Examples with TimeRange org.graylog2.plugin.indexer.searches.timeranges.TimeRange used on opensource projects

Example 11 with TimeRange

use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.

the class Searches method determineAffectedIndicesWithRanges.

public Set<IndexRange> determineAffectedIndicesWithRanges(TimeRange range, @Nullable String filter) {
    final Optional<String> streamId = extractStreamId(filter);
    IndexSet indexSet = null;
    // a stream has changed: a stream only knows about its currently configured index set, no the history
    if (streamId.isPresent()) {
        try {
            final Stream stream = streamService.load(streamId.get());
            indexSet = stream.getIndexSet();
        } catch (NotFoundException ignored) {
        }
    }
    final ImmutableSortedSet.Builder<IndexRange> indices = ImmutableSortedSet.orderedBy(IndexRange.COMPARATOR);
    final SortedSet<IndexRange> indexRanges = indexRangeService.find(range.getFrom(), range.getTo());
    for (IndexRange indexRange : indexRanges) {
        // if we aren't in a stream search, we look at all the ranges matching the time range.
        if (indexSet == null && filter == null) {
            indices.add(indexRange);
            continue;
        }
        // A range applies to this search if either: the current index set of the stream matches or a previous index set matched.
        final boolean streamInIndexRange = streamId.isPresent() && indexRange.streamIds() != null && indexRange.streamIds().contains(streamId.get());
        final boolean streamInCurrentIndexSet = indexSet != null && indexSet.isManagedIndex(indexRange.indexName());
        if (streamInIndexRange) {
            indices.add(indexRange);
        }
        if (streamInCurrentIndexSet) {
            indices.add(indexRange);
        }
    }
    return indices.build();
}

Example 12 with TimeRange

use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.

the class Searches method fieldStats.

public FieldStatsResult fieldStats(String field, String query, String filter, TimeRange range, boolean includeCardinality, boolean includeStats, boolean includeCount) throws FieldTypeException {
    SearchRequestBuilder srb;
    final Set<String> indices = indicesContainingField(determineAffectedIndices(range, filter), field);
    if (filter == null) {
        srb = standardSearchRequest(query, indices, range);
    } else {
        srb = filteredSearchRequest(query, filter, indices, range);
    }
    FilterAggregationBuilder builder = AggregationBuilders.filter(AGG_FILTER).filter(standardAggregationFilters(range, filter));
    if (includeCount) {
        builder.subAggregation(AggregationBuilders.count(AGG_VALUE_COUNT).field(field));
    }
    if (includeStats) {
        builder.subAggregation(AggregationBuilders.extendedStats(AGG_EXTENDED_STATS).field(field));
    }
    if (includeCardinality) {
        builder.subAggregation(AggregationBuilders.cardinality(AGG_CARDINALITY).field(field));
    }
    srb.addAggregation(builder);
    SearchResponse r;
    final SearchRequest request;
    try {
        request = srb.request();
        r = c.search(request).actionGet();
    } catch (org.elasticsearch.action.search.SearchPhaseExecutionException e) {
        throw new FieldTypeException(e);
    }
    checkForFailedShards(r);
    recordEsMetrics(r, range);
    final Filter f = r.getAggregations().get(AGG_FILTER);
    return new FieldStatsResult(f.getAggregations().get(AGG_VALUE_COUNT), f.getAggregations().get(AGG_EXTENDED_STATS), f.getAggregations().get(AGG_CARDINALITY), r.getHits(), query, request.source(), r.getTook());
}

Example 13 with TimeRange

use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.

the class Searches method scroll.

public ScrollResult scroll(String query, TimeRange range, int limit, int offset, List<String> fields, String filter) {
    final Set<String> indices = determineAffectedIndices(range, filter);
    // only request the fields we asked for otherwise we can't figure out which fields will be in the result set
    // until we've scrolled through the entire set.
    // TODO: Check if we can get away without loading the _source field.
    // http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-request-fields.html#search-request-fields
    // "For backwards compatibility, if the fields parameter specifies fields which are not stored , it will
    // load the _source and extract it from it. This functionality has been replaced by the source filtering
    // parameter." -- So we should look at the source filtering parameter once we switched to ES 1.x.
    final SearchRequest request = standardSearchRequest(query, indices, limit, offset, range, filter, null, false).setScroll(new TimeValue(1, TimeUnit.MINUTES)).setSize(// TODO magic numbers
    500).addSort(SortBuilders.fieldSort(SortParseElement.DOC_FIELD_NAME)).addFields(fields.toArray(new String[fields.size()])).addField(// always request the _source field because otherwise we can't access non-stored values
    "_source").request();
    if (LOG.isDebugEnabled()) {
        try {
            LOG.debug("ElasticSearch scroll query: {}", XContentHelper.convertToJson(request.source(), false));
        } catch (IOException ignored) {
        }
    }
    final SearchResponse r = c.search(request).actionGet();
    recordEsMetrics(r, range);
    return new ScrollResult(c, query, request.source(), r, fields);
}

Example 14 with TimeRange

use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.

the class SearchResultCountWidgetStrategy method computeInternal.

protected ComputationResult computeInternal(String filter) {
    final TimeRange timeRange = this.timeRange;
    CountResult cr = searches.count(query, timeRange, filter);
    if (trend && timeRange instanceof RelativeRange) {
        DateTime toPrevious = timeRange.getFrom();
        DateTime fromPrevious = toPrevious.minus(Seconds.seconds(((RelativeRange) timeRange).getRange()));
        TimeRange previousTimeRange = AbsoluteRange.create(fromPrevious, toPrevious);
        CountResult previousCr = searches.count(query, previousTimeRange);
        Map<String, Object> results = Maps.newHashMap();
        results.put("now", cr.count());
        results.put("previous", previousCr.count());
        long tookMs = cr.tookMs() + previousCr.tookMs();
        return new ComputationResult(results, tookMs);
    } else {
        return new ComputationResult(cr.count(), cr.tookMs());
    }
}

Example 15 with TimeRange

use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.

the class StatisticalCountWidgetStrategy method compute.

@Override
public ComputationResult compute() {
    try {
        final String filter;
        if (!isNullOrEmpty(streamId)) {
            filter = "streams:" + streamId;
        } else {
            filter = null;
        }
        final TimeRange timeRange = this.timeRange;
        boolean needsCardinality = statsFunction.equals(StatisticalFunction.CARDINALITY);
        boolean needsCount = statsFunction.equals(StatisticalFunction.COUNT);
        final FieldStatsResult fieldStatsResult = getSearches().fieldStats(field, query, filter, timeRange, needsCardinality, !(needsCount || needsCardinality), needsCount);
        if (trend && timeRange instanceof RelativeRange) {
            DateTime toPrevious = timeRange.getFrom();
            DateTime fromPrevious = toPrevious.minus(Seconds.seconds(((RelativeRange) timeRange).getRange()));
            TimeRange previousTimeRange = AbsoluteRange.create(fromPrevious, toPrevious);
            final FieldStatsResult previousFieldStatsResult = getSearches().fieldStats(field, query, filter, previousTimeRange, needsCardinality, !(needsCount || needsCardinality), needsCount);
            Map<String, Object> results = Maps.newHashMap();
            results.put("now", getStatisticalValue(fieldStatsResult));
            results.put("previous", getStatisticalValue(previousFieldStatsResult));
            long tookMs = fieldStatsResult.took().millis() + previousFieldStatsResult.took().millis();
            return new ComputationResult(results, tookMs);
        } else {
            return new ComputationResult(getStatisticalValue(fieldStatsResult), fieldStatsResult.took().millis());
        }
    } catch (Searches.FieldTypeException e) {
        log.warn("Invalid field provided, returning 'NaN'", e);
        return new ComputationResult(Double.NaN, 0);
    }
}