Examples with SearchType org.graylog.plugins.views.search.SearchType used on opensource projects

Search in sources :

Example 16 with SearchType

use of org.graylog.plugins.views.search.SearchType in project graylog2-server by Graylog2.

the class OffsetRangeTest method throwsExceptionIfNoSearchTypeIsReferenced.

@Test
public void throwsExceptionIfNoSearchTypeIsReferenced() throws Exception {
    final OffsetRange offsetRange = constructRange("300", "search_type", null);
    final TimeRange sourceRange = mock(TimeRange.class);
    when(sourceRange.getFrom()).thenReturn(DateTime.parse("2019-11-18T10:00:00.000Z"));
    when(sourceRange.getTo()).thenReturn(DateTime.parse("2019-11-21T12:00:00.000Z"));
    final Query query = mock(Query.class);
    final SearchType searchType = mock(SearchType.class);
    when(searchType.id()).thenReturn("searchTypeId");
    when(searchType.timerange()).thenReturn(Optional.of(DerivedTimeRange.of(sourceRange)));
    when(query.searchTypes()).thenReturn(ImmutableSet.of(searchType));
    when(query.effectiveTimeRange(searchType)).thenReturn(sourceRange);
    assertThatExceptionOfType(RuntimeException.class).isThrownBy(() -> offsetRange.deriveTimeRange(query, searchType)).withMessage("Search type searchTypeId has offset timerange referencing search type but id is missing!");
}
Also used : OffsetRange(org.graylog.plugins.views.search.timeranges.OffsetRange) DerivedTimeRange(org.graylog.plugins.views.search.timeranges.DerivedTimeRange) TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) Query(org.graylog.plugins.views.search.Query) SearchType(org.graylog.plugins.views.search.SearchType) Test(org.junit.Test)

Example 17 with SearchType

use of org.graylog.plugins.views.search.SearchType in project graylog2-server by Graylog2.

the class OffsetRangeTest method queryWithSearchTypeTimeRange.

private Query queryWithSearchTypeTimeRange(TimeRange timerange, String searchTypeId) {
    final Query query = mock(Query.class);
    final SearchType searchType = mock(SearchType.class);
    when(searchType.id()).thenReturn(searchTypeId);
    when(searchType.timerange()).thenReturn(Optional.of(DerivedTimeRange.of(timerange)));
    when(query.searchTypes()).thenReturn(ImmutableSet.of(searchType));
    when(query.effectiveTimeRange(searchType)).thenReturn(timerange);
    return query;
}
Also used : Query(org.graylog.plugins.views.search.Query) SearchType(org.graylog.plugins.views.search.SearchType)

Example 18 with SearchType

use of org.graylog.plugins.views.search.SearchType in project graylog2-server by Graylog2.

the class ElasticsearchBackend method generate.

@Override
public ESGeneratedQueryContext generate(SearchJob job, Query query, SearchConfig searchConfig) {
    final BackendQuery backendQuery = query.query();
    validateQueryTimeRange(query, searchConfig);
    final Set<SearchType> searchTypes = query.searchTypes();
    final String queryString = this.queryStringDecorators.decorate(backendQuery.queryString(), job, query);
    final QueryBuilder normalizedRootQuery = normalizeQueryString(queryString);
    final BoolQueryBuilder boolQuery = QueryBuilders.boolQuery().filter(normalizedRootQuery);
    // add the optional root query filters
    generateFilterClause(query.filter(), job, query).map(boolQuery::filter);
    final SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder().query(boolQuery).from(0).size(0);
    final ESGeneratedQueryContext queryContext = queryContextFactory.create(this, searchSourceBuilder, job, query);
    for (SearchType searchType : searchTypes) {
        final Optional<SearchTypeError> searchTypeError = validateSearchType(query, searchType, searchConfig);
        if (searchTypeError.isPresent()) {
            LOG.error("Invalid search type {} for elasticsearch backend, cannot generate query part. Skipping this search type.", searchType.type());
            queryContext.addError(searchTypeError.get());
            continue;
        }
        final SearchSourceBuilder searchTypeSourceBuilder = queryContext.searchSourceBuilder(searchType);
        final Set<String> effectiveStreamIds = searchType.effectiveStreams().isEmpty() ? query.usedStreamIds() : searchType.effectiveStreams();
        final BoolQueryBuilder searchTypeOverrides = QueryBuilders.boolQuery().must(searchTypeSourceBuilder.query()).must(Objects.requireNonNull(TimeRangeQueryFactory.create(query.effectiveTimeRange(searchType)), "Timerange for search type " + searchType.id() + " cannot be found in query or search type.")).must(QueryBuilders.termsQuery(Message.FIELD_STREAMS, effectiveStreamIds));
        searchType.query().ifPresent(searchTypeBackendQuery -> {
            final String searchTypeQueryString = this.queryStringDecorators.decorate(searchTypeBackendQuery.queryString(), job, query);
            final QueryBuilder normalizedSearchTypeQuery = normalizeQueryString(searchTypeQueryString);
            searchTypeOverrides.must(normalizedSearchTypeQuery);
        });
        searchTypeSourceBuilder.query(searchTypeOverrides);
        final String type = searchType.type();
        final Provider<ESSearchTypeHandler<? extends SearchType>> searchTypeHandler = elasticsearchSearchTypeHandlers.get(type);
        if (searchTypeHandler == null) {
            LOG.error("Unknown search type {} for elasticsearch backend, cannot generate query part. Skipping this search type.", type);
            queryContext.addError(new SearchTypeError(query, searchType.id(), "Unknown search type '" + type + "' for elasticsearch backend, cannot generate query"));
            continue;
        }
        searchTypeHandler.get().generateQueryPart(job, query, searchType, queryContext);
    }
    return queryContext;
}
Also used : SearchTypeError(org.graylog.plugins.views.search.errors.SearchTypeError) QueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilder) BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder) SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder) BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder) ESSearchTypeHandler(org.graylog.storage.elasticsearch6.views.searchtypes.ESSearchTypeHandler) SearchType(org.graylog.plugins.views.search.SearchType) BackendQuery(org.graylog.plugins.views.search.engine.BackendQuery) GlobalOverride(org.graylog.plugins.views.search.GlobalOverride)

Example 19 with SearchType

use of org.graylog.plugins.views.search.SearchType in project graylog2-server by Graylog2.

the class ElasticsearchBackend method doRun.

@Override
public QueryResult doRun(SearchJob job, Query query, ESGeneratedQueryContext queryContext) {
    if (query.searchTypes().isEmpty()) {
        return QueryResult.builder().query(query).searchTypes(Collections.emptyMap()).errors(new HashSet<>(queryContext.errors())).build();
    }
    LOG.debug("Running query {} for job {}", query.id(), job.getId());
    final HashMap<String, SearchType.Result> resultsMap = Maps.newHashMap();
    final Set<String> affectedIndices = indexLookup.indexNamesForStreamsInTimeRange(query.usedStreamIds(), query.timerange());
    final Map<String, SearchSourceBuilder> searchTypeQueries = queryContext.searchTypeQueries();
    final List<String> searchTypeIds = new ArrayList<>(searchTypeQueries.keySet());
    final List<Search> searches = searchTypeIds.stream().map(searchTypeId -> {
        final Set<String> affectedIndicesForSearchType = query.searchTypes().stream().filter(s -> s.id().equalsIgnoreCase(searchTypeId)).findFirst().flatMap(searchType -> {
            if (searchType.effectiveStreams().isEmpty() && !query.globalOverride().flatMap(GlobalOverride::timerange).isPresent() && !searchType.timerange().isPresent()) {
                return Optional.empty();
            }
            final Set<String> usedStreamIds = searchType.effectiveStreams().isEmpty() ? query.usedStreamIds() : searchType.effectiveStreams();
            return Optional.of(indexLookup.indexNamesForStreamsInTimeRange(usedStreamIds, query.effectiveTimeRange(searchType)));
        }).orElse(affectedIndices);
        return new Search.Builder(searchTypeQueries.get(searchTypeId).toString()).addType(IndexMapping.TYPE_MESSAGE).addIndex(affectedIndicesForSearchType.isEmpty() ? Collections.singleton("") : affectedIndicesForSearchType).allowNoIndices(false).ignoreUnavailable(false).build();
    }).collect(Collectors.toList());
    final MultiSearch.Builder multiSearchBuilder = new MultiSearch.Builder(searches);
    final MultiSearchResult result = JestUtils.execute(jestClient, multiSearchBuilder.build(), () -> "Unable to perform search query: ");
    for (SearchType searchType : query.searchTypes()) {
        final String searchTypeId = searchType.id();
        final Provider<ESSearchTypeHandler<? extends SearchType>> handlerProvider = elasticsearchSearchTypeHandlers.get(searchType.type());
        if (handlerProvider == null) {
            LOG.error("Unknown search type '{}', cannot convert query result.", searchType.type());
            // no need to add another error here, as the query generation code will have added the error about the missing handler already
            continue;
        }
        if (isSearchTypeWithError(queryContext, searchTypeId)) {
            LOG.error("Failed search type '{}', cannot convert query result, skipping.", searchType.type());
            // no need to add another error here, as the query generation code will have added the error about the missing handler already
            continue;
        }
        // we create a new instance because some search type handlers might need to track information between generating the query and
        // processing its result, such as aggregations, which depend on the name and type
        final ESSearchTypeHandler<? extends SearchType> handler = handlerProvider.get();
        final int searchTypeIndex = searchTypeIds.indexOf(searchTypeId);
        final MultiSearchResult.MultiSearchResponse multiSearchResponse = result.getResponses().get(searchTypeIndex);
        if (multiSearchResponse.isError) {
            ElasticsearchException e = JestUtils.specificException(() -> "Search type returned error: ", multiSearchResponse.error);
            queryContext.addError(SearchTypeErrorParser.parse(query, searchTypeId, e));
        } else if (checkForFailedShards(multiSearchResponse.searchResult).isPresent()) {
            ElasticsearchException e = checkForFailedShards(multiSearchResponse.searchResult).get();
            queryContext.addError(SearchTypeErrorParser.parse(query, searchTypeId, e));
        } else {
            final SearchType.Result searchTypeResult = handler.extractResult(job, query, searchType, multiSearchResponse.searchResult, queryContext);
            if (searchTypeResult != null) {
                resultsMap.put(searchTypeId, searchTypeResult);
            }
        }
    }
    LOG.debug("Query {} ran for job {}", query.id(), job.getId());
    return QueryResult.builder().query(query).searchTypes(resultsMap).errors(new HashSet<>(queryContext.errors())).build();
}
Also used : AndFilter(org.graylog.plugins.views.search.filter.AndFilter) BackendQuery(org.graylog.plugins.views.search.engine.BackendQuery) QueryBackend(org.graylog.plugins.views.search.engine.QueryBackend) Provider(javax.inject.Provider) LoggerFactory(org.slf4j.LoggerFactory) MultiSearchResult(io.searchbox.core.MultiSearchResult) JestUtils(org.graylog.storage.elasticsearch6.jest.JestUtils) StreamFilter(org.graylog.plugins.views.search.filter.StreamFilter) Map(java.util.Map) IndexMapping(org.graylog2.indexer.IndexMapping) QueryBuilders(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders) TimeRangeQueryFactory(org.graylog.storage.elasticsearch6.TimeRangeQueryFactory) SearchConfig(org.graylog.plugins.views.search.engine.SearchConfig) JestUtils.checkForFailedShards(org.graylog.storage.elasticsearch6.jest.JestUtils.checkForFailedShards) Set(java.util.Set) Collectors(java.util.stream.Collectors) Objects(java.util.Objects) List(java.util.List) Filter(org.graylog.plugins.views.search.Filter) Optional(java.util.Optional) SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder) ESSearchTypeHandler(org.graylog.storage.elasticsearch6.views.searchtypes.ESSearchTypeHandler) Query(org.graylog.plugins.views.search.Query) SearchTypeErrorParser(org.graylog.plugins.views.search.errors.SearchTypeErrorParser) HashMap(java.util.HashMap) ElasticsearchException(org.graylog2.indexer.ElasticsearchException) ArrayList(java.util.ArrayList) JestClient(io.searchbox.client.JestClient) GlobalOverride(org.graylog.plugins.views.search.GlobalOverride) Inject(javax.inject.Inject) HashSet(java.util.HashSet) OrFilter(org.graylog.plugins.views.search.filter.OrFilter) SearchType(org.graylog.plugins.views.search.SearchType) QueryStringFilter(org.graylog.plugins.views.search.filter.QueryStringFilter) SearchTypeError(org.graylog.plugins.views.search.errors.SearchTypeError) QueryResult(org.graylog.plugins.views.search.QueryResult) QueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilder) MultiSearch(io.searchbox.core.MultiSearch) SearchJob(org.graylog.plugins.views.search.SearchJob) Logger(org.slf4j.Logger) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Search(io.searchbox.core.Search) Maps(com.google.common.collect.Maps) QueryStringDecorators(org.graylog.plugins.views.search.elasticsearch.QueryStringDecorators) Named(com.google.inject.name.Named) BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder) IndexLookup(org.graylog.plugins.views.search.elasticsearch.IndexLookup) Message(org.graylog2.plugin.Message) Collections(java.util.Collections) Set(java.util.Set) HashSet(java.util.HashSet) SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder) QueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilder) BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder) ArrayList(java.util.ArrayList) ElasticsearchException(org.graylog2.indexer.ElasticsearchException) MultiSearchResult(io.searchbox.core.MultiSearchResult) QueryResult(org.graylog.plugins.views.search.QueryResult) SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder) MultiSearch(io.searchbox.core.MultiSearch) Search(io.searchbox.core.Search) SearchType(org.graylog.plugins.views.search.SearchType) HashSet(java.util.HashSet) MultiSearchResult(io.searchbox.core.MultiSearchResult) MultiSearch(io.searchbox.core.MultiSearch) GlobalOverride(org.graylog.plugins.views.search.GlobalOverride) ESSearchTypeHandler(org.graylog.storage.elasticsearch6.views.searchtypes.ESSearchTypeHandler) GlobalOverride(org.graylog.plugins.views.search.GlobalOverride)

Example 20 with SearchType

use of org.graylog.plugins.views.search.SearchType in project graylog2-server by Graylog2.

the class ESMessageList method doExtractResult.

@Override
public SearchType.Result doExtractResult(SearchJob job, Query query, MessageList searchType, SearchResult result, MetricAggregation aggregations, ESGeneratedQueryContext queryContext) {
    // noinspection unchecked
    final List<ResultMessageSummary> messages = result.getHits(Map.class, false).stream().map(hit -> ResultMessage.parseFromSource(hit.id, hit.index, (Map<String, Object>) hit.source, hit.highlight)).map((resultMessage) -> ResultMessageSummary.create(resultMessage.highlightRanges, resultMessage.getMessage().getFields(), resultMessage.getIndex())).collect(Collectors.toList());
    final String undecoratedQueryString = query.query().queryString();
    final String queryString = this.esQueryDecorators.decorate(undecoratedQueryString, job, query);
    final DateTime from = query.effectiveTimeRange(searchType).getFrom();
    final DateTime to = query.effectiveTimeRange(searchType).getTo();
    final SearchResponse searchResponse = SearchResponse.create(undecoratedQueryString, queryString, Collections.emptySet(), messages, Collections.emptySet(), 0, result.getTotal(), from, to);
    final SearchResponse decoratedSearchResponse = decoratorProcessor.decorateSearchResponse(searchResponse, searchType.decorators());
    final MessageList.Result.Builder resultBuilder = MessageList.Result.result(searchType.id()).messages(decoratedSearchResponse.messages()).effectiveTimerange(AbsoluteRange.create(from, to)).totalResults(decoratedSearchResponse.totalResults());
    return searchType.name().map(resultBuilder::name).orElse(resultBuilder).build();
}
Also used : ESGeneratedQueryContext(org.graylog.storage.elasticsearch6.views.ESGeneratedQueryContext) Query(org.graylog.plugins.views.search.Query) SearchResponse(org.graylog2.rest.resources.search.responses.SearchResponse) FieldSortBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.sort.FieldSortBuilder) SortOrder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.sort.SortOrder) ResultMessageSummary(org.graylog2.rest.models.messages.responses.ResultMessageSummary) Inject(javax.inject.Inject) SortBuilders(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.sort.SortBuilders) ResultMessage(org.graylog2.indexer.results.ResultMessage) SearchType(org.graylog.plugins.views.search.SearchType) Sort(org.graylog.plugins.views.search.searchtypes.Sort) Map(java.util.Map) AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange) MessageList(org.graylog.plugins.views.search.searchtypes.MessageList) LegacyDecoratorProcessor(org.graylog.plugins.views.search.LegacyDecoratorProcessor) QueryBuilders(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders) HighlightBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.fetch.subphase.highlight.HighlightBuilder) SearchJob(org.graylog.plugins.views.search.SearchJob) DateTime(org.joda.time.DateTime) QueryStringQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryStringQueryBuilder) Set(java.util.Set) Collectors(java.util.stream.Collectors) List(java.util.List) QueryStringDecorators(org.graylog.plugins.views.search.elasticsearch.QueryStringDecorators) MetricAggregation(io.searchbox.core.search.aggregation.MetricAggregation) Optional(java.util.Optional) Named(com.google.inject.name.Named) MoreObjects.firstNonNull(com.google.common.base.MoreObjects.firstNonNull) VisibleForTesting(com.google.common.annotations.VisibleForTesting) Message(org.graylog2.plugin.Message) Collections(java.util.Collections) SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder) SearchResult(io.searchbox.core.SearchResult) Map(java.util.Map) DateTime(org.joda.time.DateTime) ResultMessageSummary(org.graylog2.rest.models.messages.responses.ResultMessageSummary) SearchResponse(org.graylog2.rest.resources.search.responses.SearchResponse) SearchResult(io.searchbox.core.SearchResult)

Aggregations

SearchType (org.graylog.plugins.views.search.SearchType)25 Query (org.graylog.plugins.views.search.Query)16 SearchJob (org.graylog.plugins.views.search.SearchJob)13 Set (java.util.Set)8 Collectors (java.util.stream.Collectors)8 QueryStringDecorators (org.graylog.plugins.views.search.elasticsearch.QueryStringDecorators)8 Collections (java.util.Collections)7 Map (java.util.Map)7 QueryResult (org.graylog.plugins.views.search.QueryResult)7 Test (org.junit.Test)7 Inject (javax.inject.Inject)6 IndexLookup (org.graylog.plugins.views.search.elasticsearch.IndexLookup)6 List (java.util.List)5 Search (org.graylog.plugins.views.search.Search)5 ElasticsearchQueryString (org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)5 MessageList (org.graylog.plugins.views.search.searchtypes.MessageList)5 ImmutableSet (com.google.common.collect.ImmutableSet)4 Maps (com.google.common.collect.Maps)4 Named (com.google.inject.name.Named)4 Optional (java.util.Optional)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial