Example 6 with GroupResponse
use of org.apache.metron.indexing.dao.search.GroupResponse in project metron by apache.
the class ElasticsearchMetaAlertIntegrationTest method shouldHidesAlertsOnGroup.
@Test
public void shouldHidesAlertsOnGroup() throws Exception {
// Load alerts
List<Map<String, Object>> alerts = buildAlerts(2);
alerts.get(0).put(METAALERT_FIELD, Collections.singletonList("meta_active"));
alerts.get(0).put("ip_src_addr", "192.168.1.1");
alerts.get(0).put("score_field", 1);
alerts.get(1).put("ip_src_addr", "192.168.1.1");
alerts.get(1).put("score_field", 10);
elasticsearchAdd(alerts, INDEX, SENSOR_NAME);
// Put the nested type into the test index, so that it'll match appropriately
((ElasticsearchDao) esDao).getClient().admin().indices().preparePutMapping(INDEX).setType("test_doc").setSource(nestedAlertMapping).get();
// Don't need any meta alerts to actually exist, since we've populated the field on the alerts.
// Verify load was successful
findCreatedDocs(Arrays.asList(new GetRequest("message_0", SENSOR_NAME), new GetRequest("message_1", SENSOR_NAME)));
// Build our group request
Group searchGroup = new Group();
searchGroup.setField("ip_src_addr");
List<Group> groupList = new ArrayList<>();
groupList.add(searchGroup);
GroupResponse groupResponse = metaDao.group(new GroupRequest() {
{
setQuery("ip_src_addr:192.168.1.1");
setIndices(Collections.singletonList("*"));
setScoreField("score_field");
setGroups(groupList);
}
});
// Should only return the standalone alert in the group
GroupResult result = groupResponse.getGroupResults().get(0);
Assert.assertEquals(1, result.getTotal());
Assert.assertEquals("192.168.1.1", result.getKey());
// No delta, since no ops happen
Assert.assertEquals(10.0d, result.getScore(), 0.0d);
}
Also used :
Group(org.apache.metron.indexing.dao.search.Group)
ElasticsearchDao(org.apache.metron.elasticsearch.dao.ElasticsearchDao)
GroupRequest(org.apache.metron.indexing.dao.search.GroupRequest)
GetRequest(org.apache.metron.indexing.dao.search.GetRequest)
ArrayList(java.util.ArrayList)
GroupResult(org.apache.metron.indexing.dao.search.GroupResult)
Map(java.util.Map)
HashMap(java.util.HashMap)
GroupResponse(org.apache.metron.indexing.dao.search.GroupResponse)
Test(org.junit.Test)
Example 7 with GroupResponse
use of org.apache.metron.indexing.dao.search.GroupResponse in project metron by apache.
the class InMemoryDao method group.
@Override
public GroupResponse group(GroupRequest groupRequest) throws InvalidSearchException {
GroupResponse groupResponse = new GroupResponse();
groupResponse.setGroupedBy(groupRequest.getGroups().get(0).getField());
groupResponse.setGroupResults(getGroupResults(groupRequest.getGroups(), 0));
return groupResponse;
}
Also used :
GroupResponse(org.apache.metron.indexing.dao.search.GroupResponse)
Aggregations
GroupResponse (org.apache.metron.indexing.dao.search.GroupResponse)7
GroupRequest (org.apache.metron.indexing.dao.search.GroupRequest)4
GroupResult (org.apache.metron.indexing.dao.search.GroupResult)4
Test (org.junit.Test)4
InvalidSearchException (org.apache.metron.indexing.dao.search.InvalidSearchException)2
IOException (java.io.IOException)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
ElasticsearchDao (org.apache.metron.elasticsearch.dao.ElasticsearchDao)1
FieldType (org.apache.metron.indexing.dao.search.FieldType)1
GetRequest (org.apache.metron.indexing.dao.search.GetRequest)1
Group (org.apache.metron.indexing.dao.search.Group)1
