Example 6 with Document
use of org.apache.metron.indexing.dao.update.Document in project metron by apache.
the class ElasticsearchMetaAlertDao method buildAlertUpdate.
/**
* Builds an update Document for updating the meta alerts list.
* @param alertGuid The GUID of the alert to update
* @param sensorType The sensor type to update
* @param metaAlertField The new metaAlertList to use
* @return The update Document
*/
protected Document buildAlertUpdate(String alertGuid, String sensorType, List<String> metaAlertField, Long timestamp) {
Document alertUpdate;
Map<String, Object> document = new HashMap<>();
document.put(MetaAlertDao.METAALERT_FIELD, metaAlertField);
alertUpdate = new Document(document, alertGuid, sensorType, timestamp);
return alertUpdate;
}
Also used :
Document(org.apache.metron.indexing.dao.update.Document)
Example 7 with Document
use of org.apache.metron.indexing.dao.update.Document in project metron by apache.
the class ElasticsearchMetaAlertDao method updateMetaAlertStatus.
@Override
public boolean updateMetaAlertStatus(String metaAlertGuid, MetaAlertStatus status) throws IOException {
Map<Document, Optional<String>> updates = new HashMap<>();
Document metaAlert = indexDao.getLatest(metaAlertGuid, METAALERT_TYPE);
String currentStatus = (String) metaAlert.getDocument().get(MetaAlertDao.STATUS_FIELD);
boolean metaAlertUpdated = !status.getStatusString().equals(currentStatus);
if (metaAlertUpdated) {
metaAlert.getDocument().put(MetaAlertDao.STATUS_FIELD, status.getStatusString());
updates.put(metaAlert, Optional.of(index));
List<GetRequest> getRequests = new ArrayList<>();
List<Map<String, Object>> currentAlerts = (List<Map<String, Object>>) metaAlert.getDocument().get(MetaAlertDao.ALERT_FIELD);
currentAlerts.stream().forEach(currentAlert -> {
getRequests.add(new GetRequest((String) currentAlert.get(GUID), (String) currentAlert.get(SOURCE_TYPE)));
});
Iterable<Document> alerts = indexDao.getAllLatest(getRequests);
for (Document alert : alerts) {
boolean metaAlertAdded = false;
boolean metaAlertRemoved = false;
// If we're making it active add add the meta alert guid for every alert.
if (MetaAlertStatus.ACTIVE.equals(status)) {
metaAlertAdded = addMetaAlertToAlert(metaAlert.getGuid(), alert);
}
// If we're making it inactive, remove the meta alert guid from every alert.
if (MetaAlertStatus.INACTIVE.equals(status)) {
metaAlertRemoved = removeMetaAlertFromAlert(metaAlert.getGuid(), alert);
}
if (metaAlertAdded || metaAlertRemoved) {
updates.put(alert, Optional.empty());
}
}
}
if (metaAlertUpdated) {
indexDaoUpdate(updates);
}
return metaAlertUpdated;
}
Also used :
Document(org.apache.metron.indexing.dao.update.Document)
GetRequest(org.apache.metron.indexing.dao.search.GetRequest)
Example 8 with Document
use of org.apache.metron.indexing.dao.update.Document in project metron by apache.
the class ElasticsearchMetaAlertDaoTest method testBuildCreateDocumentMultipleAlerts.
@Test
public void testBuildCreateDocumentMultipleAlerts() throws InvalidCreateException, IOException {
ElasticsearchDao esDao = new ElasticsearchDao();
ElasticsearchMetaAlertDao emaDao = new ElasticsearchMetaAlertDao();
emaDao.init(esDao);
List<String> groups = new ArrayList<>();
groups.add("group_one");
groups.add("group_two");
// Build the first response from the multiget
Map<String, Object> alertOne = new HashMap<>();
alertOne.put(Constants.GUID, "alert_one");
alertOne.put(MetaAlertDao.THREAT_FIELD_DEFAULT, 10.0d);
// Build the second response from the multiget
Map<String, Object> alertTwo = new HashMap<>();
alertTwo.put(Constants.GUID, "alert_one");
alertTwo.put(MetaAlertDao.THREAT_FIELD_DEFAULT, 5.0d);
List<Document> alerts = new ArrayList<Document>() {
{
add(new Document(alertOne, "", "", 0L));
add(new Document(alertTwo, "", "", 0L));
}
};
// Actually build the doc
Document actual = emaDao.buildCreateDocument(alerts, groups);
ArrayList<Map<String, Object>> alertList = new ArrayList<>();
alertList.add(alertOne);
alertList.add(alertTwo);
Map<String, Object> actualDocument = actual.getDocument();
assertNotNull(actualDocument.get(Fields.TIMESTAMP.getName()));
assertEquals(alertList, actualDocument.get(MetaAlertDao.ALERT_FIELD));
assertEquals(groups, actualDocument.get(MetaAlertDao.GROUPS_FIELD));
// Don't care about the result, just that it's a UUID. Exception will be thrown if not.
UUID.fromString((String) actualDocument.get(Constants.GUID));
}Example 9 with Document
use of org.apache.metron.indexing.dao.update.Document in project metron by apache.
the class ElasticsearchMetaAlertDaoTest method testBuildCreateDocumentSingleAlert.
@Test
public void testBuildCreateDocumentSingleAlert() throws InvalidCreateException, IOException {
ElasticsearchDao esDao = new ElasticsearchDao();
ElasticsearchMetaAlertDao emaDao = new ElasticsearchMetaAlertDao();
emaDao.init(esDao);
List<String> groups = new ArrayList<>();
groups.add("group_one");
groups.add("group_two");
// Build the first response from the multiget
Map<String, Object> alertOne = new HashMap<>();
alertOne.put(Constants.GUID, "alert_one");
alertOne.put(MetaAlertDao.THREAT_FIELD_DEFAULT, 10.0d);
List<Document> alerts = new ArrayList<Document>() {
{
add(new Document(alertOne, "", "", 0L));
}
};
// Actually build the doc
Document actual = emaDao.buildCreateDocument(alerts, groups);
ArrayList<Map<String, Object>> alertList = new ArrayList<>();
alertList.add(alertOne);
Map<String, Object> actualDocument = actual.getDocument();
assertEquals(MetaAlertStatus.ACTIVE.getStatusString(), actualDocument.get(MetaAlertDao.STATUS_FIELD));
assertEquals(alertList, actualDocument.get(MetaAlertDao.ALERT_FIELD));
assertEquals(groups, actualDocument.get(MetaAlertDao.GROUPS_FIELD));
// Don't care about the result, just that it's a UUID. Exception will be thrown if not.
UUID.fromString((String) actualDocument.get(Constants.GUID));
}Example 10 with Document
use of org.apache.metron.indexing.dao.update.Document in project metron by apache.
the class ElasticsearchMetaAlertIntegrationTest method shouldCreateMetaAlert.
@Test
public void shouldCreateMetaAlert() throws Exception {
// Load alerts
List<Map<String, Object>> alerts = buildAlerts(3);
elasticsearchAdd(alerts, INDEX, SENSOR_NAME);
// Verify load was successful
findCreatedDocs(Arrays.asList(new GetRequest("message_0", SENSOR_NAME), new GetRequest("message_1", SENSOR_NAME), new GetRequest("message_2", SENSOR_NAME)));
{
MetaAlertCreateRequest metaAlertCreateRequest = new MetaAlertCreateRequest() {
{
setAlerts(new ArrayList<GetRequest>() {
{
add(new GetRequest("message_1", SENSOR_NAME));
add(new GetRequest("message_2", SENSOR_NAME, INDEX));
}
});
setGroups(Collections.singletonList("group"));
}
};
MetaAlertCreateResponse metaAlertCreateResponse = metaDao.createMetaAlert(metaAlertCreateRequest);
{
// Verify metaAlert was created
findCreatedDoc(metaAlertCreateResponse.getGuid(), MetaAlertDao.METAALERT_TYPE);
}
{
// Verify alert 0 was not updated with metaalert field
Document alert = metaDao.getLatest("message_0", SENSOR_NAME);
Assert.assertEquals(4, alert.getDocument().size());
Assert.assertNull(alert.getDocument().get(METAALERT_FIELD));
}
{
// Verify alert 1 was properly updated with metaalert field
Document alert = metaDao.getLatest("message_1", SENSOR_NAME);
Assert.assertEquals(5, alert.getDocument().size());
Assert.assertEquals(1, ((List) alert.getDocument().get(METAALERT_FIELD)).size());
Assert.assertEquals(metaAlertCreateResponse.getGuid(), ((List) alert.getDocument().get(METAALERT_FIELD)).get(0));
}
{
// Verify alert 2 was properly updated with metaalert field
Document alert = metaDao.getLatest("message_2", SENSOR_NAME);
Assert.assertEquals(5, alert.getDocument().size());
Assert.assertEquals(1, ((List) alert.getDocument().get(METAALERT_FIELD)).size());
Assert.assertEquals(metaAlertCreateResponse.getGuid(), ((List) alert.getDocument().get(METAALERT_FIELD)).get(0));
}
}
}
Also used :
GetRequest(org.apache.metron.indexing.dao.search.GetRequest)
ArrayList(java.util.ArrayList)
MetaAlertCreateResponse(org.apache.metron.indexing.dao.metaalert.MetaAlertCreateResponse)
MetaAlertCreateRequest(org.apache.metron.indexing.dao.metaalert.MetaAlertCreateRequest)
Document(org.apache.metron.indexing.dao.update.Document)
Map(java.util.Map)
HashMap(java.util.HashMap)
Test(org.junit.Test)
Aggregations
Document (org.apache.metron.indexing.dao.update.Document)31
ArrayList (java.util.ArrayList)13
GetRequest (org.apache.metron.indexing.dao.search.GetRequest)12
Map (java.util.Map)11
HashMap (java.util.HashMap)10
Test (org.junit.Test)10
IOException (java.io.IOException)9
List (java.util.List)6
Optional (java.util.Optional)6
Collectors (java.util.stream.Collectors)5
AccessConfig (org.apache.metron.indexing.dao.AccessConfig)5
IndexDao (org.apache.metron.indexing.dao.IndexDao)5
MetaAlertCreateResponse (org.apache.metron.indexing.dao.metaalert.MetaAlertCreateResponse)4
FieldType (org.apache.metron.indexing.dao.search.FieldType)4
GroupRequest (org.apache.metron.indexing.dao.search.GroupRequest)4
SearchRequest (org.apache.metron.indexing.dao.search.SearchRequest)4
java.util (java.util)3
Constants (org.apache.metron.common.Constants)3
MockHBaseTableProvider (org.apache.metron.hbase.mock.MockHBaseTableProvider)3
MetaAlertCreateRequest (org.apache.metron.indexing.dao.metaalert.MetaAlertCreateRequest)3
