Group

use of org.apache.metron.indexing.dao.search.Group in project metron by apache.

the class ElasticsearchMetaAlertIntegrationTest method shouldHidesAlertsOnGroup.

@Test
public void shouldHidesAlertsOnGroup() throws Exception {
    // Load alerts
    List<Map<String, Object>> alerts = buildAlerts(2);
    alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_active"));
    alerts.get(0).put("ip_src_addr", "192.168.1.1");
    alerts.get(0).put("score_field", 1);
    alerts.get(1).put("ip_src_addr", "192.168.1.1");
    alerts.get(1).put("score_field", 10);
    elasticsearchAdd(alerts, INDEX, SENSOR_NAME);
    // Put the nested type into the test index, so that it'll match appropriately
    ((ElasticsearchDao) esDao).getClient().admin().indices().preparePutMapping(INDEX).setType("test_doc").setSource(nestedAlertMapping).get();
    // Don't need any meta alerts to actually exist, since we've populated the field on the alerts.
    // Verify load was successful
    findCreatedDocs(Arrays.asList(new GetRequest("message_0", SENSOR_NAME), new GetRequest("message_1", SENSOR_NAME)));
    // Build our group request
    Group searchGroup = new Group();
    searchGroup.setField("ip_src_addr");
    List<Group> groupList = new ArrayList<>();
    groupList.add(searchGroup);
    GroupResponse groupResponse = metaDao.group(new GroupRequest() {

        {
            setQuery("ip_src_addr:192.168.1.1");
            setIndices(Collections.singletonList("*"));
            setScoreField("score_field");
            setGroups(groupList);
        }
    });
    // Should only return the standalone alert in the group
    GroupResult result = groupResponse.getGroupResults().get(0);
    Assert.assertEquals(1, result.getTotal());
    Assert.assertEquals("192.168.1.1", result.getKey());
    // No delta, since no ops happen
    Assert.assertEquals(10.0d, result.getScore(), 0.0d);
}
Also used : Group(org.apache.metron.indexing.dao.search.Group) ElasticsearchDao(org.apache.metron.elasticsearch.dao.ElasticsearchDao) GroupRequest(org.apache.metron.indexing.dao.search.GroupRequest) GetRequest(org.apache.metron.indexing.dao.search.GetRequest) ArrayList(java.util.ArrayList) GroupResult(org.apache.metron.indexing.dao.search.GroupResult) Map(java.util.Map) HashMap(java.util.HashMap) GroupResponse(org.apache.metron.indexing.dao.search.GroupResponse) Test(org.junit.Test)

Aggregations

Group (org.apache.metron.indexing.dao.search.Group)8 GroupResult (org.apache.metron.indexing.dao.search.GroupResult)6 ArrayList (java.util.ArrayList)5 HashMap (java.util.HashMap)2 Map (java.util.Map)2 GetRequest (org.apache.metron.indexing.dao.search.GetRequest)2 GroupRequest (org.apache.metron.indexing.dao.search.GroupRequest)2 GroupResponse (org.apache.metron.indexing.dao.search.GroupResponse)2 Terms (org.elasticsearch.search.aggregations.bucket.terms.Terms)2 Bucket (org.elasticsearch.search.aggregations.bucket.terms.Terms.Bucket)2 TermsAggregationBuilder (org.elasticsearch.search.aggregations.bucket.terms.TermsAggregationBuilder)2 Sum (org.elasticsearch.search.aggregations.metrics.sum.Sum)2 SumAggregationBuilder (org.elasticsearch.search.aggregations.metrics.sum.SumAggregationBuilder)2 ElasticsearchDao (org.apache.metron.elasticsearch.dao.ElasticsearchDao)1 GroupOrder (org.apache.metron.indexing.dao.search.GroupOrder)1 PivotField (org.apache.solr.client.solrj.response.PivotField)1 Test (org.junit.Test)1 Test (org.junit.jupiter.api.Test)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial