Example 1 with FilterAggregation
use of io.searchbox.core.search.aggregation.FilterAggregation in project graylog2-server by Graylog2.
the class IndexToolsAdapterES6 method fieldHistogram.
@Override
public Map<DateTime, Map<String, Long>> fieldHistogram(String fieldName, Set<String> indices, Optional<Set<String>> includedStreams, long interval) {
final BoolQueryBuilder queryBuilder = buildStreamIdFilter(includedStreams);
final FilterAggregationBuilder the_filter = AggregationBuilders.filter(AGG_FILTER, queryBuilder).subAggregation(AggregationBuilders.dateHistogram(AGG_DATE_HISTOGRAM).field("timestamp").subAggregation(AggregationBuilders.terms(AGG_MESSAGE_FIELD).field(fieldName)).interval(interval).minDocCount(1L));
final SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder().query(QueryBuilders.matchAllQuery()).aggregation(the_filter);
final Search.Builder searchBuilder = new Search.Builder(searchSourceBuilder.toString()).addIndex(indices).addType(IndexMapping.TYPE_MESSAGE);
final SearchResult searchResult = JestUtils.execute(this.jestClient, searchBuilder.build(), () -> "Unable to retrieve field histogram.");
final FilterAggregation filterAggregation = searchResult.getAggregations().getFilterAggregation(AGG_FILTER);
final DateHistogramAggregation dateHistogram = filterAggregation.getDateHistogramAggregation(AGG_DATE_HISTOGRAM);
final List<DateHistogramAggregation.DateHistogram> histogramBuckets = dateHistogram.getBuckets();
final Map<DateTime, Map<String, Long>> result = Maps.newHashMapWithExpectedSize(histogramBuckets.size());
for (HistogramAggregation.Histogram bucket : histogramBuckets) {
final DateTime date = new DateTime(bucket.getKey()).toDateTime(DateTimeZone.UTC);
final TermsAggregation sourceFieldAgg = bucket.getTermsAggregation(AGG_MESSAGE_FIELD);
final List<TermsAggregation.Entry> termBuckets = sourceFieldAgg.getBuckets();
final HashMap<String, Long> termCounts = Maps.newHashMapWithExpectedSize(termBuckets.size());
for (TermsAggregation.Entry termBucket : termBuckets) {
termCounts.put(termBucket.getKeyAsString(), termBucket.getCount());
}
result.put(date, termCounts);
}
return ImmutableMap.copyOf(result);
}
Also used :
TermsAggregation(io.searchbox.core.search.aggregation.TermsAggregation)
FilterAggregationBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)
FilterAggregationBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)
BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder)
SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)
SearchResult(io.searchbox.core.SearchResult)
DateTime(org.joda.time.DateTime)
SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)
HistogramAggregation(io.searchbox.core.search.aggregation.HistogramAggregation)
DateHistogramAggregation(io.searchbox.core.search.aggregation.DateHistogramAggregation)
BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder)
Search(io.searchbox.core.Search)
FilterAggregation(io.searchbox.core.search.aggregation.FilterAggregation)
HashMap(java.util.HashMap)
Map(java.util.Map)
ImmutableMap(com.google.common.collect.ImmutableMap)
DateHistogramAggregation(io.searchbox.core.search.aggregation.DateHistogramAggregation)
Example 2 with FilterAggregation
use of io.searchbox.core.search.aggregation.FilterAggregation in project graylog2-server by Graylog2.
the class IndicesAdapterES6 method indexRangeStatsOfIndex.
@Override
public IndexRangeStats indexRangeStatsOfIndex(String index) {
final FilterAggregationBuilder builder = AggregationBuilders.filter("agg", QueryBuilders.existsQuery(Message.FIELD_TIMESTAMP)).subAggregation(AggregationBuilders.min("ts_min").field(Message.FIELD_TIMESTAMP)).subAggregation(AggregationBuilders.max("ts_max").field(Message.FIELD_TIMESTAMP)).subAggregation(AggregationBuilders.terms("streams").size(Integer.MAX_VALUE).field(Message.FIELD_STREAMS));
final String query = searchSource().aggregation(builder).size(0).toString();
final Search request = new Search.Builder(query).addIndex(index).setSearchType(SearchType.DFS_QUERY_THEN_FETCH).ignoreUnavailable(true).build();
if (LOG.isDebugEnabled()) {
String data = "{}";
try {
data = request.getData(objectMapper.copy().enable(SerializationFeature.INDENT_OUTPUT));
} catch (IOException e) {
LOG.debug("Couldn't pretty print request payload", e);
}
LOG.debug("Index range query: _search/{}: {}", index, data);
}
final SearchResult result = JestUtils.execute(jestClient, request, () -> "Couldn't build index range of index " + index);
final FilterAggregation f = result.getAggregations().getFilterAggregation("agg");
if (f == null) {
throw new IndexNotFoundException("Couldn't build index range of index " + index + " because it doesn't exist.");
} else if (f.getCount() == 0L) {
LOG.debug("No documents with attribute \"timestamp\" found in index <{}>", index);
return IndexRangeStats.EMPTY;
}
final MinAggregation minAgg = f.getMinAggregation("ts_min");
final DateTime min = new DateTime(minAgg.getMin().longValue(), DateTimeZone.UTC);
final MaxAggregation maxAgg = f.getMaxAggregation("ts_max");
final DateTime max = new DateTime(maxAgg.getMax().longValue(), DateTimeZone.UTC);
// make sure we return an empty list, so we can differentiate between old indices that don't have this information
// and newer ones that simply have no streams.
final TermsAggregation streams = f.getTermsAggregation("streams");
final List<String> streamIds = streams.getBuckets().stream().map(TermsAggregation.Entry::getKeyAsString).collect(toList());
return IndexRangeStats.create(min, max, streamIds);
}
Also used :
TermsAggregation(io.searchbox.core.search.aggregation.TermsAggregation)
FilterAggregationBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)
FieldSortBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.sort.FieldSortBuilder)
SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)
FilterAggregationBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)
SearchResult(io.searchbox.core.SearchResult)
MinAggregation(io.searchbox.core.search.aggregation.MinAggregation)
IOException(java.io.IOException)
MaxAggregation(io.searchbox.core.search.aggregation.MaxAggregation)
DateTime(org.joda.time.DateTime)
Search(io.searchbox.core.Search)
IndexNotFoundException(org.graylog2.indexer.IndexNotFoundException)
FilterAggregation(io.searchbox.core.search.aggregation.FilterAggregation)
Aggregations
Search (io.searchbox.core.Search)2
SearchResult (io.searchbox.core.SearchResult)2
FilterAggregation (io.searchbox.core.search.aggregation.FilterAggregation)2
TermsAggregation (io.searchbox.core.search.aggregation.TermsAggregation)2
FilterAggregationBuilder (org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)2
SearchSourceBuilder (org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)2
DateTime (org.joda.time.DateTime)2
ImmutableMap (com.google.common.collect.ImmutableMap)1
DateHistogramAggregation (io.searchbox.core.search.aggregation.DateHistogramAggregation)1
HistogramAggregation (io.searchbox.core.search.aggregation.HistogramAggregation)1
MaxAggregation (io.searchbox.core.search.aggregation.MaxAggregation)1
MinAggregation (io.searchbox.core.search.aggregation.MinAggregation)1
IOException (java.io.IOException)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
BoolQueryBuilder (org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder)1
FieldSortBuilder (org.graylog.shaded.elasticsearch6.org.elasticsearch.search.sort.FieldSortBuilder)1
IndexNotFoundException (org.graylog2.indexer.IndexNotFoundException)1
