Example 11 with SortField
use of org.apache.metron.indexing.dao.search.SortField in project metron by apache.
the class ElasticsearchSearchDao method buildSearchRequest.
/**
* Builds an Elasticsearch search request.
* @param searchRequest The Metron search request.
* @param queryBuilder
* @return An Elasticsearch search request.
*/
private org.elasticsearch.action.search.SearchRequest buildSearchRequest(SearchRequest searchRequest, QueryBuilder queryBuilder) throws InvalidSearchException {
if (LOG.isDebugEnabled()) {
LOG.debug("Got search request; request={}", ElasticsearchUtils.toJSON(searchRequest).orElse("???"));
}
SearchSourceBuilder searchBuilder = new SearchSourceBuilder().size(searchRequest.getSize()).from(searchRequest.getFrom()).query(queryBuilder).trackScores(true);
List<String> fields = searchRequest.getFields();
// column metadata needed to understand the type of each sort field
Map<String, FieldType> meta;
try {
meta = columnMetadataDao.getColumnMetadata(searchRequest.getIndices());
} catch (IOException e) {
throw new InvalidSearchException("Unable to get column metadata", e);
}
// handle sort fields
for (SortField sortField : searchRequest.getSort()) {
// what type is the sort field?
FieldType sortFieldType = meta.getOrDefault(sortField.getField(), FieldType.OTHER);
// sort order - if ascending missing values sorted last. otherwise, missing values sorted first
org.elasticsearch.search.sort.SortOrder sortOrder = getElasticsearchSortOrder(sortField.getSortOrder());
String missingSortOrder;
if (sortOrder == org.elasticsearch.search.sort.SortOrder.DESC) {
missingSortOrder = SORT_MISSING_LAST;
} else {
missingSortOrder = SORT_MISSING_FIRST;
}
// sort by the field - missing fields always last
FieldSortBuilder sortBy = new FieldSortBuilder(sortField.getField()).order(sortOrder).missing(missingSortOrder).unmappedType(sortFieldType.getFieldType());
searchBuilder.sort(sortBy);
}
// handle search fields
if (fields != null) {
searchBuilder.fetchSource("*", null);
} else {
searchBuilder.fetchSource(true);
}
List<String> facetFields = searchRequest.getFacetFields();
// handle facet fields
if (facetFields != null) {
// https://www.elastic.co/guide/en/elasticsearch/client/java-api/current/_bucket_aggregations.html
for (String field : facetFields) {
String name = getFacetAggregationName(field);
TermsAggregationBuilder terms = AggregationBuilders.terms(name).field(field);
// new TermsBuilder(name).field(field);
searchBuilder.aggregation(terms);
}
}
// return the search request
String[] indices = wildcardIndices(searchRequest.getIndices());
if (LOG.isDebugEnabled()) {
LOG.debug("Built Elasticsearch request; indices={}, request={}", indices, searchBuilder.toString());
}
return new org.elasticsearch.action.search.SearchRequest().indices(indices).source(searchBuilder);
}
Also used :
SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest)
SortField(org.apache.metron.indexing.dao.search.SortField)
FieldSortBuilder(org.elasticsearch.search.sort.FieldSortBuilder)
IOException(java.io.IOException)
SearchSourceBuilder(org.elasticsearch.search.builder.SearchSourceBuilder)
FieldType(org.apache.metron.indexing.dao.search.FieldType)
TermsAggregationBuilder(org.elasticsearch.search.aggregations.bucket.terms.TermsAggregationBuilder)
InvalidSearchException(org.apache.metron.indexing.dao.search.InvalidSearchException)
Example 12 with SortField
use of org.apache.metron.indexing.dao.search.SortField in project metron by apache.
the class MetaAlertIntegrationTest method shouldSortByThreatTriageScore.
@Test
public void shouldSortByThreatTriageScore() throws Exception {
// Load alerts
List<Map<String, Object>> alerts = buildAlerts(2);
alerts.get(0).put(METAALERT_FIELD, "meta_active_0");
addRecords(alerts, getTestIndexFullName(), SENSOR_NAME);
// Load metaAlerts
List<Map<String, Object>> metaAlerts = buildMetaAlerts(1, MetaAlertStatus.ACTIVE, Optional.of(Collections.singletonList(alerts.get(0))));
// We pass MetaAlertDao.METAALERT_TYPE, because the "_doc" gets appended automatically.
addRecords(metaAlerts, getMetaAlertIndex(), METAALERT_TYPE);
// Verify load was successful
List<GetRequest> createdDocs = metaAlerts.stream().map(metaAlert -> new GetRequest((String) metaAlert.get(Constants.GUID), METAALERT_TYPE)).collect(Collectors.toList());
createdDocs.addAll(alerts.stream().map(alert -> new GetRequest((String) alert.get(Constants.GUID), SENSOR_NAME)).collect(Collectors.toList()));
findCreatedDocs(createdDocs);
// Test descending
SortField sf = new SortField();
sf.setField(getThreatTriageField());
sf.setSortOrder(SortOrder.DESC.getSortOrder());
SearchRequest sr = new SearchRequest();
sr.setQuery("*:*");
sr.setSize(5);
sr.setIndices(Arrays.asList(getTestIndexName(), METAALERT_TYPE));
sr.setSort(Collections.singletonList(sf));
SearchResponse result = metaDao.search(sr);
List<SearchResult> results = result.getResults();
assertEquals(2, results.size());
assertEquals("meta_active_0", results.get((0)).getSource().get(Constants.GUID));
assertEquals("message_1", results.get((1)).getSource().get(Constants.GUID));
// Test ascending
SortField sfAsc = new SortField();
sfAsc.setField(getThreatTriageField());
sfAsc.setSortOrder(SortOrder.ASC.getSortOrder());
SearchRequest srAsc = new SearchRequest();
srAsc.setQuery("*:*");
srAsc.setSize(2);
srAsc.setIndices(Arrays.asList(getTestIndexName(), METAALERT_TYPE));
srAsc.setSort(Collections.singletonList(sfAsc));
result = metaDao.search(srAsc);
results = result.getResults();
assertEquals("message_1", results.get((0)).getSource().get(Constants.GUID));
assertEquals("meta_active_0", results.get((1)).getSource().get(Constants.GUID));
assertEquals(2, results.size());
}
Also used :
Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows)
InvalidSearchException(org.apache.metron.indexing.dao.search.InvalidSearchException)
Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull)
Iterables(com.google.common.collect.Iterables)
Arrays(java.util.Arrays)
SortOrder(org.apache.metron.indexing.dao.search.SortOrder)
STATUS_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.STATUS_FIELD)
Assertions.assertNull(org.junit.jupiter.api.Assertions.assertNull)
HashMap(java.util.HashMap)
PatchRequest(org.apache.metron.indexing.dao.update.PatchRequest)
GroupResult(org.apache.metron.indexing.dao.search.GroupResult)
GroupResponse(org.apache.metron.indexing.dao.search.GroupResponse)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
Group(org.apache.metron.indexing.dao.search.Group)
ParseException(org.json.simple.parser.ParseException)
Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse)
Map(java.util.Map)
SearchResult(org.apache.metron.indexing.dao.search.SearchResult)
JSONUtils(org.apache.metron.common.utils.JSONUtils)
Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals)
METAALERT_TYPE(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_TYPE)
THREAT_FIELD_DEFAULT(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.THREAT_FIELD_DEFAULT)
Document(org.apache.metron.indexing.dao.update.Document)
GroupRequest(org.apache.metron.indexing.dao.search.GroupRequest)
Set(java.util.Set)
IOException(java.io.IOException)
GetRequest(org.apache.metron.indexing.dao.search.GetRequest)
SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest)
Constants(org.apache.metron.common.Constants)
SortField(org.apache.metron.indexing.dao.search.SortField)
Collectors(java.util.stream.Collectors)
OriginalNotFoundException(org.apache.metron.indexing.dao.update.OriginalNotFoundException)
Test(org.junit.jupiter.api.Test)
List(java.util.List)
Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue)
Multiline(org.adrianwalker.multilinestring.Multiline)
ALERT_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.ALERT_FIELD)
Optional(java.util.Optional)
METAALERT_FIELD(org.apache.metron.indexing.dao.metaalert.MetaAlertConstants.METAALERT_FIELD)
TestUtils.assertEventually(org.apache.metron.integration.utils.TestUtils.assertEventually)
Comparator(java.util.Comparator)
Collections(java.util.Collections)
Joiner(com.google.common.base.Joiner)
SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse)
SearchRequest(org.apache.metron.indexing.dao.search.SearchRequest)
GetRequest(org.apache.metron.indexing.dao.search.GetRequest)
SortField(org.apache.metron.indexing.dao.search.SortField)
SearchResult(org.apache.metron.indexing.dao.search.SearchResult)
HashMap(java.util.HashMap)
Map(java.util.Map)
SearchResponse(org.apache.metron.indexing.dao.search.SearchResponse)
Test(org.junit.jupiter.api.Test)
Aggregations
SortField (org.apache.metron.indexing.dao.search.SortField)12
SearchRequest (org.apache.metron.indexing.dao.search.SearchRequest)9
GetRequest (org.apache.metron.indexing.dao.search.GetRequest)7
SearchResponse (org.apache.metron.indexing.dao.search.SearchResponse)7
IOException (java.io.IOException)3
HashMap (java.util.HashMap)3
Map (java.util.Map)3
InvalidSearchException (org.apache.metron.indexing.dao.search.InvalidSearchException)3
ImmutableMap (com.google.common.collect.ImmutableMap)2
MetaAlertIntegrationTest (org.apache.metron.indexing.dao.metaalert.MetaAlertIntegrationTest)2
FieldType (org.apache.metron.indexing.dao.search.FieldType)2
TermsAggregationBuilder (org.elasticsearch.search.aggregations.bucket.terms.TermsAggregationBuilder)2
Test (org.junit.jupiter.api.Test)2
Joiner (com.google.common.base.Joiner)1
Iterables (com.google.common.collect.Iterables)1
ArrayList (java.util.ArrayList)1
Arrays (java.util.Arrays)1
Collections (java.util.Collections)1
Comparator (java.util.Comparator)1
HashSet (java.util.HashSet)1
