use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.
the class MetaAlertIntegrationTest method shouldSortByThreatTriageScore.
@Test
public void shouldSortByThreatTriageScore() throws Exception {
// Load alerts
List<Map<String, Object>> alerts = buildAlerts(2);
alerts.get(0).put(METAALERT_FIELD, "meta_active_0");
addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
// Load metaAlerts
List<Map<String, Object>> metaAlerts = buildMetaAlerts(1, MetaAlertStatus.ACTIVE, Optional.of(Collections.singletonList(alerts.get(0))));
// We pass MetaAlertDao.METAALERT_TYPE, because the "_doc" gets appended automatically.
addRecords(metaAlerts, getMetaAlertIndex(), METAALERT_TYPE);
// Verify load was successful
List<GetRequest> createdDocs = metaAlerts.stream().map(metaAlert -> new GetRequest((String) metaAlert.get(Constants.GUID), METAALERT_TYPE)).collect(Collectors.toList());
createdDocs.addAll(alerts.stream().map(alert -> new GetRequest((String) alert.get(Constants.GUID), SENSOR_NAME)).collect(Collectors.toList()));
findCreatedDocs(createdDocs);
// Test descending
SortField sf = new SortField();
sf.setField(getThreatTriageField());
sf.setSortOrder(SortOrder.DESC.getSortOrder());
SearchRequest sr = new SearchRequest();
sr.setQuery("*:*");
sr.setSize(5);
sr.setIndices(Arrays.asList(getTestIndexName(), METAALERT_TYPE));
sr.setSort(Collections.singletonList(sf));
SearchResponse result = metaDao.search(sr);
List<SearchResult> results = result.getResults();
assertEquals(2, results.size());
assertEquals("meta_active_0", results.get((0)).getSource().get(Constants.GUID));
assertEquals("message_1", results.get((1)).getSource().get(Constants.GUID));
// Test ascending
SortField sfAsc = new SortField();
sfAsc.setField(getThreatTriageField());
sfAsc.setSortOrder(SortOrder.ASC.getSortOrder());
SearchRequest srAsc = new SearchRequest();
srAsc.setQuery("*:*");
srAsc.setSize(2);
srAsc.setIndices(Arrays.asList(getTestIndexName(), METAALERT_TYPE));
srAsc.setSort(Collections.singletonList(sfAsc));
result = metaDao.search(srAsc);
results = result.getResults();
assertEquals("message_1", results.get((0)).getSource().get(Constants.GUID));
assertEquals("meta_active_0", results.get((1)).getSource().get(Constants.GUID));
assertEquals(2, results.size());
}
use of org.apache.metron.indexing.dao.search.SearchResponse in project metron by apache.
the class SolrMetaAlertUpdateDao method update.
/**
* Updates a document in Solr for a given collection. Collection is not optional for Solr.
* @param update The update to be run
* @param collection The index to be updated. Mandatory for Solr
* @return The updated document.
* @throws IOException Thrown when an error occurs during the write.
*/
@Override
public Document update(Document update, Optional<String> collection) throws IOException {
if (MetaAlertConstants.METAALERT_TYPE.equals(update.getSensorType())) {
// We've been passed an update to the meta alert.
throw new UnsupportedOperationException("Meta alerts cannot be directly updated");
}
// Index can't be optional, or it won't be committed
Map<Document, Optional<String>> updates = new HashMap<>();
updates.put(update, collection);
// We need to update an alert itself. It cannot be delegated in Solr; we need to retrieve all
// metaalerts and update the entire document for each.
SearchResponse searchResponse;
try {
searchResponse = metaAlertSearchDao.getAllMetaAlertsForAlert(update.getGuid());
} catch (InvalidSearchException e) {
throw new IOException("Unable to retrieve metaalerts for alert", e);
}
ArrayList<Document> metaAlerts = new ArrayList<>();
for (SearchResult searchResult : searchResponse.getResults()) {
Document doc = new Document(searchResult.getSource(), searchResult.getId(), MetaAlertConstants.METAALERT_TYPE, 0L);
metaAlerts.add(doc);
}
for (Document metaAlert : metaAlerts) {
if (replaceAlertInMetaAlert(metaAlert, update)) {
updates.put(metaAlert, Optional.of(METAALERTS_COLLECTION));
}
}
// Run the alert's update
getUpdateDao().batchUpdate(updates);
try {
solrClient.commit(METAALERTS_COLLECTION);
if (collection.isPresent()) {
solrClient.commit(collection.get());
}
} catch (SolrServerException e) {
throw new IOException("Unable to update document", e);
}
return update;
}
Aggregations