Example 26 with TimeRange
use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.
the class RelativeSearchResource method searchRelative.
@GET
@Timed
@ApiOperation(value = "Message search with relative timerange.", notes = "Search for messages in a relative timerange, specified as seconds from now. " + "Example: 300 means search from 5 minutes ago to now.")
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid timerange parameters provided.") })
@Produces(MediaType.APPLICATION_JSON)
public SearchResponse searchRelative(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "range", value = "Relative timeframe to search in. See method description.", required = true) @QueryParam("range") int range, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = false) @QueryParam("fields") String fields, @ApiParam(name = "sort", value = "Sorting (field:asc / field:desc)", required = false) @QueryParam("sort") String sort, @ApiParam(name = "decorate", value = "Run decorators on search result", required = false) @QueryParam("decorate") @DefaultValue("true") boolean decorate) {
checkSearchPermission(filter, RestPermissions.SEARCHES_RELATIVE);
final List<String> fieldList = parseOptionalFields(fields);
final Sorting sorting = buildSorting(sort);
final TimeRange timeRange = buildRelativeTimeRange(range);
final SearchesConfig searchesConfig = SearchesConfig.builder().query(query).filter(filter).fields(fieldList).range(timeRange).limit(limit).offset(offset).sorting(sorting).build();
final Optional<String> streamId = Searches.extractStreamId(filter);
try {
return buildSearchResponse(searches.search(searchesConfig), timeRange, decorate, streamId);
} catch (SearchPhaseExecutionException e) {
throw createRequestExceptionForParseFailure(query, e);
}
}
Also used :
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
SearchesConfig(org.graylog2.indexer.searches.SearchesConfig)
SearchPhaseExecutionException(org.elasticsearch.action.search.SearchPhaseExecutionException)
Sorting(org.graylog2.indexer.searches.Sorting)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 27 with TimeRange
use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.
the class RelativeSearchResource method searchRelativeChunked.
@GET
@Timed
@ApiOperation(value = "Message search with relative timerange.", notes = "Search for messages in a relative timerange, specified as seconds from now. " + "Example: 300 means search from 5 minutes ago to now.")
@Produces(MoreMediaTypes.TEXT_CSV)
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid timerange parameters provided.") })
public ChunkedOutput<ScrollResult.ScrollChunk> searchRelativeChunked(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "range", value = "Relative timeframe to search in. See method description.", required = true) @QueryParam("range") int range, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = true) @QueryParam("fields") String fields) {
checkSearchPermission(filter, RestPermissions.SEARCHES_RELATIVE);
final List<String> fieldList = parseFields(fields);
final TimeRange timeRange = buildRelativeTimeRange(range);
try {
final ScrollResult scroll = searches.scroll(query, timeRange, limit, offset, fieldList, filter);
return buildChunkedOutput(scroll, limit);
} catch (SearchPhaseExecutionException e) {
throw createRequestExceptionForParseFailure(query, e);
}
}
Also used :
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
ScrollResult(org.graylog2.indexer.results.ScrollResult)
SearchPhaseExecutionException(org.elasticsearch.action.search.SearchPhaseExecutionException)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 28 with TimeRange
use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.
the class AbsoluteSearchResource method searchAbsolute.
@GET
@Timed
@ApiOperation(value = "Message search with absolute timerange.", notes = "Search for messages using an absolute timerange, specified as from/to " + "with format yyyy-MM-ddTHH:mm:ss.SSSZ (e.g. 2014-01-23T15:34:49.000Z) or yyyy-MM-dd HH:mm:ss.")
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid timerange parameters provided.") })
public SearchResponse searchAbsolute(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "from", value = "Timerange start. See description for date format", required = true) @QueryParam("from") String from, @ApiParam(name = "to", value = "Timerange end. See description for date format", required = true) @QueryParam("to") String to, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = false) @QueryParam("fields") String fields, @ApiParam(name = "sort", value = "Sorting (field:asc / field:desc)", required = false) @QueryParam("sort") String sort, @ApiParam(name = "decorate", value = "Run decorators on search result", required = false) @QueryParam("decorate") @DefaultValue("true") boolean decorate) {
checkSearchPermission(filter, RestPermissions.SEARCHES_ABSOLUTE);
final Sorting sorting = buildSorting(sort);
final List<String> fieldList = parseOptionalFields(fields);
TimeRange timeRange = buildAbsoluteTimeRange(from, to);
final SearchesConfig searchesConfig = SearchesConfig.builder().query(query).filter(filter).fields(fieldList).range(timeRange).limit(limit).offset(offset).sorting(sorting).build();
final Optional<String> streamId = Searches.extractStreamId(filter);
try {
return buildSearchResponse(searches.search(searchesConfig), timeRange, decorate, streamId);
} catch (SearchPhaseExecutionException e) {
throw createRequestExceptionForParseFailure(query, e);
}
}
Also used :
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
SearchesConfig(org.graylog2.indexer.searches.SearchesConfig)
SearchPhaseExecutionException(org.elasticsearch.action.search.SearchPhaseExecutionException)
Sorting(org.graylog2.indexer.searches.Sorting)
Produces(javax.ws.rs.Produces)
Timed(com.codahale.metrics.annotation.Timed)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 29 with TimeRange
use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.
the class SearchesTest method determineAffectedIndicesDoesNotIncludesDeflectorTargetIfMissing.
@Test
public void determineAffectedIndicesDoesNotIncludesDeflectorTargetIfMissing() throws Exception {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final MongoIndexRange indexRange0 = MongoIndexRange.create("graylog_0", now, now.plusDays(1), now, 0);
final MongoIndexRange indexRange1 = MongoIndexRange.create("graylog_1", now.plusDays(1), now.plusDays(2), now, 0);
final SortedSet<IndexRange> indices = ImmutableSortedSet.orderedBy(IndexRange.COMPARATOR).add(indexRange0).add(indexRange1).build();
when(indexRangeService.find(any(DateTime.class), any(DateTime.class))).thenReturn(indices);
final TimeRange absoluteRange = AbsoluteRange.create(now.minusDays(1), now.plusDays(1));
final TimeRange keywordRange = KeywordRange.create("1 day ago");
final TimeRange relativeRange = RelativeRange.create(3600);
assertThat(searches.determineAffectedIndices(absoluteRange, null)).containsOnly(indexRange0.indexName(), indexRange1.indexName());
assertThat(searches.determineAffectedIndices(keywordRange, null)).containsOnly(indexRange0.indexName(), indexRange1.indexName());
assertThat(searches.determineAffectedIndices(relativeRange, null)).containsOnly(indexRange0.indexName(), indexRange1.indexName());
}
Also used :
MongoIndexRange(org.graylog2.indexer.ranges.MongoIndexRange)
IndexRange(org.graylog2.indexer.ranges.IndexRange)
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
MongoIndexRange(org.graylog2.indexer.ranges.MongoIndexRange)
ZonedDateTime(java.time.ZonedDateTime)
DateTime(org.joda.time.DateTime)
Test(org.junit.Test)
Example 30 with TimeRange
use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.
the class SearchesTest method getTimestampRangeFilterReturnsRangeQueryWithGivenTimeRange.
@Test
public void getTimestampRangeFilterReturnsRangeQueryWithGivenTimeRange() {
final DateTime from = new DateTime(2016, 1, 15, 12, 0, DateTimeZone.UTC);
final DateTime to = from.plusHours(1);
final TimeRange timeRange = AbsoluteRange.create(from, to);
final RangeQueryBuilder queryBuilder = (RangeQueryBuilder) IndexHelper.getTimestampRangeFilter(timeRange);
assertThat(queryBuilder).isNotNull().hasFieldOrPropertyWithValue("name", "timestamp").hasFieldOrPropertyWithValue("from", Tools.buildElasticSearchTimeFormat(from)).hasFieldOrPropertyWithValue("to", Tools.buildElasticSearchTimeFormat(to));
}
Also used :
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
RangeQueryBuilder(org.elasticsearch.index.query.RangeQueryBuilder)
ZonedDateTime(java.time.ZonedDateTime)
DateTime(org.joda.time.DateTime)
Test(org.junit.Test)
Aggregations
TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)21
DateTime (org.joda.time.DateTime)14
Test (org.junit.Test)10
Timed (com.codahale.metrics.annotation.Timed)8
ApiOperation (io.swagger.annotations.ApiOperation)8
ApiResponses (io.swagger.annotations.ApiResponses)8
Produces (javax.ws.rs.Produces)8
ZonedDateTime (java.time.ZonedDateTime)6
GET (javax.ws.rs.GET)6
SearchPhaseExecutionException (org.elasticsearch.action.search.SearchPhaseExecutionException)6
SearchRequest (org.elasticsearch.action.search.SearchRequest)6
SearchResponse (org.elasticsearch.action.search.SearchResponse)6
IndexRange (org.graylog2.indexer.ranges.IndexRange)6
InvalidRangeParametersException (org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)6
SearchRequestBuilder (org.elasticsearch.action.search.SearchRequestBuilder)5
Filter (org.elasticsearch.search.aggregations.bucket.filter.Filter)5
FilterAggregationBuilder (org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)5
MongoIndexRange (org.graylog2.indexer.ranges.MongoIndexRange)5
Sorting (org.graylog2.indexer.searches.Sorting)5
ScrollResult (org.graylog2.indexer.results.ScrollResult)4
