Examples with GetRequest org.apache.metron.indexing.dao.search.GetRequest used on opensource projects

Example 16 with GetRequest

use of org.apache.metron.indexing.dao.search.GetRequest in project metron by apache.

the class InMemoryDao method getAllLatest.

@Override
public Iterable<Document> getAllLatest(List<GetRequest> getRequests) throws IOException {
    List<Document> documents = new ArrayList<>();
    for (Map.Entry<String, List<String>> kv : BACKING_STORE.entrySet()) {
        for (String doc : kv.getValue()) {
            Map<String, Object> docParsed = parse(doc);
            String guid = (String) docParsed.getOrDefault(Constants.GUID, "");
            for (GetRequest getRequest : getRequests) {
                if (getRequest.getGuid().equals(guid)) {
                    documents.add(new Document(doc, guid, getRequest.getSensorType(), 0L));
                }
            }
        }
    }
    return documents;
}

Example 17 with GetRequest

use of org.apache.metron.indexing.dao.search.GetRequest in project metron by apache.

the class InMemoryMetaAlertDao method createMetaAlert.

@SuppressWarnings("unchecked")
@Override
public MetaAlertCreateResponse createMetaAlert(MetaAlertCreateRequest request) throws InvalidCreateException, IOException {
    List<GetRequest> alertRequests = request.getAlerts();
    if (alertRequests.isEmpty()) {
        MetaAlertCreateResponse response = new MetaAlertCreateResponse();
        response.setCreated(false);
        return response;
    }
    // Build meta alert json.  Give it a reasonable GUID
    JSONObject metaAlert = new JSONObject();
    String metaAlertGuid = "meta_" + (InMemoryDao.BACKING_STORE.get(MetaAlertDao.METAALERTS_INDEX).size() + 1);
    metaAlert.put(GUID, metaAlertGuid);
    JSONArray groupsArray = new JSONArray();
    groupsArray.addAll(request.getGroups());
    metaAlert.put(MetaAlertDao.GROUPS_FIELD, groupsArray);
    // Retrieve the alert for each guid
    // For the purpose of testing, we're just using guids for the alerts field and grabbing the scores.
    JSONArray alertArray = new JSONArray();
    List<Double> threatScores = new ArrayList<>();
    Collection<String> alertGuids = new ArrayList<>();
    for (GetRequest alertRequest : alertRequests) {
        SearchRequest searchRequest = new SearchRequest();
        searchRequest.setIndices(ImmutableList.of(alertRequest.getIndex().get()));
        searchRequest.setQuery("guid:" + alertRequest.getGuid());
        try {
            SearchResponse searchResponse = search(searchRequest);
            List<SearchResult> searchResults = searchResponse.getResults();
            if (searchResults.size() > 1) {
                throw new InvalidCreateException("Found more than one result for: " + alertRequest.getGuid() + ". Values: " + searchResults);
            }
            if (searchResults.size() == 1) {
                SearchResult result = searchResults.get(0);
                alertArray.add(result.getSource());
                Double threatScore = Double.parseDouble(result.getSource().getOrDefault(THREAT_FIELD_DEFAULT, "0").toString());
                threatScores.add(threatScore);
            }
        } catch (InvalidSearchException e) {
            throw new InvalidCreateException("Unable to find guid: " + alertRequest.getGuid(), e);
        }
        alertGuids.add(alertRequest.getGuid());
    }
    metaAlert.put(MetaAlertDao.ALERT_FIELD, alertArray);
    metaAlert.putAll(new MetaScores(threatScores).getMetaScores());
    metaAlert.put(STATUS_FIELD, MetaAlertStatus.ACTIVE.getStatusString());
    // Add the alert to the store, but make sure not to overwrite existing results
    InMemoryDao.BACKING_STORE.get(MetaAlertDao.METAALERTS_INDEX).add(metaAlert.toJSONString());
    METAALERT_STORE.put(metaAlertGuid, new HashSet<>(alertGuids));
    MetaAlertCreateResponse createResponse = new MetaAlertCreateResponse();
    createResponse.setGuid(metaAlertGuid);
    createResponse.setCreated(true);
    return createResponse;
}

Example 18 with GetRequest

use of org.apache.metron.indexing.dao.search.GetRequest in project metron by apache.

the class SearchIntegrationTest method find_one_guid.

@Test
public void find_one_guid() throws Exception {
    GetRequest request = JSONUtils.INSTANCE.load(findOneGuidQuery, GetRequest.class);
    Optional<Map<String, Object>> response = dao.getLatestResult(request);
    Assert.assertTrue(response.isPresent());
    Map<String, Object> doc = response.get();
    Assert.assertEquals("bro", doc.get("source:type"));
    Assert.assertEquals(3, doc.get("timestamp"));
}

Example 19 with GetRequest

use of org.apache.metron.indexing.dao.search.GetRequest in project metron by apache.

the class SearchIntegrationTest method get_all_latest_guid.

@Test
public void get_all_latest_guid() throws Exception {
    List<GetRequest> request = JSONUtils.INSTANCE.load(getAllLatestQuery, new JSONUtils.ReferenceSupplier<List<GetRequest>>() {
    });
    Map<String, Document> docs = new HashMap<>();
    for (Document doc : dao.getAllLatest(request)) {
        docs.put(doc.getGuid(), doc);
    }
    Assert.assertEquals(2, docs.size());
    Assert.assertTrue(docs.keySet().contains("bro_1"));
    Assert.assertTrue(docs.keySet().contains("snort_2"));
    Assert.assertEquals("bro", docs.get("bro_1").getDocument().get("source:type"));
    Assert.assertEquals("snort", docs.get("snort_2").getDocument().get("source:type"));
}