Example 1 with ElasticsearchQueryString
use of org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString in project graylog2-server by Graylog2.
the class QueryTest method testFullQueryWithType.
/**
* Test that json parser recognizes full query with its type and query string value as an object (backwards compatibility)
*/
@Test
public void testFullQueryWithType() throws IOException {
final Query query = objectMapper.readValue(getClass().getResourceAsStream("/org/graylog/plugins/views/search/query/full-query.json"), Query.class);
final ElasticsearchQueryString queryString = (ElasticsearchQueryString) query.query();
assertThat(queryString.queryString()).isEqualTo("some-full-query");
}
Also used :
BackendQuery(org.graylog.plugins.views.search.engine.BackendQuery)
ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)
Test(org.junit.Test)
Example 2 with ElasticsearchQueryString
use of org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString in project graylog2-server by Graylog2.
the class QueryTest method testSimpleQuery.
/**
* Test that json parser recognizes query that's just a string, not object
*/
@Test
public void testSimpleQuery() throws IOException {
final Query query = objectMapper.readValue(getClass().getResourceAsStream("/org/graylog/plugins/views/search/query/simple-query.json"), Query.class);
final ElasticsearchQueryString queryString = (ElasticsearchQueryString) query.query();
assertThat(queryString.queryString()).isEqualTo("some-simple-query");
}
Also used :
BackendQuery(org.graylog.plugins.views.search.engine.BackendQuery)
ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)
Test(org.junit.Test)
Example 3 with ElasticsearchQueryString
use of org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString in project graylog2-server by Graylog2.
the class AggregationEventProcessor method sourceMessagesForEvent.
@Override
public void sourceMessagesForEvent(Event event, Consumer<List<MessageSummary>> messageConsumer, long limit) throws EventProcessorException {
if (config.series().isEmpty()) {
if (limit <= 0) {
return;
}
final EventOriginContext.ESEventOriginContext esContext = EventOriginContext.parseESContext(event.getOriginContext()).orElseThrow(() -> new EventProcessorException("Failed to parse origin context", false, eventDefinition));
try {
final ResultMessage message;
message = messages.get(esContext.messageId(), esContext.indexName());
messageConsumer.accept(Lists.newArrayList(new MessageSummary(message.getIndex(), message.getMessage())));
} catch (IOException e) {
throw new EventProcessorException("Failed to query origin context message", false, eventDefinition, e);
}
} else {
final AtomicLong msgCount = new AtomicLong(0L);
final MoreSearch.ScrollCallback callback = (messages, continueScrolling) -> {
final List<MessageSummary> summaries = Lists.newArrayList();
for (final ResultMessage resultMessage : messages) {
if (msgCount.incrementAndGet() > limit) {
continueScrolling.set(false);
break;
}
final Message msg = resultMessage.getMessage();
summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
}
messageConsumer.accept(summaries);
};
ElasticsearchQueryString scrollQueryString = ElasticsearchQueryString.of(config.query());
scrollQueryString = scrollQueryString.concatenate(groupByQueryString(event));
LOG.debug("scrollQueryString: {}", scrollQueryString);
final TimeRange timeRange = AbsoluteRange.create(event.getTimerangeStart(), event.getTimerangeEnd());
moreSearch.scrollQuery(scrollQueryString.queryString(), config.streams(), config.queryParameters(), timeRange, Math.min(500, Ints.saturatedCast(limit)), callback);
}
}
Also used :
EventProcessorException(org.graylog.events.processor.EventProcessorException)
MoreSearch(org.graylog.events.search.MoreSearch)
LoggerFactory(org.slf4j.LoggerFactory)
EventOriginContext(org.graylog.events.event.EventOriginContext)
MessageSummary(org.graylog2.plugin.MessageSummary)
EventConsumer(org.graylog.events.processor.EventConsumer)
Assisted(com.google.inject.assistedinject.Assisted)
EventProcessor(org.graylog.events.processor.EventProcessor)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Locale(java.util.Locale)
Map(java.util.Map)
Event(org.graylog.events.event.Event)
AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)
EventDefinition(org.graylog.events.processor.EventDefinition)
EventProcessorException(org.graylog.events.processor.EventProcessorException)
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
ImmutableSet(com.google.common.collect.ImmutableSet)
ImmutableMap(com.google.common.collect.ImmutableMap)
Persisted(org.graylog2.plugin.database.Persisted)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
MoreSearch(org.graylog.events.search.MoreSearch)
EventFactory(org.graylog.events.event.EventFactory)
ParameterExpansionError(org.graylog.plugins.views.search.errors.ParameterExpansionError)
List(java.util.List)
Stream(org.graylog2.plugin.streams.Stream)
StreamService(org.graylog2.streams.StreamService)
Strings(org.apache.logging.log4j.util.Strings)
Optional(java.util.Optional)
MoreSearch.luceneEscape(org.graylog.events.search.MoreSearch.luceneEscape)
HashMap(java.util.HashMap)
SearchException(org.graylog.plugins.views.search.errors.SearchException)
ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)
Inject(javax.inject.Inject)
DBEventProcessorStateService(org.graylog.events.processor.DBEventProcessorStateService)
BooleanNumberConditionsVisitor(org.graylog.events.conditions.BooleanNumberConditionsVisitor)
Lists(com.google.common.collect.Lists)
ImmutableList(com.google.common.collect.ImmutableList)
Messages(org.graylog2.indexer.messages.Messages)
EventProcessorParameters(org.graylog.events.processor.EventProcessorParameters)
Logger(org.slf4j.Logger)
EventWithContext(org.graylog.events.event.EventWithContext)
DateTime(org.joda.time.DateTime)
IOException(java.io.IOException)
Maps(com.google.common.collect.Maps)
Ints(com.google.common.primitives.Ints)
Consumer(java.util.function.Consumer)
AtomicLong(java.util.concurrent.atomic.AtomicLong)
EventProcessorDependencyCheck(org.graylog.events.processor.EventProcessorDependencyCheck)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Message(org.graylog2.plugin.Message)
EventProcessorPreconditionException(org.graylog.events.processor.EventProcessorPreconditionException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Message(org.graylog2.plugin.Message)
ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)
IOException(java.io.IOException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
AtomicLong(java.util.concurrent.atomic.AtomicLong)
EventOriginContext(org.graylog.events.event.EventOriginContext)
List(java.util.List)
ImmutableList(com.google.common.collect.ImmutableList)
MessageSummary(org.graylog2.plugin.MessageSummary)
Example 4 with ElasticsearchQueryString
use of org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString in project graylog2-server by Graylog2.
the class CommandFactory method decorateQueryString.
private ElasticsearchQueryString decorateQueryString(Search search, Query query, ElasticsearchQueryString undecorated) {
String queryString = undecorated.queryString();
String decorated = queryStringDecorator.decorateQueryString(queryString, search, query);
return ElasticsearchQueryString.of(decorated);
}
Also used :
ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)
Example 5 with ElasticsearchQueryString
use of org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString in project graylog2-server by Graylog2.
the class QueryParser method parse.
public QueryMetadata parse(Query query) {
checkArgument(query.query() instanceof ElasticsearchQueryString);
final String mainQueryString = query.query().queryString();
final java.util.stream.Stream<String> queryStringStreams = java.util.stream.Stream.concat(java.util.stream.Stream.of(mainQueryString), query.searchTypes().stream().flatMap(this::queryStringsFromSearchType));
return queryStringStreams.map(queryStringParser::parse).reduce(QueryMetadata.builder().build(), (meta1, meta2) -> QueryMetadata.builder().usedParameterNames(Sets.union(meta1.usedParameterNames(), meta2.usedParameterNames())).build());
}
Also used :
ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)
ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)
Aggregations
ElasticsearchQueryString (org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)7
BackendQuery (org.graylog.plugins.views.search.engine.BackendQuery)2
Test (org.junit.Test)2
VisibleForTesting (com.google.common.annotations.VisibleForTesting)1
ImmutableList (com.google.common.collect.ImmutableList)1
ImmutableMap (com.google.common.collect.ImmutableMap)1
ImmutableSet (com.google.common.collect.ImmutableSet)1
Lists (com.google.common.collect.Lists)1
Maps (com.google.common.collect.Maps)1
Sets (com.google.common.collect.Sets)1
Ints (com.google.common.primitives.Ints)1
Assisted (com.google.inject.assistedinject.Assisted)1
IOException (java.io.IOException)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Locale (java.util.Locale)1
Map (java.util.Map)1
Optional (java.util.Optional)1
Set (java.util.Set)1
AtomicLong (java.util.concurrent.atomic.AtomicLong)1
