Examples with PivotResult org.graylog.plugins.views.search.searchtypes.pivot.PivotResult used on opensource projects

Example 6 with PivotResult

use of org.graylog.plugins.views.search.searchtypes.pivot.PivotResult in project graylog2-server by Graylog2.

the class ESPivotTest method searchResultForAllMessagesIncludesTimerangeOfDocuments.

@Test
public void searchResultForAllMessagesIncludesTimerangeOfDocuments() throws InvalidRangeParametersException {
    DateTimeUtils.setCurrentMillisFixed(1578584665408L);
    final long documentCount = 424242;
    when(queryResult.getTotal()).thenReturn(documentCount);
    final MetricAggregation mockMetricAggregation = createTimestampRangeAggregations((double) new Date(1547303022000L).getTime(), (double) new Date(1578040943000L).getTime());
    when(queryResult.getAggregations()).thenReturn(mockMetricAggregation);
    when(query.effectiveTimeRange(pivot)).thenReturn(RelativeRange.create(0));
    final SearchType.Result result = this.esPivot.doExtractResult(job, query, pivot, queryResult, aggregations, queryContext);
    final PivotResult pivotResult = (PivotResult) result;
    assertThat(pivotResult.effectiveTimerange()).isEqualTo(AbsoluteRange.create(DateTime.parse("2019-01-12T14:23:42.000Z"), DateTime.parse("2020-01-03T08:42:23.000Z")));
    DateTimeUtils.setCurrentMillisSystem();
}

Example 7 with PivotResult

use of org.graylog.plugins.views.search.searchtypes.pivot.PivotResult in project graylog2-server by Graylog2.

the class ESPivotTest method searchResultIncludesTimerangeOfPivot.

@Test
public void searchResultIncludesTimerangeOfPivot() throws InvalidRangeParametersException {
    DateTimeUtils.setCurrentMillisFixed(1578584665408L);
    final long documentCount = 424242;
    when(queryResult.getTotal()).thenReturn(documentCount);
    final MetricAggregation mockMetricAggregation = createTimestampRangeAggregations((double) new Date().getTime(), (double) new Date().getTime());
    when(queryResult.getAggregations()).thenReturn(mockMetricAggregation);
    when(query.effectiveTimeRange(pivot)).thenReturn(RelativeRange.create(300));
    final SearchType.Result result = this.esPivot.doExtractResult(job, query, pivot, queryResult, aggregations, queryContext);
    final PivotResult pivotResult = (PivotResult) result;
    assertThat(pivotResult.effectiveTimerange()).isEqualTo(AbsoluteRange.create(DateTime.parse("2020-01-09T15:39:25.408Z"), DateTime.parse("2020-01-09T15:44:25.408Z")));
}

Example 8 with PivotResult

use of org.graylog.plugins.views.search.searchtypes.pivot.PivotResult in project graylog2-server by Graylog2.

the class QueryBackend method effectiveTimeRangeForResult.

default AbsoluteRange effectiveTimeRangeForResult(Query query, QueryResult queryResult) {
    final TimeRange effectiveTimeRange = query.globalOverride().flatMap(GlobalOverride::timerange).orElse(query.timerange());
    if (isAllMessages(effectiveTimeRange)) {
        final Optional<AbsoluteRange> effectiveRange = queryResult.searchTypes().values().stream().filter(result -> result instanceof PivotResult).map(result -> ((PivotResult) result).effectiveTimerange()).reduce((prev, next) -> {
            final DateTime from = prev.from().compareTo(next.from()) < 0 ? prev.from() : next.from();
            final DateTime to = prev.to().compareTo(next.to()) < 0 ? next.to() : prev.to();
            return AbsoluteRange.create(from, to);
        });
        if (effectiveRange.isPresent()) {
            return effectiveRange.get();
        }
    }
    return AbsoluteRange.create(effectiveTimeRange.getFrom(), effectiveTimeRange.getTo());
}

Example 9 with PivotResult

use of org.graylog.plugins.views.search.searchtypes.pivot.PivotResult in project graylog2-server by Graylog2.

the class PivotAggregationSearch method extractValues.

@VisibleForTesting
ImmutableList<AggregationKeyResult> extractValues(PivotResult pivotResult) throws EventProcessorException {
    final ImmutableList.Builder<AggregationKeyResult> results = ImmutableList.builder();
    // }
    for (final PivotResult.Row row : pivotResult.rows()) {
        if (!"leaf".equals(row.source())) {
            // "non-leaf" values can show up when the "rollup" feature is enabled in the pivot search type
            continue;
        }
        // Safety guard against programming errors
        if (row.key().size() == 0 || isNullOrEmpty(row.key().get(0))) {
            throw new EventProcessorException("Invalid row key! Expected at least the date range timestamp value: " + row.key().toString(), true, eventDefinition);
        }
        // We always wrap aggregations in date range buckets so we can run aggregations for multiple ranges at once.
        // The timestamp value of the date range bucket will be part of the result.
        final String timeKey = row.key().get(0);
        final ImmutableList<String> groupKey;
        if (row.key().size() > 1) {
            // The date range bucket value must not be exposed to consumers as part of the key so they
            // don't have to unwrap the key all the time.
            groupKey = row.key().subList(1, row.key().size());
        } else {
            groupKey = ImmutableList.of();
        }
        final ImmutableList.Builder<AggregationSeriesValue> values = ImmutableList.builder();
        for (final PivotResult.Value value : row.values()) {
            if (!"row-leaf".equals(value.source())) {
                // "row-inner" values can show up when the "rollup" feature is enabled in the pivot search type
                continue;
            }
            for (final AggregationSeries series : config.series()) {
                if (!value.key().isEmpty() && value.key().get(0).equals(metricName(series))) {
                    // Some Elasticsearch aggregations can return a "null" value. (e.g. avg on a non-existent field)
                    // We are using NaN in that case to make sure our conditions will work.
                    final Object maybeNumberValue = firstNonNull(value.value(), Double.NaN);
                    if (maybeNumberValue instanceof Number) {
                        final double numberValue = ((Number) maybeNumberValue).doubleValue();
                        final AggregationSeriesValue seriesValue = AggregationSeriesValue.builder().key(groupKey).value(numberValue).series(series).build();
                        values.add(seriesValue);
                    } else {
                        // Should not happen
                        throw new IllegalStateException("Got unexpected non-number value for " + series.toString() + " " + row.toString() + " " + value.toString());
                    }
                }
            }
        }
        results.add(AggregationKeyResult.builder().key(groupKey).timestamp(DateTime.parse(timeKey).withZone(DateTimeZone.UTC)).seriesValues(values.build()).build());
    }
    return results.build();
}

Example 10 with PivotResult

use of org.graylog.plugins.views.search.searchtypes.pivot.PivotResult in project graylog2-server by Graylog2.

the class PivotAggregationSearchTest method testExtractValuesWithGroupBy.

@Test
public void testExtractValuesWithGroupBy() throws Exception {
    final AbsoluteRange timerange = AbsoluteRange.create(DateTime.now(DateTimeZone.UTC).minusSeconds(3600), DateTime.now(DateTimeZone.UTC));
    final AggregationSeries seriesCount = AggregationSeries.create("abc123", AggregationFunction.COUNT, "source");
    final AggregationSeries seriesCard = AggregationSeries.create("abc123", AggregationFunction.CARD, "source");
    final AggregationEventProcessorConfig config = AggregationEventProcessorConfig.builder().query("").streams(Collections.emptySet()).groupBy(Collections.emptyList()).series(ImmutableList.of(seriesCount, seriesCard)).conditions(null).searchWithinMs(30000).executeEveryMs(30000).build();
    final AggregationEventProcessorParameters parameters = AggregationEventProcessorParameters.builder().streams(Collections.emptySet()).timerange(timerange).batchSize(500).build();
    final PivotAggregationSearch pivotAggregationSearch = new PivotAggregationSearch(config, parameters, "test", eventDefinition, searchJobService, queryEngine, EventsConfigurationTestProvider.create(), moreSearch, permittedStreams);
    final String toString = timerange.getTo().toString();
    final PivotResult pivotResult = PivotResult.builder().id("test").effectiveTimerange(timerange).total(1).addRow(PivotResult.Row.builder().key(ImmutableList.of(toString, "a", "b")).addValue(PivotResult.Value.create(ImmutableList.of("metric/count/source/abc123"), 42, true, "row-leaf")).addValue(PivotResult.Value.create(ImmutableList.of("metric/card/source/abc123"), 1, true, "row-leaf")).source("leaf").build()).addRow(PivotResult.Row.builder().key(ImmutableList.of(toString, "a")).addValue(PivotResult.Value.create(ImmutableList.of("metric/count/source/abc123"), 84, true, "row-inner")).addValue(PivotResult.Value.create(ImmutableList.of("metric/card/source/abc123"), 1, true, "row-inner")).source("non-leaf").build()).addRow(PivotResult.Row.builder().key(ImmutableList.of(toString, "a", "c")).addValue(PivotResult.Value.create(ImmutableList.of("metric/count/source/abc123"), 42, true, "row-leaf")).addValue(PivotResult.Value.create(ImmutableList.of("metric/card/source/abc123"), 1, true, "row-leaf")).source("leaf").build()).build();
    final ImmutableList<AggregationKeyResult> results = pivotAggregationSearch.extractValues(pivotResult);
    assertThat(results.size()).isEqualTo(2);
    assertThat(results.get(0)).isEqualTo(AggregationKeyResult.builder().timestamp(timerange.getTo()).key(ImmutableList.of("a", "b")).seriesValues(ImmutableList.of(AggregationSeriesValue.builder().key(ImmutableList.of("a", "b")).value(42.0).series(seriesCount).build(), AggregationSeriesValue.builder().key(ImmutableList.of("a", "b")).value(1.0).series(seriesCard).build())).build());
    assertThat(results.get(1)).isEqualTo(AggregationKeyResult.builder().timestamp(timerange.getTo()).key(ImmutableList.of("a", "c")).seriesValues(ImmutableList.of(AggregationSeriesValue.builder().key(ImmutableList.of("a", "c")).value(42.0).series(seriesCount).build(), AggregationSeriesValue.builder().key(ImmutableList.of("a", "c")).value(1.0).series(seriesCard).build())).build());
}