Search in sources :

Example 11 with SearchResult

use of org.apache.metron.indexing.dao.search.SearchResult in project metron by apache.

the class SearchIntegrationTest method sort_by_guid.

@Test
public void sort_by_guid() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(sortByGuidQuery, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(5, response.getTotal());
    List<SearchResult> results = response.getResults();
    for (int i = 0; i < 5; ++i) {
        Map<String, Object> source = results.get(i).getSource();
        Assert.assertEquals(1, source.size());
        Assert.assertEquals(source.get("guid"), "bro_" + (i + 1));
    }
}
Also used : SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) Test(org.junit.Test)

Example 12 with SearchResult

use of org.apache.metron.indexing.dao.search.SearchResult in project metron by apache.

the class SearchIntegrationTest method queries_fields.

@Test
public void queries_fields() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(fieldsQuery, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(10, response.getTotal());
    List<SearchResult> results = response.getResults();
    for (int i = 0; i < 5; ++i) {
        Map<String, Object> source = results.get(i).getSource();
        Assert.assertEquals(1, source.size());
        Assert.assertNotNull(source.get("ip_src_addr"));
    }
    for (int i = 5; i < 10; ++i) {
        Map<String, Object> source = results.get(i).getSource();
        Assert.assertEquals(1, source.size());
        Assert.assertNotNull(source.get("ip_src_addr"));
    }
}
Also used : SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) Test(org.junit.Test)

Example 13 with SearchResult

use of org.apache.metron.indexing.dao.search.SearchResult in project metron by apache.

the class SearchIntegrationTest method sort_ascending_with_missing_fields.

@Test
public void sort_ascending_with_missing_fields() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(sortAscendingWithMissingFields, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(10, response.getTotal());
    List<SearchResult> results = response.getResults();
    Assert.assertEquals(10, results.size());
    // the remaining are missing the 'threat:triage:score' and should be sorted last
    for (int i = 0; i < 8; i++) {
        Assert.assertFalse(results.get(i).getSource().containsKey("threat:triage:score"));
    }
    // validate sorted order - there are only 2 with a 'threat:triage:score'
    Assert.assertEquals("10", results.get(8).getSource().get("threat:triage:score"));
    Assert.assertEquals("20", results.get(9).getSource().get("threat:triage:score"));
}
Also used : SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) Test(org.junit.Test)

Example 14 with SearchResult

use of org.apache.metron.indexing.dao.search.SearchResult in project metron by apache.

the class SearchIntegrationTest method filter_query_filters_results.

@Test
public void filter_query_filters_results() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(filterQuery, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(3, response.getTotal());
    List<SearchResult> results = response.getResults();
    Assert.assertEquals("snort", results.get(0).getSource().get("source:type"));
    Assert.assertEquals(9, results.get(0).getSource().get("timestamp"));
    Assert.assertEquals("snort", results.get(1).getSource().get("source:type"));
    Assert.assertEquals(7, results.get(1).getSource().get("timestamp"));
    Assert.assertEquals("bro", results.get(2).getSource().get("source:type"));
    Assert.assertEquals(1, results.get(2).getSource().get("timestamp"));
}
Also used : SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) Test(org.junit.Test)

Example 15 with SearchResult

use of org.apache.metron.indexing.dao.search.SearchResult in project metron by apache.

the class SearchIntegrationTest method all_query_returns_all_results.

@Test
public void all_query_returns_all_results() throws Exception {
    SearchRequest request = JSONUtils.INSTANCE.load(allQuery, SearchRequest.class);
    SearchResponse response = dao.search(request);
    Assert.assertEquals(10, response.getTotal());
    List<SearchResult> results = response.getResults();
    Assert.assertEquals(10, results.size());
    for (int i = 0; i < 5; ++i) {
        Assert.assertEquals("snort", results.get(i).getSource().get("source:type"));
        Assert.assertEquals(10 - i, results.get(i).getSource().get("timestamp"));
    }
    for (int i = 5; i < 10; ++i) {
        Assert.assertEquals("bro", results.get(i).getSource().get("source:type"));
        Assert.assertEquals(10 - i, results.get(i).getSource().get("timestamp"));
    }
}
Also used : SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest) SearchResult(org.apache.metron.indexing.dao.search.SearchResult) SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse) Test(org.junit.Test)

Aggregations

SearchResult (org.apache.metron.indexing.dao.search.SearchResult)16 SearchResponse (org.apache.metron.indexing.dao.search.SearchResponse)15 SearchRequest (org.apache.metron.indexing.dao.search.SearchRequest)12 Test (org.junit.Test)10 InvalidSearchException (org.apache.metron.indexing.dao.search.InvalidSearchException)5 ArrayList (java.util.ArrayList)4 IOException (java.io.IOException)3 MetaAlertCreateResponse (org.apache.metron.indexing.dao.metaalert.MetaAlertCreateResponse)3 GetRequest (org.apache.metron.indexing.dao.search.GetRequest)3 HashMap (java.util.HashMap)2 Map (java.util.Map)2 Collectors (java.util.stream.Collectors)2 Constants (org.apache.metron.common.Constants)2 AccessConfig (org.apache.metron.indexing.dao.AccessConfig)2 IndexDao (org.apache.metron.indexing.dao.IndexDao)2 MetaAlertDao (org.apache.metron.indexing.dao.MetaAlertDao)2 MetaAlertCreateRequest (org.apache.metron.indexing.dao.metaalert.MetaAlertCreateRequest)2 MetaAlertStatus (org.apache.metron.indexing.dao.metaalert.MetaAlertStatus)2 FieldType (org.apache.metron.indexing.dao.search.FieldType)2 GroupRequest (org.apache.metron.indexing.dao.search.GroupRequest)2