Examples with SearchResponse org.apache.metron.indexing.dao.search.SearchResponse used on opensource projects

Search in sources :

Example 26 with SearchResponse

use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.

the class SearchIntegrationTest method all_query_returns_all_results.

@Test
public void all_query_returns_all_results() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(allQuery, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(10, response.getTotal());
    List<SearchResult> results = response.getResults();
    Assert.assertEquals(10, results.size());
    for (int i = 0; i < 5; ++i) {
        Assert.assertEquals("snort", results.get(i).getSource().get("source:type"));
        Assert.assertEquals(10 - i, results.get(i).getSource().get("timestamp"));
    }
    for (int i = 5; i < 10; ++i) {
        Assert.assertEquals("bro", results.get(i).getSource().get("source:type"));
        Assert.assertEquals(10 - i, results.get(i).getSource().get("timestamp"));
    }
}
Also used : SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) Test(org.junit.Test)

Example 27 with SearchResponse

use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.

the class SearchIntegrationTest method results_are_paginated.

@Test
public void results_are_paginated() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(paginationQuery, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(10, response.getTotal());
    List<SearchResult> results = response.getResults();
    Assert.assertEquals(3, results.size());
    Assert.assertEquals("snort", results.get(0).getSource().get("source:type"));
    Assert.assertEquals(6, results.get(0).getSource().get("timestamp"));
    Assert.assertEquals("bro", results.get(1).getSource().get("source:type"));
    Assert.assertEquals(5, results.get(1).getSource().get("timestamp"));
    Assert.assertEquals("bro", results.get(2).getSource().get("source:type"));
    Assert.assertEquals(4, results.get(2).getSource().get("timestamp"));
}
Also used : SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) Test(org.junit.Test)

Example 28 with SearchResponse

use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.

the class ElasticsearchSearchDao method buildSearchResponse.

/**
 * Builds a search response.
 *
 * This effectively transforms an Elasticsearch search response into a Metron search response.
 *
 * @param searchRequest The Metron search request.
 * @param esResponse The Elasticsearch search response.
 * @return A Metron search response.
 * @throws InvalidSearchException
 */
private SearchResponse buildSearchResponse(SearchRequest searchRequest, org.elasticsearch.action.search.SearchResponse esResponse) throws InvalidSearchException {
    SearchResponse searchResponse = new SearchResponse();
    searchResponse.setTotal(esResponse.getHits().getTotalHits());
    // search hits --> search results
    List<SearchResult> results = new ArrayList<>();
    for (SearchHit hit : esResponse.getHits().getHits()) {
        results.add(getSearchResult(hit, searchRequest.getFields()));
    }
    searchResponse.setResults(results);
    // handle facet fields
    if (searchRequest.getFacetFields() != null) {
        List<String> facetFields = searchRequest.getFacetFields();
        Map<String, FieldType> commonColumnMetadata;
        try {
            commonColumnMetadata = columnMetadataDao.getColumnMetadata(searchRequest.getIndices());
        } catch (IOException e) {
            throw new InvalidSearchException(String.format("Could not get common column metadata for indices %s", Arrays.toString(searchRequest.getIndices().toArray())));
        }
        searchResponse.setFacetCounts(getFacetCounts(facetFields, esResponse.getAggregations(), commonColumnMetadata));
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("Built search response; response={}", ElasticsearchUtils.toJSON(searchResponse).orElse("???"));
    }
    return searchResponse;
}
Also used : InvalidSearchException(org.apache.metron.indexing.dao.search.InvalidSearchException) SearchHit(org.elasticsearch.search.SearchHit) ArrayList(java.util.ArrayList) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) IOException(java.io.IOException) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) FieldType(org.apache.metron.indexing.dao.search.FieldType)

Example 29 with SearchResponse

use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.

the class ElasticsearchMetaAlertUpdateDao method update.

@Override
public Document update(Document update, Optional<String> index) throws IOException {
    if (MetaAlertConstants.METAALERT_TYPE.equals(update.getSensorType())) {
        // We've been passed an update to the meta alert.
        throw new UnsupportedOperationException("Meta alerts cannot be directly updated");
    } else {
        Map<Document, Optional<String>> updates = new HashMap<>();
        updates.put(update, index);
        try {
            // We need to update an alert itself.  Only that portion of the update can be delegated.
            // We still need to get meta alerts potentially associated with it and update.
            SearchResponse response = getMetaAlertsForAlert(update.getGuid());
            Collection<Document> metaAlerts = response.getResults().stream().map(result -> toDocument(result, update.getTimestamp())).collect(Collectors.toList());
            // Each meta alert needs to be updated with the new alert
            for (Document metaAlert : metaAlerts) {
                replaceAlertInMetaAlert(metaAlert, update);
                updates.put(metaAlert, Optional.of(METAALERTS_INDEX));
            }
        } catch (IndexNotFoundException e) {
            List<String> indicesNotFound = e.getMetadata(INDEX_NOT_FOUND_INDICES_KEY);
            // Otherwise throw the exception.
            if (indicesNotFound.size() != 1 || !METAALERTS_INDEX.equals(indicesNotFound.get(0))) {
                throw e;
            }
        }
        // Run the alert's update
        elasticsearchDao.batchUpdate(updates);
        return update;
    }
}
Also used : MetaAlertStatus(org.apache.metron.indexing.dao.metaalert.MetaAlertStatus) MetaAlertConstants(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants) HashMap(java.util.HashMap) QueryBuilders.nestedQuery(org.elasticsearch.index.query.QueryBuilders.nestedQuery) AbstractLuceneMetaAlertUpdateDao(org.apache.metron.indexing.dao.metaalert.lucene.AbstractLuceneMetaAlertUpdateDao) IndexNotFoundException(org.elasticsearch.index.IndexNotFoundException) Map(java.util.Map) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) MetaAlertCreateRequest(org.apache.metron.indexing.dao.metaalert.MetaAlertCreateRequest) SearchHit(org.elasticsearch.search.SearchHit) Document(org.apache.metron.indexing.dao.update.Document) QueryBuilder(org.elasticsearch.index.query.QueryBuilder) QueryBuilders.boolQuery(org.elasticsearch.index.query.QueryBuilders.boolQuery) ElasticsearchUtils(org.apache.metron.elasticsearch.utils.ElasticsearchUtils) CommentAddRemoveRequest(org.apache.metron.indexing.dao.update.CommentAddRemoveRequest) Collection(java.util.Collection) MetaScores(org.apache.metron.indexing.dao.metaalert.MetaScores) IOException(java.io.IOException) GetRequest(org.apache.metron.indexing.dao.search.GetRequest) ScoreMode(org.apache.lucene.search.join.ScoreMode) Constants(org.apache.metron.common.Constants) Collectors(java.util.stream.Collectors) MetaAlertRetrieveLatestDao(org.apache.metron.indexing.dao.metaalert.MetaAlertRetrieveLatestDao) QueryBuilders.termQuery(org.elasticsearch.index.query.QueryBuilders.termQuery) List(java.util.List) METAALERTS_INDEX(org.apache.metron.elasticsearch.dao.ElasticsearchMetaAlertDao.METAALERTS_INDEX) InvalidCreateException(org.apache.metron.indexing.dao.search.InvalidCreateException) Optional(java.util.Optional) MetaAlertConfig(org.apache.metron.indexing.dao.metaalert.MetaAlertConfig) InnerHitBuilder(org.elasticsearch.index.query.InnerHitBuilder) Collections(java.util.Collections) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) Optional(java.util.Optional) HashMap(java.util.HashMap) IndexNotFoundException(org.elasticsearch.index.IndexNotFoundException) List(java.util.List) Document(org.apache.metron.indexing.dao.update.Document) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse)

Example 30 with SearchResponse

use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.

the class MetaAlertIntegrationTest method shouldGetAllMetaAlertsForAlert.

@Test
public void shouldGetAllMetaAlertsForAlert() throws Exception {
    // Load alerts
    List<Map<String, Object>> alerts = buildAlerts(3);
    addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
    // Load metaAlerts
    List<Map<String, Object>> metaAlerts = buildMetaAlerts(12, MetaAlertStatus.ACTIVE, Optional.of(Collections.singletonList(alerts.get(0))));
    metaAlerts.add(buildMetaAlert("meta_active_12", MetaAlertStatus.ACTIVE, Optional.of(Arrays.asList(alerts.get(0), alerts.get(2)))));
    metaAlerts.add(buildMetaAlert("meta_inactive", MetaAlertStatus.INACTIVE, Optional.of(Arrays.asList(alerts.get(0), alerts.get(2)))));
    // We pass MetaAlertDao.METAALERT_TYPE, because the "_doc" gets appended automatically.
    addRecords(metaAlerts, getMetaAlertIndex(), METAALERT_TYPE);
    // Verify load was successful
    List<GetRequest> createdDocs = metaAlerts.stream().map(metaAlert -> new GetRequest((String) metaAlert.get(Constants.GUID), METAALERT_TYPE)).collect(Collectors.toList());
    createdDocs.addAll(alerts.stream().map(alert -> new GetRequest((String) alert.get(Constants.GUID), SENSOR_NAME)).collect(Collectors.toList()));
    findCreatedDocs(createdDocs);
    {
        // Verify searches successfully return more than 10 results
        SearchResponse searchResponse0 = metaDao.getAllMetaAlertsForAlert("message_0");
        List<SearchResult> searchResults0 = searchResponse0.getResults();
        assertEquals(13, searchResults0.size());
        Set<Map<String, Object>> resultSet = new HashSet<>();
        Iterables.addAll(resultSet, Iterables.transform(searchResults0, r -> r.getSource()));
        StringBuffer reason = new StringBuffer("Unable to find " + metaAlerts.get(0) + "\n");
        reason.append(Joiner.on("\n").join(resultSet));
        assertTrue(resultSet.contains(metaAlerts.get(0)), reason.toString());
        // Verify no meta alerts are returned because message_1 was not added to any
        SearchResponse searchResponse1 = metaDao.getAllMetaAlertsForAlert("message_1");
        List<SearchResult> searchResults1 = searchResponse1.getResults();
        assertEquals(0, searchResults1.size());
        // Verify only the meta alert message_2 was added to is returned
        SearchResponse searchResponse2 = metaDao.getAllMetaAlertsForAlert("message_2");
        List<SearchResult> searchResults2 = searchResponse2.getResults();
        assertEquals(1, searchResults2.size());
        assertEquals(metaAlerts.get(12), searchResults2.get(0).getSource());
    }
}
Also used : Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) InvalidSearchException(org.apache.metron.indexing.dao.search.InvalidSearchException) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) Iterables(com.google.common.collect.Iterables) Arrays(java.util.Arrays) SortOrder(org.apache.metron.indexing.dao.search.SortOrder) STATUS_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.STATUS_FIELD) Assertions.assertNull(org.junit.jupiter.api.Assertions.assertNull) HashMap(java.util.HashMap) PatchRequest(org.apache.metron.indexing.dao.update.PatchRequest) GroupResult(org.apache.metron.indexing.dao.search.GroupResult) GroupResponse(org.apache.metron.indexing.dao.search.GroupResponse) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) Group(org.apache.metron.indexing.dao.search.Group) ParseException(org.json.simple.parser.ParseException) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) Map(java.util.Map) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) JSONUtils(org.apache.metron.common.utils.JSONUtils) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) METAALERT_TYPE(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_TYPE) THREAT_FIELD_DEFAULT(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.THREAT_FIELD_DEFAULT) Document(org.apache.metron.indexing.dao.update.Document) GroupRequest(org.apache.metron.indexing.dao.search.GroupRequest) Set(java.util.Set) IOException(java.io.IOException) GetRequest(org.apache.metron.indexing.dao.search.GetRequest) SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest) Constants(org.apache.metron.common.Constants) SortField(org.apache.metron.indexing.dao.search.SortField) Collectors(java.util.stream.Collectors) OriginalNotFoundException(org.apache.metron.indexing.dao.update.OriginalNotFoundException) Test(org.junit.jupiter.api.Test) List(java.util.List) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) Multiline(org.adrianwalker.multilinestring.Multiline) ALERT_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.ALERT_FIELD) Optional(java.util.Optional) METAALERT_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_FIELD) TestUtils.assertEventually(org.apache.metron.integration.utils.TestUtils.assertEventually) Comparator(java.util.Comparator) Collections(java.util.Collections) Joiner(com.google.common.base.Joiner) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) HashSet(java.util.HashSet) Set(java.util.Set) GetRequest(org.apache.metron.indexing.dao.search.GetRequest) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) Test(org.junit.jupiter.api.Test)

Aggregations

SearchResponse (org.apache.metron.indexing.dao.search.SearchResponse)32 SearchRequest (org.apache.metron.indexing.dao.search.SearchRequest)24 SearchResult (org.apache.metron.indexing.dao.search.SearchResult)23 Test (org.junit.Test)15 ArrayList (java.util.ArrayList)12 HashMap (java.util.HashMap)12 GetRequest (org.apache.metron.indexing.dao.search.GetRequest)11 InvalidSearchException (org.apache.metron.indexing.dao.search.InvalidSearchException)11 IOException (java.io.IOException)10 Map (java.util.Map)10 SortField (org.apache.metron.indexing.dao.search.SortField)10 Document (org.apache.metron.indexing.dao.update.Document)7 List (java.util.List)6 Optional (java.util.Optional)6 Collectors (java.util.stream.Collectors)5 Constants (org.apache.metron.common.Constants)5 GroupRequest (org.apache.metron.indexing.dao.search.GroupRequest)5 GroupResponse (org.apache.metron.indexing.dao.search.GroupResponse)5 JSONUtils (org.apache.metron.common.utils.JSONUtils)4 Group (org.apache.metron.indexing.dao.search.Group)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial