use of org.apache.metron.indexing.dao.search.InvalidSearchException in project metron by apache.
the class ElasticsearchDao method group.
/**
* Defers to a provided {@link org.elasticsearch.index.query.QueryBuilder} for the query.
* @param groupRequest The request defining the parameters of the grouping
* @param queryBuilder The actual query to be run. Intended for if the SearchRequest requires wrapping
* @return The results of the query
* @throws InvalidSearchException When the query is malformed or the current state doesn't allow search
*/
protected GroupResponse group(GroupRequest groupRequest, QueryBuilder queryBuilder) throws InvalidSearchException {
org.elasticsearch.action.search.SearchRequest esRequest;
org.elasticsearch.action.search.SearchResponse esResponse;
if (client == null) {
throw new InvalidSearchException("Uninitialized Dao! You must call init() prior to use.");
}
if (groupRequest.getGroups() == null || groupRequest.getGroups().size() == 0) {
throw new InvalidSearchException("At least 1 group must be provided.");
}
esRequest = buildGroupRequest(groupRequest, queryBuilder);
esResponse = requestSubmitter.submitSearch(esRequest);
GroupResponse response = buildGroupResponse(groupRequest, esResponse);
return response;
}
use of org.apache.metron.indexing.dao.search.InvalidSearchException in project metron by apache.
the class ElasticsearchDao method buildGroupResponse.
/**
* Build a group response.
* @param groupRequest The original group request.
* @param response The search response.
* @return A group response.
* @throws InvalidSearchException
*/
private GroupResponse buildGroupResponse(GroupRequest groupRequest, org.elasticsearch.action.search.SearchResponse response) throws InvalidSearchException {
// build the search response
Map<String, FieldType> commonColumnMetadata;
try {
commonColumnMetadata = getColumnMetadata(groupRequest.getIndices());
} catch (IOException e) {
throw new InvalidSearchException(String.format("Could not get common column metadata for indices %s", Arrays.toString(groupRequest.getIndices().toArray())));
}
GroupResponse groupResponse = new GroupResponse();
groupResponse.setGroupedBy(groupRequest.getGroups().get(0).getField());
groupResponse.setGroupResults(getGroupResults(groupRequest, 0, response.getAggregations(), commonColumnMetadata));
return groupResponse;
}
use of org.apache.metron.indexing.dao.search.InvalidSearchException in project metron by apache.
the class InMemoryMetaAlertDao method getAllMetaAlertsForAlert.
@Override
public SearchResponse getAllMetaAlertsForAlert(String guid) throws InvalidSearchException {
SearchRequest request;
try {
String replacedQuery = metaAlertsForAlertQuery.replace("${GUID}", guid);
request = JSONUtils.INSTANCE.load(replacedQuery, SearchRequest.class);
} catch (IOException e) {
throw new InvalidSearchException("Unable to process query:", e);
}
return search(request);
}
use of org.apache.metron.indexing.dao.search.InvalidSearchException in project metron by apache.
the class InMemoryMetaAlertDao method createMetaAlert.
@SuppressWarnings("unchecked")
@Override
public MetaAlertCreateResponse createMetaAlert(MetaAlertCreateRequest request) throws InvalidCreateException, IOException {
List<GetRequest> alertRequests = request.getAlerts();
if (alertRequests.isEmpty()) {
MetaAlertCreateResponse response = new MetaAlertCreateResponse();
response.setCreated(false);
return response;
}
// Build meta alert json. Give it a reasonable GUID
JSONObject metaAlert = new JSONObject();
String metaAlertGuid = "meta_" + (InMemoryDao.BACKING_STORE.get(MetaAlertDao.METAALERTS_INDEX).size() + 1);
metaAlert.put(GUID, metaAlertGuid);
JSONArray groupsArray = new JSONArray();
groupsArray.addAll(request.getGroups());
metaAlert.put(MetaAlertDao.GROUPS_FIELD, groupsArray);
// Retrieve the alert for each guid
// For the purpose of testing, we're just using guids for the alerts field and grabbing the scores.
JSONArray alertArray = new JSONArray();
List<Double> threatScores = new ArrayList<>();
Collection<String> alertGuids = new ArrayList<>();
for (GetRequest alertRequest : alertRequests) {
SearchRequest searchRequest = new SearchRequest();
searchRequest.setIndices(ImmutableList.of(alertRequest.getIndex().get()));
searchRequest.setQuery("guid:" + alertRequest.getGuid());
try {
SearchResponse searchResponse = search(searchRequest);
List<SearchResult> searchResults = searchResponse.getResults();
if (searchResults.size() > 1) {
throw new InvalidCreateException("Found more than one result for: " + alertRequest.getGuid() + ". Values: " + searchResults);
}
if (searchResults.size() == 1) {
SearchResult result = searchResults.get(0);
alertArray.add(result.getSource());
Double threatScore = Double.parseDouble(result.getSource().getOrDefault(THREAT_FIELD_DEFAULT, "0").toString());
threatScores.add(threatScore);
}
} catch (InvalidSearchException e) {
throw new InvalidCreateException("Unable to find guid: " + alertRequest.getGuid(), e);
}
alertGuids.add(alertRequest.getGuid());
}
metaAlert.put(MetaAlertDao.ALERT_FIELD, alertArray);
metaAlert.putAll(new MetaScores(threatScores).getMetaScores());
metaAlert.put(STATUS_FIELD, MetaAlertStatus.ACTIVE.getStatusString());
// Add the alert to the store, but make sure not to overwrite existing results
InMemoryDao.BACKING_STORE.get(MetaAlertDao.METAALERTS_INDEX).add(metaAlert.toJSONString());
METAALERT_STORE.put(metaAlertGuid, new HashSet<>(alertGuids));
MetaAlertCreateResponse createResponse = new MetaAlertCreateResponse();
createResponse.setGuid(metaAlertGuid);
createResponse.setCreated(true);
return createResponse;
}
Aggregations