Examples with SearchResult org.apache.metron.indexing.dao.search.SearchResult used on opensource projects

Example 6 with SearchResult

use of org.apache.metron.indexing.dao.search.SearchResult in project metron by apache.

the class SearchIntegrationTest method sort_descending_with_missing_fields.

@Test
public void sort_descending_with_missing_fields() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(sortDescendingWithMissingFields, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(10, response.getTotal());
    List<SearchResult> results = response.getResults();
    Assert.assertEquals(10, results.size());
    // validate sorted order - there are only 2 with a 'threat:triage:score'
    Assert.assertEquals("20", results.get(0).getSource().get("threat:triage:score"));
    Assert.assertEquals("10", results.get(1).getSource().get("threat:triage:score"));
    // the remaining are missing the 'threat:triage:score' and should be sorted last
    for (int i = 2; i < 10; i++) {
        Assert.assertFalse(results.get(i).getSource().containsKey("threat:triage:score"));
    }
}

Example 7 with SearchResult

use of org.apache.metron.indexing.dao.search.SearchResult in project metron by apache.

the class ElasticsearchMetaAlertDao method queryAllResults.

/**
 * Elasticsearch queries default to 10 records returned.  Some internal queries require that all
 * results are returned.  Rather than setting an arbitrarily high size, this method pages through results
 * and returns them all in a single SearchResponse.
 * @param qb
 * @return
 */
protected SearchResponse queryAllResults(QueryBuilder qb) {
    SearchRequestBuilder searchRequestBuilder = elasticsearchDao.getClient().prepareSearch(index).addStoredField("*").setFetchSource(true).setQuery(qb).setSize(pageSize);
    org.elasticsearch.action.search.SearchResponse esResponse = searchRequestBuilder.execute().actionGet();
    List<SearchResult> allResults = getSearchResults(esResponse);
    long total = esResponse.getHits().getTotalHits();
    if (total > pageSize) {
        int pages = (int) (total / pageSize) + 1;
        for (int i = 1; i < pages; i++) {
            int from = i * pageSize;
            searchRequestBuilder.setFrom(from);
            esResponse = searchRequestBuilder.execute().actionGet();
            allResults.addAll(getSearchResults(esResponse));
        }
    }
    SearchResponse searchResponse = new SearchResponse();
    searchResponse.setTotal(total);
    searchResponse.setResults(allResults);
    return searchResponse;
}

Example 8 with SearchResult

use of org.apache.metron.indexing.dao.search.SearchResult in project metron by apache.

the class InMemoryMetaAlertDao method createMetaAlert.

@SuppressWarnings("unchecked")
@Override
public MetaAlertCreateResponse createMetaAlert(MetaAlertCreateRequest request) throws InvalidCreateException, IOException {
    List<GetRequest> alertRequests = request.getAlerts();
    if (alertRequests.isEmpty()) {
        MetaAlertCreateResponse response = new MetaAlertCreateResponse();
        response.setCreated(false);
        return response;
    }
    // Build meta alert json.  Give it a reasonable GUID
    JSONObject metaAlert = new JSONObject();
    String metaAlertGuid = "meta_" + (InMemoryDao.BACKING_STORE.get(MetaAlertDao.METAALERTS_INDEX).size() + 1);
    metaAlert.put(GUID, metaAlertGuid);
    JSONArray groupsArray = new JSONArray();
    groupsArray.addAll(request.getGroups());
    metaAlert.put(MetaAlertDao.GROUPS_FIELD, groupsArray);
    // Retrieve the alert for each guid
    // For the purpose of testing, we're just using guids for the alerts field and grabbing the scores.
    JSONArray alertArray = new JSONArray();
    List<Double> threatScores = new ArrayList<>();
    Collection<String> alertGuids = new ArrayList<>();
    for (GetRequest alertRequest : alertRequests) {
        SearchRequest searchRequest = new SearchRequest();
        searchRequest.setIndices(ImmutableList.of(alertRequest.getIndex().get()));
        searchRequest.setQuery("guid:" + alertRequest.getGuid());
        try {
            SearchResponse searchResponse = search(searchRequest);
            List<SearchResult> searchResults = searchResponse.getResults();
            if (searchResults.size() > 1) {
                throw new InvalidCreateException("Found more than one result for: " + alertRequest.getGuid() + ". Values: " + searchResults);
            }
            if (searchResults.size() == 1) {
                SearchResult result = searchResults.get(0);
                alertArray.add(result.getSource());
                Double threatScore = Double.parseDouble(result.getSource().getOrDefault(THREAT_FIELD_DEFAULT, "0").toString());
                threatScores.add(threatScore);
            }
        } catch (InvalidSearchException e) {
            throw new InvalidCreateException("Unable to find guid: " + alertRequest.getGuid(), e);
        }
        alertGuids.add(alertRequest.getGuid());
    }
    metaAlert.put(MetaAlertDao.ALERT_FIELD, alertArray);
    metaAlert.putAll(new MetaScores(threatScores).getMetaScores());
    metaAlert.put(STATUS_FIELD, MetaAlertStatus.ACTIVE.getStatusString());
    // Add the alert to the store, but make sure not to overwrite existing results
    InMemoryDao.BACKING_STORE.get(MetaAlertDao.METAALERTS_INDEX).add(metaAlert.toJSONString());
    METAALERT_STORE.put(metaAlertGuid, new HashSet<>(alertGuids));
    MetaAlertCreateResponse createResponse = new MetaAlertCreateResponse();
    createResponse.setGuid(metaAlertGuid);
    createResponse.setCreated(true);
    return createResponse;
}

Example 9 with SearchResult

use of org.apache.metron.indexing.dao.search.SearchResult in project metron by apache.

the class SearchIntegrationTest method sort_query_sorts_results_ascending.

@Test
public void sort_query_sorts_results_ascending() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(sortQuery, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(10, response.getTotal());
    List<SearchResult> results = response.getResults();
    for (int i = 8001; i < 8011; ++i) {
        Assert.assertEquals(i, results.get(i - 8001).getSource().get("ip_src_port"));
    }
}

Example 10 with SearchResult

use of org.apache.metron.indexing.dao.search.SearchResult in project metron by apache.

the class SearchIntegrationTest method returns_results_only_for_specified_indices.

@Test
public void returns_results_only_for_specified_indices() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(indexQuery, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(5, response.getTotal());
    List<SearchResult> results = response.getResults();
    for (int i = 5, j = 0; i > 0; i--, j++) {
        Assert.assertEquals("bro", results.get(j).getSource().get("source:type"));
        Assert.assertEquals(i, results.get(j).getSource().get("timestamp"));
    }
}