Examples with Document org.apache.metron.indexing.dao.update.Document used on opensource projects

Example 1 with Document

use of org.apache.metron.indexing.dao.update.Document in project metron by apache.

the class ElasticsearchMetaAlertDao method addAlertsToMetaAlert.

protected boolean addAlertsToMetaAlert(Document metaAlert, Iterable<Document> alerts) {
    boolean alertAdded = false;
    List<Map<String, Object>> currentAlerts = (List<Map<String, Object>>) metaAlert.getDocument().get(ALERT_FIELD);
    Set<String> currentAlertGuids = currentAlerts.stream().map(currentAlert -> (String) currentAlert.get(GUID)).collect(Collectors.toSet());
    for (Document alert : alerts) {
        String alertGuid = alert.getGuid();
        // Only add an alert if it isn't already in the meta alert
        if (!currentAlertGuids.contains(alertGuid)) {
            currentAlerts.add(alert.getDocument());
            alertAdded = true;
        }
    }
    return alertAdded;
}

Example 2 with Document

use of org.apache.metron.indexing.dao.update.Document in project metron by apache.

the class ElasticsearchMetaAlertDao method update.

@Override
public void update(Document update, Optional<String> index) throws IOException {
    if (METAALERT_TYPE.equals(update.getSensorType())) {
        // We've been passed an update to the meta alert.
        throw new UnsupportedOperationException("Meta alerts cannot be directly updated");
    } else {
        Map<Document, Optional<String>> updates = new HashMap<>();
        updates.put(update, index);
        // We need to update an alert itself.  Only that portion of the update can be delegated.
        // We still need to get meta alerts potentially associated with it and update.
        Collection<Document> metaAlerts = getMetaAlertsForAlert(update.getGuid()).getResults().stream().map(searchResult -> new Document(searchResult.getSource(), searchResult.getId(), METAALERT_TYPE, 0L)).collect(Collectors.toList());
        // Each meta alert needs to be updated with the new alert
        for (Document metaAlert : metaAlerts) {
            replaceAlertInMetaAlert(metaAlert, update);
            updates.put(metaAlert, Optional.of(METAALERTS_INDEX));
        }
        // Run the alert's update
        indexDao.batchUpdate(updates);
    }
}

Example 3 with Document

use of org.apache.metron.indexing.dao.update.Document in project metron by apache.

the class ElasticsearchMetaAlertDao method removeAlertsFromMetaAlert.

@Override
public boolean removeAlertsFromMetaAlert(String metaAlertGuid, List<GetRequest> alertRequests) throws IOException {
    Map<Document, Optional<String>> updates = new HashMap<>();
    Document metaAlert = indexDao.getLatest(metaAlertGuid, METAALERT_TYPE);
    if (MetaAlertStatus.ACTIVE.getStatusString().equals(metaAlert.getDocument().get(STATUS_FIELD))) {
        Iterable<Document> alerts = indexDao.getAllLatest(alertRequests);
        Collection<String> alertGuids = alertRequests.stream().map(GetRequest::getGuid).collect(Collectors.toList());
        boolean metaAlertUpdated = removeAlertsFromMetaAlert(metaAlert, alertGuids);
        if (metaAlertUpdated) {
            calculateMetaScores(metaAlert);
            updates.put(metaAlert, Optional.of(index));
            for (Document alert : alerts) {
                if (removeMetaAlertFromAlert(metaAlert.getGuid(), alert)) {
                    updates.put(alert, Optional.empty());
                }
            }
            indexDaoUpdate(updates);
        }
        return metaAlertUpdated;
    } else {
        throw new IllegalStateException("Removing alerts from an INACTIVE meta alert is not allowed");
    }
}

Example 4 with Document

use of org.apache.metron.indexing.dao.update.Document in project metron by apache.

the class ElasticsearchMetaAlertDao method getAllAlertsForMetaAlert.

@SuppressWarnings("unchecked")
protected List<Map<String, Object>> getAllAlertsForMetaAlert(Document update) throws IOException {
    Document latest = indexDao.getLatest(update.getGuid(), MetaAlertDao.METAALERT_TYPE);
    if (latest == null) {
        return new ArrayList<>();
    }
    List<String> guids = new ArrayList<>();
    List<Map<String, Object>> latestAlerts = (List<Map<String, Object>>) latest.getDocument().get(MetaAlertDao.ALERT_FIELD);
    for (Map<String, Object> alert : latestAlerts) {
        guids.add((String) alert.get(Constants.GUID));
    }
    List<Map<String, Object>> alerts = new ArrayList<>();
    QueryBuilder query = QueryBuilders.idsQuery().addIds(guids.toArray(new String[0]));
    SearchRequestBuilder request = elasticsearchDao.getClient().prepareSearch().setQuery(query);
    org.elasticsearch.action.search.SearchResponse response = request.get();
    for (SearchHit hit : response.getHits().getHits()) {
        alerts.add(hit.sourceAsMap());
    }
    return alerts;
}

Example 5 with Document

use of org.apache.metron.indexing.dao.update.Document in project metron by apache.

the class ElasticsearchMetaAlertDao method addAlertsToMetaAlert.

@Override
public boolean addAlertsToMetaAlert(String metaAlertGuid, List<GetRequest> alertRequests) throws IOException {
    Map<Document, Optional<String>> updates = new HashMap<>();
    Document metaAlert = indexDao.getLatest(metaAlertGuid, METAALERT_TYPE);
    if (MetaAlertStatus.ACTIVE.getStatusString().equals(metaAlert.getDocument().get(STATUS_FIELD))) {
        Iterable<Document> alerts = indexDao.getAllLatest(alertRequests);
        boolean metaAlertUpdated = addAlertsToMetaAlert(metaAlert, alerts);
        if (metaAlertUpdated) {
            calculateMetaScores(metaAlert);
            updates.put(metaAlert, Optional.of(index));
            for (Document alert : alerts) {
                if (addMetaAlertToAlert(metaAlert.getGuid(), alert)) {
                    updates.put(alert, Optional.empty());
                }
            }
            indexDaoUpdate(updates);
        }
        return metaAlertUpdated;
    } else {
        throw new IllegalStateException("Adding alerts to an INACTIVE meta alert is not allowed");
    }
}