Example 1 with ScrollResult
use of org.graylog2.indexer.results.ScrollResult in project graylog2-server by Graylog2.
the class KeywordSearchResource method searchKeywordChunked.
@GET
@Timed
@ApiOperation(value = "Message search with keyword as timerange.", notes = "Search for messages in a timerange defined by a keyword like \"yesterday\" or \"2 weeks ago to wednesday\".")
@Produces(MoreMediaTypes.TEXT_CSV)
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid keyword provided.") })
public ChunkedOutput<ScrollResult.ScrollChunk> searchKeywordChunked(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "keyword", value = "Range keyword", required = true) @QueryParam("keyword") String keyword, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = true) @QueryParam("fields") String fields) {
checkSearchPermission(filter, RestPermissions.SEARCHES_KEYWORD);
final List<String> fieldList = parseFields(fields);
final TimeRange timeRange = buildKeywordTimeRange(keyword);
try {
final ScrollResult scroll = searches.scroll(query, timeRange, limit, offset, fieldList, filter);
return buildChunkedOutput(scroll, limit);
} catch (SearchPhaseExecutionException e) {
throw createRequestExceptionForParseFailure(query, e);
}
}
Also used :
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
ScrollResult(org.graylog2.indexer.results.ScrollResult)
SearchPhaseExecutionException(org.elasticsearch.action.search.SearchPhaseExecutionException)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 2 with ScrollResult
use of org.graylog2.indexer.results.ScrollResult in project graylog2-server by Graylog2.
the class AbsoluteSearchResource method searchAbsoluteChunked.
@GET
@Timed
@ApiOperation(value = "Message search with absolute timerange.", notes = "Search for messages using an absolute timerange, specified as from/to " + "with format yyyy-MM-ddTHH:mm:ss.SSSZ (e.g. 2014-01-23T15:34:49.000Z) or yyyy-MM-dd HH:mm:ss.")
@Produces(MoreMediaTypes.TEXT_CSV)
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid timerange parameters provided.") })
public ChunkedOutput<ScrollResult.ScrollChunk> searchAbsoluteChunked(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "from", value = "Timerange start. See description for date format", required = true) @QueryParam("from") String from, @ApiParam(name = "to", value = "Timerange end. See description for date format", required = true) @QueryParam("to") String to, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = true) @QueryParam("fields") String fields) {
checkSearchPermission(filter, RestPermissions.SEARCHES_ABSOLUTE);
final List<String> fieldList = parseFields(fields);
final TimeRange timeRange = buildAbsoluteTimeRange(from, to);
try {
final ScrollResult scroll = searches.scroll(query, timeRange, limit, offset, fieldList, filter);
return buildChunkedOutput(scroll, limit);
} catch (SearchPhaseExecutionException e) {
throw createRequestExceptionForParseFailure(query, e);
}
}
Also used :
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
ScrollResult(org.graylog2.indexer.results.ScrollResult)
SearchPhaseExecutionException(org.elasticsearch.action.search.SearchPhaseExecutionException)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 3 with ScrollResult
use of org.graylog2.indexer.results.ScrollResult in project graylog2-server by Graylog2.
the class Searches method scroll.
public ScrollResult scroll(String query, TimeRange range, int limit, int offset, List<String> fields, String filter) {
final Set<String> indices = determineAffectedIndices(range, filter);
// only request the fields we asked for otherwise we can't figure out which fields will be in the result set
// until we've scrolled through the entire set.
// TODO: Check if we can get away without loading the _source field.
// http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-request-fields.html#search-request-fields
// "For backwards compatibility, if the fields parameter specifies fields which are not stored , it will
// load the _source and extract it from it. This functionality has been replaced by the source filtering
// parameter." -- So we should look at the source filtering parameter once we switched to ES 1.x.
final SearchRequest request = standardSearchRequest(query, indices, limit, offset, range, filter, null, false).setScroll(new TimeValue(1, TimeUnit.MINUTES)).setSize(// TODO magic numbers
500).addSort(SortBuilders.fieldSort(SortParseElement.DOC_FIELD_NAME)).addFields(fields.toArray(new String[fields.size()])).addField(// always request the _source field because otherwise we can't access non-stored values
"_source").request();
if (LOG.isDebugEnabled()) {
try {
LOG.debug("ElasticSearch scroll query: {}", XContentHelper.convertToJson(request.source(), false));
} catch (IOException ignored) {
}
}
final SearchResponse r = c.search(request).actionGet();
recordEsMetrics(r, range);
return new ScrollResult(c, query, request.source(), r, fields);
}
Also used :
SearchRequest(org.elasticsearch.action.search.SearchRequest)
ScrollResult(org.graylog2.indexer.results.ScrollResult)
IOException(java.io.IOException)
TimeValue(org.elasticsearch.common.unit.TimeValue)
SearchResponse(org.elasticsearch.action.search.SearchResponse)
Example 4 with ScrollResult
use of org.graylog2.indexer.results.ScrollResult in project graylog2-server by Graylog2.
the class RelativeSearchResource method searchRelativeChunked.
@GET
@Timed
@ApiOperation(value = "Message search with relative timerange.", notes = "Search for messages in a relative timerange, specified as seconds from now. " + "Example: 300 means search from 5 minutes ago to now.")
@Produces(MoreMediaTypes.TEXT_CSV)
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid timerange parameters provided.") })
public ChunkedOutput<ScrollResult.ScrollChunk> searchRelativeChunked(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "range", value = "Relative timeframe to search in. See method description.", required = true) @QueryParam("range") int range, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = true) @QueryParam("fields") String fields) {
checkSearchPermission(filter, RestPermissions.SEARCHES_RELATIVE);
final List<String> fieldList = parseFields(fields);
final TimeRange timeRange = buildRelativeTimeRange(range);
try {
final ScrollResult scroll = searches.scroll(query, timeRange, limit, offset, fieldList, filter);
return buildChunkedOutput(scroll, limit);
} catch (SearchPhaseExecutionException e) {
throw createRequestExceptionForParseFailure(query, e);
}
}
Also used :
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
ScrollResult(org.graylog2.indexer.results.ScrollResult)
SearchPhaseExecutionException(org.elasticsearch.action.search.SearchPhaseExecutionException)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Aggregations
ScrollResult (org.graylog2.indexer.results.ScrollResult)4
Timed (com.codahale.metrics.annotation.Timed)3
ApiOperation (io.swagger.annotations.ApiOperation)3
ApiResponses (io.swagger.annotations.ApiResponses)3
GET (javax.ws.rs.GET)3
Produces (javax.ws.rs.Produces)3
SearchPhaseExecutionException (org.elasticsearch.action.search.SearchPhaseExecutionException)3
TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)3
IOException (java.io.IOException)1
SearchRequest (org.elasticsearch.action.search.SearchRequest)1
SearchResponse (org.elasticsearch.action.search.SearchResponse)1
TimeValue (org.elasticsearch.common.unit.TimeValue)1
