Examples with SearchResponse org.apache.metron.indexing.dao.search.SearchResponse used on opensource projects

Example 6 with SearchResponse

use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.

the class SearchIntegrationTest method sort_descending_with_missing_fields.

@Test
public void sort_descending_with_missing_fields() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(sortDescendingWithMissingFields, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(10, response.getTotal());
    List<SearchResult> results = response.getResults();
    Assert.assertEquals(10, results.size());
    // validate sorted order - there are only 2 with a 'threat:triage:score'
    Assert.assertEquals("20", results.get(0).getSource().get("threat:triage:score"));
    Assert.assertEquals("10", results.get(1).getSource().get("threat:triage:score"));
    // the remaining are missing the 'threat:triage:score' and should be sorted last
    for (int i = 2; i < 10; i++) {
        Assert.assertFalse(results.get(i).getSource().containsKey("threat:triage:score"));
    }
}

Example 7 with SearchResponse

use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.

the class SearchIntegrationTest method no_results_returned_when_query_does_not_match.

@Test
public void no_results_returned_when_query_does_not_match() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(noResultsFieldsQuery, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(0, response.getTotal());
}

Example 8 with SearchResponse

use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.

the class ElasticsearchMetaAlertDao method queryAllResults.

/**
 * Elasticsearch queries default to 10 records returned.  Some internal queries require that all
 * results are returned.  Rather than setting an arbitrarily high size, this method pages through results
 * and returns them all in a single SearchResponse.
 * @param qb
 * @return
 */
protected SearchResponse queryAllResults(QueryBuilder qb) {
    SearchRequestBuilder searchRequestBuilder = elasticsearchDao.getClient().prepareSearch(index).addStoredField("*").setFetchSource(true).setQuery(qb).setSize(pageSize);
    org.elasticsearch.action.search.SearchResponse esResponse = searchRequestBuilder.execute().actionGet();
    List<SearchResult> allResults = getSearchResults(esResponse);
    long total = esResponse.getHits().getTotalHits();
    if (total > pageSize) {
        int pages = (int) (total / pageSize) + 1;
        for (int i = 1; i < pages; i++) {
            int from = i * pageSize;
            searchRequestBuilder.setFrom(from);
            esResponse = searchRequestBuilder.execute().actionGet();
            allResults.addAll(getSearchResults(esResponse));
        }
    }
    SearchResponse searchResponse = new SearchResponse();
    searchResponse.setTotal(total);
    searchResponse.setResults(allResults);
    return searchResponse;
}

Example 9 with SearchResponse

use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.

the class ElasticsearchDaoTest method searchShouldSortByGivenFields.

@Test
public void searchShouldSortByGivenFields() throws Exception {
    // setup the column metadata
    Map<String, FieldType> columnMetadata = new HashMap<>();
    columnMetadata.put("sortByStringDesc", FieldType.TEXT);
    columnMetadata.put("sortByIntAsc", FieldType.INTEGER);
    // setup the dao
    setup(RestStatus.OK, 25, columnMetadata);
    // "sort by" fields for the search request
    SortField[] expectedSortFields = { sortBy("sortByStringDesc", SortOrder.DESC), sortBy("sortByIntAsc", SortOrder.ASC), sortBy("sortByUndefinedDesc", SortOrder.DESC) };
    // create a metron search request
    final List<String> indices = Arrays.asList("bro", "snort");
    SearchRequest searchRequest = new SearchRequest();
    searchRequest.setSize(2);
    searchRequest.setIndices(indices);
    searchRequest.setFrom(5);
    searchRequest.setSort(Arrays.asList(expectedSortFields));
    searchRequest.setQuery("some query");
    // submit the metron search request
    SearchResponse searchResponse = dao.search(searchRequest);
    assertNotNull(searchResponse);
    // capture the elasticsearch search request that was created
    ArgumentCaptor<org.elasticsearch.action.search.SearchRequest> argument = ArgumentCaptor.forClass(org.elasticsearch.action.search.SearchRequest.class);
    verify(requestSubmitter).submitSearch(argument.capture());
    org.elasticsearch.action.search.SearchRequest request = argument.getValue();
    // transform the request to JSON for validation
    JSONParser parser = new JSONParser();
    JSONObject json = (JSONObject) parser.parse(ElasticsearchUtils.toJSON(request).orElse("???"));
    // validate the sort fields
    JSONArray sortFields = (JSONArray) json.get("sort");
    assertEquals(3, sortFields.size());
    {
        // sort by string descending
        JSONObject aSortField = (JSONObject) sortFields.get(0);
        JSONObject sortBy = (JSONObject) aSortField.get("sortByStringDesc");
        assertEquals("desc", sortBy.get("order"));
        assertEquals("_last", sortBy.get("missing"));
        assertEquals("text", sortBy.get("unmapped_type"));
    }
    {
        // sort by integer ascending
        JSONObject aSortField = (JSONObject) sortFields.get(1);
        JSONObject sortByIntAsc = (JSONObject) aSortField.get("sortByIntAsc");
        assertEquals("asc", sortByIntAsc.get("order"));
        assertEquals("_first", sortByIntAsc.get("missing"));
        assertEquals("integer", sortByIntAsc.get("unmapped_type"));
    }
    {
        // sort by unknown type
        JSONObject aSortField = (JSONObject) sortFields.get(2);
        JSONObject sortByUndefinedDesc = (JSONObject) aSortField.get("sortByUndefinedDesc");
        assertEquals("desc", sortByUndefinedDesc.get("order"));
        assertEquals("_last", sortByUndefinedDesc.get("missing"));
        assertEquals("other", sortByUndefinedDesc.get("unmapped_type"));
    }
}

Example 10 with SearchResponse

use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.

the class ElasticsearchMetaAlertIntegrationTest method shouldSearchByStatus.

@Test
public void shouldSearchByStatus() throws Exception {
    // Load metaAlerts
    Map<String, Object> activeMetaAlert = buildMetaAlert("meta_active", MetaAlertStatus.ACTIVE, Optional.empty());
    Map<String, Object> inactiveMetaAlert = buildMetaAlert("meta_inactive", MetaAlertStatus.INACTIVE, Optional.empty());
    // We pass MetaAlertDao.METAALERT_TYPE, because the "_doc" gets appended automatically.
    elasticsearchAdd(Arrays.asList(activeMetaAlert, inactiveMetaAlert), METAALERTS_INDEX, MetaAlertDao.METAALERT_TYPE);
    // Verify load was successful
    findCreatedDocs(Arrays.asList(new GetRequest("meta_active", METAALERT_TYPE), new GetRequest("meta_inactive", METAALERT_TYPE)));
    SearchResponse searchResponse = metaDao.search(new SearchRequest() {

        {
            setQuery("*");
            setIndices(Collections.singletonList(MetaAlertDao.METAALERT_TYPE));
            setFrom(0);
            setSize(5);
            setSort(Collections.singletonList(new SortField() {

                {
                    setField(Constants.GUID);
                }
            }));
        }
    });
    // Verify only active meta alerts are returned
    Assert.assertEquals(1, searchResponse.getTotal());
    Assert.assertEquals(MetaAlertStatus.ACTIVE.getStatusString(), searchResponse.getResults().get(0).getSource().get(MetaAlertDao.STATUS_FIELD));
}