Example 1 with METAALERT_FIELD
use of org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_FIELD in project metron by apache.
the class MetaAlertIntegrationTest method shouldSortByThreatTriageScore.
@Test
public void shouldSortByThreatTriageScore() throws Exception {
// Load alerts
List<Map<String, Object>> alerts = buildAlerts(2);
alerts.get(0).put(METAALERT_FIELD, "meta_active_0");
addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
// Load metaAlerts
List<Map<String, Object>> metaAlerts = buildMetaAlerts(1, MetaAlertStatus.ACTIVE, Optional.of(Collections.singletonList(alerts.get(0))));
// We pass MetaAlertDao.METAALERT_TYPE, because the "_doc" gets appended automatically.
addRecords(metaAlerts, getMetaAlertIndex(), METAALERT_TYPE);
// Verify load was successful
List<GetRequest> createdDocs = metaAlerts.stream().map(metaAlert -> new GetRequest((String) metaAlert.get(Constants.GUID), METAALERT_TYPE)).collect(Collectors.toList());
createdDocs.addAll(alerts.stream().map(alert -> new GetRequest((String) alert.get(Constants.GUID), SENSOR_NAME)).collect(Collectors.toList()));
findCreatedDocs(createdDocs);
// Test descending
SortField sf = new SortField();
sf.setField(getThreatTriageField());
sf.setSortOrder(SortOrder.DESC.getSortOrder());
SearchRequest sr = new SearchRequest();
sr.setQuery("*:*");
sr.setSize(5);
sr.setIndices(Arrays.asList(getTestIndexName(), METAALERT_TYPE));
sr.setSort(Collections.singletonList(sf));
SearchResponse result = metaDao.search(sr);
List<SearchResult> results = result.getResults();
assertEquals(2, results.size());
assertEquals("meta_active_0", results.get((0)).getSource().get(Constants.GUID));
assertEquals("message_1", results.get((1)).getSource().get(Constants.GUID));
// Test ascending
SortField sfAsc = new SortField();
sfAsc.setField(getThreatTriageField());
sfAsc.setSortOrder(SortOrder.ASC.getSortOrder());
SearchRequest srAsc = new SearchRequest();
srAsc.setQuery("*:*");
srAsc.setSize(2);
srAsc.setIndices(Arrays.asList(getTestIndexName(), METAALERT_TYPE));
srAsc.setSort(Collections.singletonList(sfAsc));
result = metaDao.search(srAsc);
results = result.getResults();
assertEquals("message_1", results.get((0)).getSource().get(Constants.GUID));
assertEquals("meta_active_0", results.get((1)).getSource().get(Constants.GUID));
assertEquals(2, results.size());
}
Also used :
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
InvalidSearchException(org.apache.metron.indexing.dao.search.InvalidSearchException)
Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull)
Iterables(com.google.common.collect.Iterables)
Arrays(java.util.Arrays)
SortOrder(org.apache.metron.indexing.dao.search.SortOrder)
STATUS_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.STATUS_FIELD)
Assertions.assertNull(org.junit.jupiter.api.Assertions.assertNull)
HashMap(java.util.HashMap)
PatchRequest(org.apache.metron.indexing.dao.update.PatchRequest)
GroupResult(org.apache.metron.indexing.dao.search.GroupResult)
GroupResponse(org.apache.metron.indexing.dao.search.GroupResponse)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
Group(org.apache.metron.indexing.dao.search.Group)
ParseException(org.json.simple.parser.ParseException)
Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse)
Map(java.util.Map)
SearchResult(org.apache.metron.indexing.dao.search.SearchResult)
JSONUtils(org.apache.metron.common.utils.JSONUtils)
Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals)
METAALERT_TYPE(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_TYPE)
THREAT_FIELD_DEFAULT(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.THREAT_FIELD_DEFAULT)
Document(org.apache.metron.indexing.dao.update.Document)
GroupRequest(org.apache.metron.indexing.dao.search.GroupRequest)
Set(java.util.Set)
IOException(java.io.IOException)
GetRequest(org.apache.metron.indexing.dao.search.GetRequest)
SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest)
Constants(org.apache.metron.common.Constants)
SortField(org.apache.metron.indexing.dao.search.SortField)
Collectors(java.util.stream.Collectors)
OriginalNotFoundException(org.apache.metron.indexing.dao.update.OriginalNotFoundException)
Test(org.junit.jupiter.api.Test)
List(java.util.List)
Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue)
Multiline(org.adrianwalker.multilinestring.Multiline)
ALERT_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.ALERT_FIELD)
Optional(java.util.Optional)
METAALERT_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_FIELD)
TestUtils.assertEventually(org.apache.metron.integration.utils.TestUtils.assertEventually)
Comparator(java.util.Comparator)
Collections(java.util.Collections)
Joiner(com.google.common.base.Joiner)
SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse)
SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest)
GetRequest(org.apache.metron.indexing.dao.search.GetRequest)
SortField(org.apache.metron.indexing.dao.search.SortField)
SearchResult(org.apache.metron.indexing.dao.search.SearchResult)
HashMap(java.util.HashMap)
Map(java.util.Map)
SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
Joiner (com.google.common.base.Joiner)1
Iterables (com.google.common.collect.Iterables)1
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
Arrays (java.util.Arrays)1
Collections (java.util.Collections)1
Comparator (java.util.Comparator)1
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
List (java.util.List)1
Map (java.util.Map)1
Optional (java.util.Optional)1
Set (java.util.Set)1
Collectors (java.util.stream.Collectors)1
Multiline (org.adrianwalker.multilinestring.Multiline)1
Constants (org.apache.metron.common.Constants)1
JSONUtils (org.apache.metron.common.utils.JSONUtils)1
ALERT_FIELD (org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.ALERT_FIELD)1
METAALERT_FIELD (org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_FIELD)1
METAALERT_TYPE (org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_TYPE)1
