Examples with RelativeRange org.graylog2.plugin.indexer.searches.timeranges.RelativeRange used on opensource projects

Example 1 with RelativeRange

use of org.graylog2.plugin.indexer.searches.timeranges.RelativeRange in project graylog2-server by Graylog2.

the class SearchesTest method determineAffectedIndicesWithRangesDoesNotIncludesDeflectorTargetIfMissing.

@Test
public void determineAffectedIndicesWithRangesDoesNotIncludesDeflectorTargetIfMissing() throws Exception {
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final MongoIndexRange indexRange0 = MongoIndexRange.create("graylog_0", now, now.plusDays(1), now, 0);
    final MongoIndexRange indexRange1 = MongoIndexRange.create("graylog_1", now.plusDays(1), now.plusDays(2), now, 0);
    final SortedSet<IndexRange> indices = ImmutableSortedSet.orderedBy(IndexRange.COMPARATOR).add(indexRange0).add(indexRange1).build();
    when(indexRangeService.find(any(DateTime.class), any(DateTime.class))).thenReturn(indices);
    final TimeRange absoluteRange = AbsoluteRange.create(now.minusDays(1), now.plusDays(1));
    final TimeRange keywordRange = KeywordRange.create("1 day ago");
    final TimeRange relativeRange = RelativeRange.create(3600);
    assertThat(searches.determineAffectedIndicesWithRanges(absoluteRange, null)).containsExactly(indexRange0, indexRange1);
    assertThat(searches.determineAffectedIndicesWithRanges(keywordRange, null)).containsExactly(indexRange0, indexRange1);
    assertThat(searches.determineAffectedIndicesWithRanges(relativeRange, null)).containsExactly(indexRange0, indexRange1);
}

Example 2 with RelativeRange

use of org.graylog2.plugin.indexer.searches.timeranges.RelativeRange in project graylog2-server by Graylog2.

the class SearchesTest method determineAffectedIndicesWithRangesIncludesDeflectorTarget.

@Test
public void determineAffectedIndicesWithRangesIncludesDeflectorTarget() throws Exception {
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final MongoIndexRange indexRange0 = MongoIndexRange.create("graylog_0", now, now.plusDays(1), now, 0);
    final MongoIndexRange indexRange1 = MongoIndexRange.create("graylog_1", now.plusDays(1), now.plusDays(2), now, 0);
    final MongoIndexRange indexRangeLatest = MongoIndexRange.create("graylog_2", new DateTime(0L, DateTimeZone.UTC), new DateTime(0L, DateTimeZone.UTC), now, 0);
    final SortedSet<IndexRange> indices = ImmutableSortedSet.orderedBy(IndexRange.COMPARATOR).add(indexRange0).add(indexRange1).add(indexRangeLatest).build();
    when(indexRangeService.find(any(DateTime.class), any(DateTime.class))).thenReturn(indices);
    final TimeRange absoluteRange = AbsoluteRange.create(now.minusDays(1), now.plusDays(1));
    final TimeRange keywordRange = KeywordRange.create("1 day ago");
    final TimeRange relativeRange = RelativeRange.create(3600);
    assertThat(searches.determineAffectedIndicesWithRanges(absoluteRange, null)).containsExactly(indexRangeLatest, indexRange0, indexRange1);
    assertThat(searches.determineAffectedIndicesWithRanges(keywordRange, null)).containsExactly(indexRangeLatest, indexRange0, indexRange1);
    assertThat(searches.determineAffectedIndicesWithRanges(relativeRange, null)).containsExactly(indexRangeLatest, indexRange0, indexRange1);
}

Example 3 with RelativeRange

use of org.graylog2.plugin.indexer.searches.timeranges.RelativeRange in project graylog2-server by Graylog2.

the class SearchResultCountWidgetStrategy method computeInternal.

protected ComputationResult computeInternal(String filter) {
    final TimeRange timeRange = this.timeRange;
    CountResult cr = searches.count(query, timeRange, filter);
    if (trend && timeRange instanceof RelativeRange) {
        DateTime toPrevious = timeRange.getFrom();
        DateTime fromPrevious = toPrevious.minus(Seconds.seconds(((RelativeRange) timeRange).getRange()));
        TimeRange previousTimeRange = AbsoluteRange.create(fromPrevious, toPrevious);
        CountResult previousCr = searches.count(query, previousTimeRange);
        Map<String, Object> results = Maps.newHashMap();
        results.put("now", cr.count());
        results.put("previous", previousCr.count());
        long tookMs = cr.tookMs() + previousCr.tookMs();
        return new ComputationResult(results, tookMs);
    } else {
        return new ComputationResult(cr.count(), cr.tookMs());
    }
}

Example 4 with RelativeRange

use of org.graylog2.plugin.indexer.searches.timeranges.RelativeRange in project graylog2-server by Graylog2.

the class StatisticalCountWidgetStrategy method compute.

@Override
public ComputationResult compute() {
    try {
        final String filter;
        if (!isNullOrEmpty(streamId)) {
            filter = "streams:" + streamId;
        } else {
            filter = null;
        }
        final TimeRange timeRange = this.timeRange;
        boolean needsCardinality = statsFunction.equals(StatisticalFunction.CARDINALITY);
        boolean needsCount = statsFunction.equals(StatisticalFunction.COUNT);
        final FieldStatsResult fieldStatsResult = getSearches().fieldStats(field, query, filter, timeRange, needsCardinality, !(needsCount || needsCardinality), needsCount);
        if (trend && timeRange instanceof RelativeRange) {
            DateTime toPrevious = timeRange.getFrom();
            DateTime fromPrevious = toPrevious.minus(Seconds.seconds(((RelativeRange) timeRange).getRange()));
            TimeRange previousTimeRange = AbsoluteRange.create(fromPrevious, toPrevious);
            final FieldStatsResult previousFieldStatsResult = getSearches().fieldStats(field, query, filter, previousTimeRange, needsCardinality, !(needsCount || needsCardinality), needsCount);
            Map<String, Object> results = Maps.newHashMap();
            results.put("now", getStatisticalValue(fieldStatsResult));
            results.put("previous", getStatisticalValue(previousFieldStatsResult));
            long tookMs = fieldStatsResult.took().millis() + previousFieldStatsResult.took().millis();
            return new ComputationResult(results, tookMs);
        } else {
            return new ComputationResult(getStatisticalValue(fieldStatsResult), fieldStatsResult.took().millis());
        }
    } catch (Searches.FieldTypeException e) {
        log.warn("Invalid field provided, returning 'NaN'", e);
        return new ComputationResult(Double.NaN, 0);
    }
}

Example 5 with RelativeRange

use of org.graylog2.plugin.indexer.searches.timeranges.RelativeRange in project graylog2-server by Graylog2.

the class MessageCountAlertCondition method runCheck.

@Override
public CheckResult runCheck() {
    try {
        // Create an absolute range from the relative range to make sure it doesn't change during the two
        // search requests. (count and find messages)
        // This is needed because the RelativeRange computes the range from NOW on every invocation of getFrom() and
        // getTo().
        // See: https://github.com/Graylog2/graylog2-server/issues/2382
        final RelativeRange relativeRange = RelativeRange.create(time * 60);
        final AbsoluteRange range = AbsoluteRange.create(relativeRange.getFrom(), relativeRange.getTo());
        final String filter = buildQueryFilter(stream.getId(), query);
        final CountResult result = searches.count("*", range, filter);
        final long count = result.count();
        LOG.debug("Alert check <{}> result: [{}]", id, count);
        final boolean triggered;
        switch(thresholdType) {
            case MORE:
                triggered = count > threshold;
                break;
            case LESS:
                triggered = count < threshold;
                break;
            default:
                triggered = false;
        }
        if (triggered) {
            final List<MessageSummary> summaries = Lists.newArrayList();
            if (getBacklog() > 0) {
                final SearchResult backlogResult = searches.search("*", filter, range, getBacklog(), 0, new Sorting(Message.FIELD_TIMESTAMP, Sorting.Direction.DESC));
                for (ResultMessage resultMessage : backlogResult.getResults()) {
                    final Message msg = resultMessage.getMessage();
                    summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
                }
            }
            final String resultDescription = "Stream had " + count + " messages in the last " + time + " minutes with trigger condition " + thresholdType.toString().toLowerCase(Locale.ENGLISH) + " than " + threshold + " messages. " + "(Current grace time: " + grace + " minutes)";
            return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
        } else {
            return new NegativeCheckResult();
        }
    } catch (InvalidRangeParametersException e) {
        // cannot happen lol
        LOG.error("Invalid timerange.", e);
        return null;
    }
}