Examples with DateRangeBucket org.graylog.plugins.views.search.searchtypes.pivot.buckets.DateRangeBucket used on opensource projects

Example 1 with DateRangeBucket

use of org.graylog.plugins.views.search.searchtypes.pivot.buckets.DateRangeBucket in project graylog2-server by Graylog2.

the class PivotAggregationSearch method getAggregationQuery.

/**
 * Returns the query to compute the aggregation.
 *
 * @param parameters processor parameters
 * @param searchWithinMs processor search within period. Used to build the date range buckets
 * @param executeEveryMs
 * @return aggregation query
 */
private Query getAggregationQuery(AggregationEventProcessorParameters parameters, long searchWithinMs, long executeEveryMs) {
    final Pivot.Builder pivotBuilder = Pivot.builder().id(PIVOT_ID).rollup(true);
    final ImmutableList<SeriesSpec> series = config.series().stream().map(entry -> entry.function().toSeriesSpec(metricName(entry), entry.field().orElse(null))).collect(ImmutableList.toImmutableList());
    if (!series.isEmpty()) {
        pivotBuilder.series(series);
    }
    // Wrap every aggregation with date range buckets of the searchWithin time range.
    // If the aggregation is configured to be using a sliding window (searchWithin > executeEveryMs)
    // the time ranges will overlap.
    // This allows us to run aggregations over larger time ranges than the searchWithin time.
    // The results will be received in time buckets of the searchWithin time size.
    final DateRangeBucket dateRangeBucket = buildDateRangeBuckets(parameters.timerange(), searchWithinMs, executeEveryMs);
    final List<BucketSpec> groupBy = new ArrayList<>();
    // The first bucket must be the date range!
    groupBy.add(dateRangeBucket);
    if (!config.groupBy().isEmpty()) {
        // Then we add the configured groups
        groupBy.addAll(config.groupBy().stream().map(field -> Values.builder().limit(Integer.MAX_VALUE).field(field).build()).collect(Collectors.toList()));
    }
    // We always have row groups because of the date range buckets
    pivotBuilder.rowGroups(groupBy);
    final Set<SearchType> searchTypes = Collections.singleton(pivotBuilder.build());
    final Query.Builder queryBuilder = Query.builder().id(QUERY_ID).searchTypes(searchTypes).query(ElasticsearchQueryString.of(config.query())).timerange(parameters.timerange());
    final Set<String> streams = getStreams(parameters);
    if (!streams.isEmpty()) {
        queryBuilder.filter(filteringForStreamIds(streams));
    }
    return queryBuilder.build();
}

Example 2 with DateRangeBucket

use of org.graylog.plugins.views.search.searchtypes.pivot.buckets.DateRangeBucket in project graylog2-server by Graylog2.

the class PivotAggregationSearchTest method testDateRangeBucketWithCatchUpTumblingWindows.

@Test
public void testDateRangeBucketWithCatchUpTumblingWindows() {
    final long processingWindowSize = Duration.standardSeconds(60).getMillis();
    final long processingHopSize = Duration.standardSeconds(60).getMillis();
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final DateTime from = now;
    // We are 3 full processingWindows behind
    final DateTime to = now.plusMillis((int) processingWindowSize * 3);
    TimeRange timeRange = AbsoluteRange.create(from, to);
    final DateRangeBucket rangeBucket = PivotAggregationSearch.buildDateRangeBuckets(timeRange, processingWindowSize, processingHopSize);
    assertThat(rangeBucket.ranges()).containsExactly(DateRange.create(from.plusMillis((int) (processingWindowSize * 0)), from.plusMillis((int) (processingWindowSize * 1))), DateRange.create(from.plusMillis((int) (processingWindowSize * 1)), from.plusMillis((int) (processingWindowSize * 2))), DateRange.create(from.plusMillis((int) (processingWindowSize * 2)), from.plusMillis((int) (processingWindowSize * 3))));
}

Example 3 with DateRangeBucket

use of org.graylog.plugins.views.search.searchtypes.pivot.buckets.DateRangeBucket in project graylog2-server by Graylog2.

the class PivotAggregationSearchTest method testDateRangeBucketWithOneTumblingWindow.

@Test
public void testDateRangeBucketWithOneTumblingWindow() {
    final long processingWindowSize = Duration.standardSeconds(60).getMillis();
    final long processingHopSize = Duration.standardSeconds(60).getMillis();
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final DateTime from = now;
    final DateTime to = now.plusMillis((int) processingWindowSize);
    TimeRange timeRange = AbsoluteRange.create(from, to);
    final DateRangeBucket rangeBucket = PivotAggregationSearch.buildDateRangeBuckets(timeRange, processingWindowSize, processingHopSize);
    assertThat(rangeBucket.ranges()).containsExactly(DateRange.create(from, to));
}

Example 4 with DateRangeBucket

use of org.graylog.plugins.views.search.searchtypes.pivot.buckets.DateRangeBucket in project graylog2-server by Graylog2.

the class PivotAggregationSearchTest method testDateRangeBucketWithCatchUpSlidingWindows.

@Test
public void testDateRangeBucketWithCatchUpSlidingWindows() {
    final int processingWindowSizeSec = 120;
    final int processingHopSizeSec = 60;
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final DateTime from = now;
    // We are 3 full processingWindows behind
    final DateTime to = now.plusSeconds(processingWindowSizeSec * 3);
    TimeRange timeRange = AbsoluteRange.create(from, to);
    final DateRangeBucket rangeBucket = PivotAggregationSearch.buildDateRangeBuckets(timeRange, processingWindowSizeSec * 1000, processingHopSizeSec * 1000);
    assertThat(rangeBucket.ranges()).containsExactly(DateRange.create(from.plusSeconds(processingHopSizeSec * 0), from.plusSeconds(processingWindowSizeSec)), DateRange.create(from.plusSeconds(processingHopSizeSec * 1), from.plusSeconds(processingHopSizeSec * 1).plusSeconds(processingWindowSizeSec)), DateRange.create(from.plusSeconds(processingHopSizeSec * 2), from.plusSeconds(processingHopSizeSec * 2).plusSeconds(processingWindowSizeSec)), DateRange.create(from.plusSeconds(processingHopSizeSec * 3), from.plusSeconds(processingHopSizeSec * 3).plusSeconds(processingWindowSizeSec)), DateRange.create(from.plusSeconds(processingHopSizeSec * 4), to));
}

Example 5 with DateRangeBucket

use of org.graylog.plugins.views.search.searchtypes.pivot.buckets.DateRangeBucket in project graylog2-server by Graylog2.

the class PivotAggregationSearchTest method testDateRangeBucketWithSlidingWindow.

@Test
public void testDateRangeBucketWithSlidingWindow() {
    final long processingWindowSize = Duration.standardSeconds(3600).getMillis();
    final long processingHopSize = Duration.standardSeconds(60).getMillis();
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final DateTime from = now;
    final DateTime to = now.plusMillis((int) processingWindowSize);
    TimeRange timeRange = AbsoluteRange.create(from, to);
    final DateRangeBucket rangeBucket = PivotAggregationSearch.buildDateRangeBuckets(timeRange, processingWindowSize, processingHopSize);
    assertThat(rangeBucket.ranges()).containsExactly(DateRange.create(from, to));
}