Examples with GetRequest org.apache.metron.indexing.dao.search.GetRequest used on opensource projects

Example 11 with GetRequest

use of org.apache.metron.indexing.dao.search.GetRequest in project metron by apache.

the class ElasticsearchMetaAlertDao method createMetaAlert.

@Override
@SuppressWarnings("unchecked")
public MetaAlertCreateResponse createMetaAlert(MetaAlertCreateRequest request) throws InvalidCreateException, IOException {
    List<GetRequest> alertRequests = request.getAlerts();
    if (request.getAlerts().isEmpty()) {
        throw new InvalidCreateException("MetaAlertCreateRequest must contain alerts");
    }
    if (request.getGroups().isEmpty()) {
        throw new InvalidCreateException("MetaAlertCreateRequest must contain UI groups");
    }
    // Retrieve the documents going into the meta alert and build it
    Iterable<Document> alerts = indexDao.getAllLatest(alertRequests);
    Document metaAlert = buildCreateDocument(alerts, request.getGroups());
    calculateMetaScores(metaAlert);
    // Add source type to be consistent with other sources and allow filtering
    metaAlert.getDocument().put(SOURCE_TYPE, MetaAlertDao.METAALERT_TYPE);
    // Start a list of updates / inserts we need to run
    Map<Document, Optional<String>> updates = new HashMap<>();
    updates.put(metaAlert, Optional.of(MetaAlertDao.METAALERTS_INDEX));
    try {
        // We need to update the associated alerts with the new meta alerts, making sure existing
        // links are maintained.
        Map<String, Optional<String>> guidToIndices = alertRequests.stream().collect(Collectors.toMap(GetRequest::getGuid, GetRequest::getIndex));
        Map<String, String> guidToSensorTypes = alertRequests.stream().collect(Collectors.toMap(GetRequest::getGuid, GetRequest::getSensorType));
        for (Document alert : alerts) {
            if (addMetaAlertToAlert(metaAlert.getGuid(), alert)) {
                // Use the index in the request if it exists
                Optional<String> index = guidToIndices.get(alert.getGuid());
                if (!index.isPresent()) {
                    // Look up the index from Elasticsearch if one is not supplied in the request
                    index = elasticsearchDao.getIndexName(alert.getGuid(), guidToSensorTypes.get(alert.getGuid()));
                    if (!index.isPresent()) {
                        throw new IllegalArgumentException("Could not find index for " + alert.getGuid());
                    }
                }
                updates.put(alert, index);
            }
        }
        // Kick off any updates.
        indexDaoUpdate(updates);
        MetaAlertCreateResponse createResponse = new MetaAlertCreateResponse();
        createResponse.setCreated(true);
        createResponse.setGuid(metaAlert.getGuid());
        return createResponse;
    } catch (IOException ioe) {
        throw new InvalidCreateException("Unable to create meta alert", ioe);
    }
}

Example 12 with GetRequest

use of org.apache.metron.indexing.dao.search.GetRequest in project metron by apache.

the class ElasticsearchMetaAlertDaoTest method testCreateMetaAlertEmptyGroups.

@Test(expected = InvalidCreateException.class)
public void testCreateMetaAlertEmptyGroups() throws InvalidCreateException, IOException {
    ElasticsearchDao esDao = new ElasticsearchDao();
    ElasticsearchMetaAlertDao emaDao = new ElasticsearchMetaAlertDao();
    emaDao.init(esDao);
    MetaAlertCreateRequest createRequest = new MetaAlertCreateRequest();
    createRequest.setAlerts(Collections.singletonList(new GetRequest("don't", "care")));
    emaDao.createMetaAlert(createRequest);
}

Example 13 with GetRequest

use of org.apache.metron.indexing.dao.search.GetRequest in project metron by apache.

the class ElasticsearchMetaAlertIntegrationTest method shouldSearchByStatus.

@Test
public void shouldSearchByStatus() throws Exception {
    // Load metaAlerts
    Map<String, Object> activeMetaAlert = buildMetaAlert("meta_active", MetaAlertStatus.ACTIVE, Optional.empty());
    Map<String, Object> inactiveMetaAlert = buildMetaAlert("meta_inactive", MetaAlertStatus.INACTIVE, Optional.empty());
    // We pass MetaAlertDao.METAALERT_TYPE, because the "_doc" gets appended automatically.
    elasticsearchAdd(Arrays.asList(activeMetaAlert, inactiveMetaAlert), METAALERTS_INDEX, MetaAlertDao.METAALERT_TYPE);
    // Verify load was successful
    findCreatedDocs(Arrays.asList(new GetRequest("meta_active", METAALERT_TYPE), new GetRequest("meta_inactive", METAALERT_TYPE)));
    SearchResponse searchResponse = metaDao.search(new SearchRequest() {

        {
            setQuery("*");
            setIndices(Collections.singletonList(MetaAlertDao.METAALERT_TYPE));
            setFrom(0);
            setSize(5);
            setSort(Collections.singletonList(new SortField() {

                {
                    setField(Constants.GUID);
                }
            }));
        }
    });
    // Verify only active meta alerts are returned
    Assert.assertEquals(1, searchResponse.getTotal());
    Assert.assertEquals(MetaAlertStatus.ACTIVE.getStatusString(), searchResponse.getResults().get(0).getSource().get(MetaAlertDao.STATUS_FIELD));
}

Example 14 with GetRequest

use of org.apache.metron.indexing.dao.search.GetRequest in project metron by apache.

the class ElasticsearchMetaAlertIntegrationTest method shouldHidesAlertsOnGroup.

@Test
public void shouldHidesAlertsOnGroup() throws Exception {
    // Load alerts
    List<Map<String, Object>> alerts = buildAlerts(2);
    alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_active"));
    alerts.get(0).put("ip_src_addr", "192.168.1.1");
    alerts.get(0).put("score_field", 1);
    alerts.get(1).put("ip_src_addr", "192.168.1.1");
    alerts.get(1).put("score_field", 10);
    elasticsearchAdd(alerts, INDEX, SENSOR_NAME);
    // Put the nested type into the test index, so that it'll match appropriately
    ((ElasticsearchDao) esDao).getClient().admin().indices().preparePutMapping(INDEX).setType("test_doc").setSource(nestedAlertMapping).get();
    // Don't need any meta alerts to actually exist, since we've populated the field on the alerts.
    // Verify load was successful
    findCreatedDocs(Arrays.asList(new GetRequest("message_0", SENSOR_NAME), new GetRequest("message_1", SENSOR_NAME)));
    // Build our group request
    Group searchGroup = new Group();
    searchGroup.setField("ip_src_addr");
    List<Group> groupList = new ArrayList<>();
    groupList.add(searchGroup);
    GroupResponse groupResponse = metaDao.group(new GroupRequest() {

        {
            setQuery("ip_src_addr:192.168.1.1");
            setIndices(Collections.singletonList("*"));
            setScoreField("score_field");
            setGroups(groupList);
        }
    });
    // Should only return the standalone alert in the group
    GroupResult result = groupResponse.getGroupResults().get(0);
    Assert.assertEquals(1, result.getTotal());
    Assert.assertEquals("192.168.1.1", result.getKey());
    // No delta, since no ops happen
    Assert.assertEquals(10.0d, result.getScore(), 0.0d);
}

Example 15 with GetRequest

use of org.apache.metron.indexing.dao.search.GetRequest in project metron by apache.

the class ElasticsearchMetaAlertIntegrationTest method addRemoveAlertsShouldThrowExceptionForInactiveMetaAlert.

@Test
public void addRemoveAlertsShouldThrowExceptionForInactiveMetaAlert() throws Exception {
    // Load alerts
    List<Map<String, Object>> alerts = buildAlerts(2);
    alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_alert"));
    elasticsearchAdd(alerts, INDEX, SENSOR_NAME);
    // Load metaAlert
    Map<String, Object> metaAlert = buildMetaAlert("meta_alert", MetaAlertStatus.INACTIVE, Optional.of(Collections.singletonList(alerts.get(0))));
    elasticsearchAdd(Collections.singletonList(metaAlert), METAALERTS_INDEX, METAALERT_TYPE);
    // Verify load was successful
    findCreatedDocs(Arrays.asList(new GetRequest("message_0", SENSOR_NAME), new GetRequest("message_1", SENSOR_NAME), new GetRequest("meta_alert", METAALERT_TYPE)));
    {
        // Verify alerts cannot be added to an INACTIVE meta alert
        try {
            metaDao.addAlertsToMetaAlert("meta_alert", Collections.singletonList(new GetRequest("message_1", SENSOR_NAME)));
            Assert.fail("Adding alerts to an inactive meta alert should throw an exception");
        } catch (IllegalStateException ise) {
            Assert.assertEquals("Adding alerts to an INACTIVE meta alert is not allowed", ise.getMessage());
        }
    }
    {
        // Verify alerts cannot be removed from an INACTIVE meta alert
        try {
            metaDao.removeAlertsFromMetaAlert("meta_alert", Collections.singletonList(new GetRequest("message_0", SENSOR_NAME)));
            Assert.fail("Removing alerts from an inactive meta alert should throw an exception");
        } catch (IllegalStateException ise) {
            Assert.assertEquals("Removing alerts from an INACTIVE meta alert is not allowed", ise.getMessage());
        }
    }
}