Examples with AggregationBuilder org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilder used on opensource projects

Search in sources :

Example 6 with AggregationBuilder

use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilder in project pancm_project by xuwujing.

the class EsAggregationSearchTest method sumSearch.

private static void sumSearch() throws IOException {
    String buk = "t_grade";
    AggregationBuilder aggregation = AggregationBuilders.sum(buk).field("grade");
    logger.info("求班级的总分数:");
    agg(aggregation, buk);
}
Also used : AggregationBuilder(org.elasticsearch.search.aggregations.AggregationBuilder) CardinalityAggregationBuilder(org.elasticsearch.search.aggregations.metrics.cardinality.CardinalityAggregationBuilder) TermsAggregationBuilder(org.elasticsearch.search.aggregations.bucket.terms.TermsAggregationBuilder) BucketSelectorPipelineAggregationBuilder(org.elasticsearch.search.aggregations.pipeline.bucketselector.BucketSelectorPipelineAggregationBuilder)

Example 7 with AggregationBuilder

use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilder in project pancm_project by xuwujing.

the class EsAggregationSearchTest method distinctSearch.

/**
 * @Author pancm
 * @Description 去重
 * @Date  2020/8/26
 * @Param []
 * @return void
 */
private static void distinctSearch() throws IOException {
    String buk = "group";
    String distinctName = "name";
    AggregationBuilder aggregation = AggregationBuilders.terms("age").field("age");
    CardinalityAggregationBuilder cardinalityBuilder = AggregationBuilders.cardinality(distinctName).field(distinctName);
    // 根据创建时间按天分组
    // AggregationBuilder aggregation3 = AggregationBuilders.dateHistogram("createtm")
    // .field("createtm")
    // .format("yyyy-MM-dd")
    // .dateHistogramInterval(DateHistogramInterval.DAY);
    // 
    // aggregation2.subAggregation(aggregation3);
    aggregation.subAggregation(cardinalityBuilder);
    agg(aggregation, buk);
}
Also used : AggregationBuilder(org.elasticsearch.search.aggregations.AggregationBuilder) CardinalityAggregationBuilder(org.elasticsearch.search.aggregations.metrics.cardinality.CardinalityAggregationBuilder) TermsAggregationBuilder(org.elasticsearch.search.aggregations.bucket.terms.TermsAggregationBuilder) BucketSelectorPipelineAggregationBuilder(org.elasticsearch.search.aggregations.pipeline.bucketselector.BucketSelectorPipelineAggregationBuilder) CardinalityAggregationBuilder(org.elasticsearch.search.aggregations.metrics.cardinality.CardinalityAggregationBuilder)

Example 8 with AggregationBuilder

use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilder in project pancm_project by xuwujing.

the class EsAggregationSearchTest method maxSearch.

private static void maxSearch() throws IOException {
    String buk = "t_grade";
    AggregationBuilder aggregation = AggregationBuilders.max(buk).field("grade");
    logger.info("求班级的最高分数:");
    agg(aggregation, buk);
}
Also used : AggregationBuilder(org.elasticsearch.search.aggregations.AggregationBuilder) CardinalityAggregationBuilder(org.elasticsearch.search.aggregations.metrics.cardinality.CardinalityAggregationBuilder) TermsAggregationBuilder(org.elasticsearch.search.aggregations.bucket.terms.TermsAggregationBuilder) BucketSelectorPipelineAggregationBuilder(org.elasticsearch.search.aggregations.pipeline.bucketselector.BucketSelectorPipelineAggregationBuilder)

Example 9 with AggregationBuilder

use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilder in project uavstack by uavorg.

the class ThreadAnalysisQueryHandler method queryDistinct.

/**
 * 官网上的 【Top Hits Aggregation】 JAVA API 运行报错,
 *
 * @see https://www.elastic.co/guide/en/elasticsearch/client/java-api/current/_metrics_aggregations.html
 *
 *      <pre>
 *
 * {@code
 * AggregationBuilder aggregation =
 *        AggregationBuilders
 *            .terms("agg").field("gender")
 *            .subAggregation(
 *                    AggregationBuilders.topHits("top")
 *                        .explain(true)
 *                        .size(1)
 *                        .from(10)
 *            );
 * }
 *      </pre>
 *
 *      Caused by: java.lang.IllegalArgumentException: An SPI class of type org.apache.lucene.codecs.PostingsFormat
 *      with name 'Lucene50' does not exist. You need to add the corresponding JAR file supporting this SPI to your
 *      classpath. The current classpath supports the following names: [completion, completion090]
 *      <p>
 *      以下满足张真要求的ES的查询可以工作,但找不到对应的JAVA API(原因在上)??!!!
 *
 *      <pre>
 *
 * {@code
 * {
 *    "aggs": {
 *        "time": {
 *            "terms": {
 *                "field": "time",
 *                "order":{"_term":"desc"},
 *                "size": 1000
 *            },
 *            "aggs": {
 *                "example": {
 *                    "top_hits": {
 *                        "sort": [
 *                            {
 *                                "percpu": {
 *                                    "order": "desc"
 *                                }
 *                            }
 *                        ],
 *                        "size": 1
 *                    }
 *                }
 *            }
 *        }
 *    },
 *    "from": 0,
 *    "size": 0
 *
 *    }
 * }
 *      </pre>
 *
 * @param data
 */
private void queryDistinct(UAVHttpMessage data) {
    try {
        String ipport = data.getRequest("ipport");
        // TODO ES aggregation 默认最多查10条, 这里暂时改到1000,待refine
        AggregationBuilder agg = AggregationBuilders.terms("unique_time").field("time").size(1000).order(Terms.Order.term(false)).subAggregation(AggregationBuilders.terms("unique_user").field("user").size(1000));
        String date = data.getRequest("indexdate");
        String currentIndex;
        if (date != null) {
            // 指定index
            currentIndex = this.indexMgr.getIndexByDate(date);
        } else {
            // current index
            currentIndex = this.indexMgr.getCurrentIndex();
        }
        SearchResponse sResponse = client.getClient().prepareSearch(currentIndex).setTypes(ThreadAnalysisIndexMgr.JTA_TABLE).setQuery(QueryBuilders.boolQuery().must(QueryBuilders.termQuery("ipport", ipport))).setSize(0).addAggregation(agg).execute().actionGet();
        // sr is here your SearchResponse object
        Terms aggs = sResponse.getAggregations().get("unique_time");
        List<Map<String, Object>> records = new ArrayList<Map<String, Object>>();
        // For each entry
        for (Terms.Bucket entry : aggs.getBuckets()) {
            // bucket key
            String key = entry.getKey().toString();
            // Doc count
            long docCount = entry.getDocCount();
            Map<String, Object> record = new HashMap<String, Object>();
            record.put("time", key);
            record.put("threadcount", docCount);
            Terms userAggs = entry.getAggregations().get("unique_user");
            List<Terms.Bucket> users = userAggs.getBuckets();
            if (!users.isEmpty()) {
                record.put("user", users.get(0).getKey().toString());
            }
            records.add(record);
        }
        data.putResponse("rs", JSONHelper.toString(records));
        // 返回总的条数
        data.putResponse("count", aggs.getBuckets().size() + "");
    } catch (Exception e) {
        if (e.getMessage().indexOf("no such index") >= 0) {
            data.putResponse("rs", "NO_INDEX");
        } else {
            data.putResponse("rs", "ERR");
            log.err(this, "query distinct FAILED. " + JSONHelper.toString(data), e);
        }
    }
}
Also used : AggregationBuilder(org.elasticsearch.search.aggregations.AggregationBuilder) HashMap(java.util.HashMap) Terms(org.elasticsearch.search.aggregations.bucket.terms.Terms) ArrayList(java.util.ArrayList) SearchResponse(org.elasticsearch.action.search.SearchResponse) ThreadObject(com.creditease.uav.threadanalysis.server.da.ThreadObject) HashMap(java.util.HashMap) Map(java.util.Map)

Example 10 with AggregationBuilder

use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilder in project incubator-sdap-mudrod by apache.

the class CrawlerDetection method checkByRate.

private int checkByRate(ESDriver es, String user) {
    int rate = Integer.parseInt(props.getProperty(MudrodConstants.REQUEST_RATE));
    Pattern pattern = Pattern.compile("get (.*?) http/*");
    Matcher matcher;
    BoolQueryBuilder filterSearch = new BoolQueryBuilder();
    filterSearch.must(QueryBuilders.termQuery("IP", user));
    AggregationBuilder aggregation = AggregationBuilders.dateHistogram("by_minute").field("Time").dateHistogramInterval(DateHistogramInterval.MINUTE).order(Order.COUNT_DESC);
    SearchResponse checkRobot = es.getClient().prepareSearch(logIndex).setTypes(httpType, ftpType).setQuery(filterSearch).setSize(0).addAggregation(aggregation).execute().actionGet();
    Histogram agg = checkRobot.getAggregations().get("by_minute");
    List<? extends Histogram.Bucket> botList = agg.getBuckets();
    long maxCount = botList.get(0).getDocCount();
    if (maxCount >= rate) {
        return 0;
    } else {
        DateTime dt1 = null;
        int toLast = 0;
        SearchResponse scrollResp = es.getClient().prepareSearch(logIndex).setTypes(httpType, ftpType).setScroll(new TimeValue(60000)).setQuery(filterSearch).setSize(100).execute().actionGet();
        while (true) {
            for (SearchHit hit : scrollResp.getHits().getHits()) {
                Map<String, Object> result = hit.getSource();
                String logtype = (String) result.get("LogType");
                if (logtype.equals(MudrodConstants.HTTP_LOG)) {
                    String request = (String) result.get("Request");
                    matcher = pattern.matcher(request.trim().toLowerCase());
                    boolean find = false;
                    while (matcher.find()) {
                        request = matcher.group(1);
                        result.put("RequestUrl", props.getProperty(MudrodConstants.BASE_URL) + request);
                        find = true;
                    }
                    if (!find) {
                        result.put("RequestUrl", request);
                    }
                } else {
                    result.put("RequestUrl", result.get("Request"));
                }
                DateTimeFormatter fmt = ISODateTimeFormat.dateTime();
                DateTime dt2 = fmt.parseDateTime((String) result.get("Time"));
                if (dt1 == null) {
                    toLast = 0;
                } else {
                    toLast = Math.abs(Seconds.secondsBetween(dt1, dt2).getSeconds());
                }
                result.put("ToLast", toLast);
                IndexRequest ir = new IndexRequest(logIndex, cleanupType).source(result);
                es.getBulkProcessor().add(ir);
                dt1 = dt2;
            }
            scrollResp = es.getClient().prepareSearchScroll(scrollResp.getScrollId()).setScroll(new TimeValue(600000)).execute().actionGet();
            if (scrollResp.getHits().getHits().length == 0) {
                break;
            }
        }
    }
    return 1;
}
Also used : Pattern(java.util.regex.Pattern) Histogram(org.elasticsearch.search.aggregations.bucket.histogram.Histogram) AggregationBuilder(org.elasticsearch.search.aggregations.AggregationBuilder) SearchHit(org.elasticsearch.search.SearchHit) Matcher(java.util.regex.Matcher) IndexRequest(org.elasticsearch.action.index.IndexRequest) DateTime(org.joda.time.DateTime) SearchResponse(org.elasticsearch.action.search.SearchResponse) BoolQueryBuilder(org.elasticsearch.index.query.BoolQueryBuilder) DateTimeFormatter(org.joda.time.format.DateTimeFormatter) TimeValue(org.elasticsearch.common.unit.TimeValue)

Aggregations

AggregationBuilder (org.elasticsearch.search.aggregations.AggregationBuilder)39 TermsAggregationBuilder (org.elasticsearch.search.aggregations.bucket.terms.TermsAggregationBuilder)28 Nonnull (javax.annotation.Nonnull)14 FilterAggregationBuilder (org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)13 BoolQueryBuilder (org.elasticsearch.index.query.BoolQueryBuilder)10 AbstractAggregationBuilder (org.elasticsearch.search.aggregations.AbstractAggregationBuilder)10 SumAggregationBuilder (org.elasticsearch.search.aggregations.metrics.SumAggregationBuilder)8 CardinalityAggregationBuilder (org.elasticsearch.search.aggregations.metrics.cardinality.CardinalityAggregationBuilder)8 ArrayList (java.util.ArrayList)7 RangeAggregationBuilder (org.elasticsearch.search.aggregations.bucket.range.RangeAggregationBuilder)7 DateRangeAggregationBuilder (org.elasticsearch.search.aggregations.bucket.range.date.DateRangeAggregationBuilder)7 Map (java.util.Map)6 SearchResponse (org.elasticsearch.action.search.SearchResponse)6 GeoGridAggregationBuilder (org.elasticsearch.search.aggregations.bucket.geogrid.GeoGridAggregationBuilder)6 DateHistogramAggregationBuilder (org.elasticsearch.search.aggregations.bucket.histogram.DateHistogramAggregationBuilder)6 HistogramAggregationBuilder (org.elasticsearch.search.aggregations.bucket.histogram.HistogramAggregationBuilder)6 PercentilesAggregationBuilder (org.elasticsearch.search.aggregations.metrics.percentiles.PercentilesAggregationBuilder)6 ExtendedStatsAggregationBuilder (org.elasticsearch.search.aggregations.metrics.stats.extended.ExtendedStatsAggregationBuilder)6 BucketSelectorPipelineAggregationBuilder (org.elasticsearch.search.aggregations.pipeline.bucketselector.BucketSelectorPipelineAggregationBuilder)6 HashMap (java.util.HashMap)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial