Examples with SearchRequest org.apache.metron.indexing.dao.search.SearchRequest used on opensource projects

Example 16 with SearchRequest

use of org.apache.metron.indexing.dao.search.SearchRequest in project metron by apache.

the class ElasticsearchMetaAlertDaoTest method testInvalidInit.

@Test(expected = IllegalArgumentException.class)
public void testInvalidInit() {
    IndexDao dao = new IndexDao() {

        @Override
        public SearchResponse search(SearchRequest searchRequest) throws InvalidSearchException {
            return null;
        }

        @Override
        public GroupResponse group(GroupRequest groupRequest) throws InvalidSearchException {
            return null;
        }

        @Override
        public void init(AccessConfig config) {
        }

        @Override
        public Document getLatest(String guid, String sensorType) throws IOException {
            return null;
        }

        @Override
        public Iterable<Document> getAllLatest(List<GetRequest> getRequests) throws IOException {
            return null;
        }

        @Override
        public void update(Document update, Optional<String> index) throws IOException {
        }

        @Override
        public void batchUpdate(Map<Document, Optional<String>> updates) throws IOException {
        }

        @Override
        public Map<String, FieldType> getColumnMetadata(List<String> indices) throws IOException {
            return null;
        }
    };
    ElasticsearchMetaAlertDao metaAlertDao = new ElasticsearchMetaAlertDao();
    metaAlertDao.init(dao);
}

Example 17 with SearchRequest

use of org.apache.metron.indexing.dao.search.SearchRequest in project metron by apache.

the class ElasticsearchMetaAlertIntegrationTest method shouldSearchByStatus.

@Test
public void shouldSearchByStatus() throws Exception {
    // Load metaAlerts
    Map<String, Object> activeMetaAlert = buildMetaAlert("meta_active", MetaAlertStatus.ACTIVE, Optional.empty());
    Map<String, Object> inactiveMetaAlert = buildMetaAlert("meta_inactive", MetaAlertStatus.INACTIVE, Optional.empty());
    // We pass MetaAlertDao.METAALERT_TYPE, because the "_doc" gets appended automatically.
    elasticsearchAdd(Arrays.asList(activeMetaAlert, inactiveMetaAlert), METAALERTS_INDEX, MetaAlertDao.METAALERT_TYPE);
    // Verify load was successful
    findCreatedDocs(Arrays.asList(new GetRequest("meta_active", METAALERT_TYPE), new GetRequest("meta_inactive", METAALERT_TYPE)));
    SearchResponse searchResponse = metaDao.search(new SearchRequest() {

        {
            setQuery("*");
            setIndices(Collections.singletonList(MetaAlertDao.METAALERT_TYPE));
            setFrom(0);
            setSize(5);
            setSort(Collections.singletonList(new SortField() {

                {
                    setField(Constants.GUID);
                }
            }));
        }
    });
    // Verify only active meta alerts are returned
    Assert.assertEquals(1, searchResponse.getTotal());
    Assert.assertEquals(MetaAlertStatus.ACTIVE.getStatusString(), searchResponse.getResults().get(0).getSource().get(MetaAlertDao.STATUS_FIELD));
}

Example 18 with SearchRequest

use of org.apache.metron.indexing.dao.search.SearchRequest in project metron by apache.

the class InMemoryMetaAlertDao method getAllMetaAlertsForAlert.

@Override
public SearchResponse getAllMetaAlertsForAlert(String guid) throws InvalidSearchException {
    SearchRequest request;
    try {
        String replacedQuery = metaAlertsForAlertQuery.replace("${GUID}", guid);
        request = JSONUtils.INSTANCE.load(replacedQuery, SearchRequest.class);
    } catch (IOException e) {
        throw new InvalidSearchException("Unable to process query:", e);
    }
    return search(request);
}

Example 19 with SearchRequest

use of org.apache.metron.indexing.dao.search.SearchRequest in project metron by apache.

the class InMemoryMetaAlertDao method createMetaAlert.

@SuppressWarnings("unchecked")
@Override
public MetaAlertCreateResponse createMetaAlert(MetaAlertCreateRequest request) throws InvalidCreateException, IOException {
    List<GetRequest> alertRequests = request.getAlerts();
    if (alertRequests.isEmpty()) {
        MetaAlertCreateResponse response = new MetaAlertCreateResponse();
        response.setCreated(false);
        return response;
    }
    // Build meta alert json.  Give it a reasonable GUID
    JSONObject metaAlert = new JSONObject();
    String metaAlertGuid = "meta_" + (InMemoryDao.BACKING_STORE.get(MetaAlertDao.METAALERTS_INDEX).size() + 1);
    metaAlert.put(GUID, metaAlertGuid);
    JSONArray groupsArray = new JSONArray();
    groupsArray.addAll(request.getGroups());
    metaAlert.put(MetaAlertDao.GROUPS_FIELD, groupsArray);
    // Retrieve the alert for each guid
    // For the purpose of testing, we're just using guids for the alerts field and grabbing the scores.
    JSONArray alertArray = new JSONArray();
    List<Double> threatScores = new ArrayList<>();
    Collection<String> alertGuids = new ArrayList<>();
    for (GetRequest alertRequest : alertRequests) {
        SearchRequest searchRequest = new SearchRequest();
        searchRequest.setIndices(ImmutableList.of(alertRequest.getIndex().get()));
        searchRequest.setQuery("guid:" + alertRequest.getGuid());
        try {
            SearchResponse searchResponse = search(searchRequest);
            List<SearchResult> searchResults = searchResponse.getResults();
            if (searchResults.size() > 1) {
                throw new InvalidCreateException("Found more than one result for: " + alertRequest.getGuid() + ". Values: " + searchResults);
            }
            if (searchResults.size() == 1) {
                SearchResult result = searchResults.get(0);
                alertArray.add(result.getSource());
                Double threatScore = Double.parseDouble(result.getSource().getOrDefault(THREAT_FIELD_DEFAULT, "0").toString());
                threatScores.add(threatScore);
            }
        } catch (InvalidSearchException e) {
            throw new InvalidCreateException("Unable to find guid: " + alertRequest.getGuid(), e);
        }
        alertGuids.add(alertRequest.getGuid());
    }
    metaAlert.put(MetaAlertDao.ALERT_FIELD, alertArray);
    metaAlert.putAll(new MetaScores(threatScores).getMetaScores());
    metaAlert.put(STATUS_FIELD, MetaAlertStatus.ACTIVE.getStatusString());
    // Add the alert to the store, but make sure not to overwrite existing results
    InMemoryDao.BACKING_STORE.get(MetaAlertDao.METAALERTS_INDEX).add(metaAlert.toJSONString());
    METAALERT_STORE.put(metaAlertGuid, new HashSet<>(alertGuids));
    MetaAlertCreateResponse createResponse = new MetaAlertCreateResponse();
    createResponse.setGuid(metaAlertGuid);
    createResponse.setCreated(true);
    return createResponse;
}

Example 20 with SearchRequest

use of org.apache.metron.indexing.dao.search.SearchRequest in project metron by apache.

the class SearchIntegrationTest method sort_query_sorts_results_ascending.

@Test
public void sort_query_sorts_results_ascending() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(sortQuery, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(10, response.getTotal());
    List<SearchResult> results = response.getResults();
    for (int i = 8001; i < 8011; ++i) {
        Assert.assertEquals(i, results.get(i - 8001).getSource().get("ip_src_port"));
    }
}