use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilder in project graylog2-server by Graylog2.
the class ESStdDevHandler method doCreateAggregation.
@Nonnull
@Override
public Optional<AggregationBuilder> doCreateAggregation(String name, Pivot pivot, StdDev stddevSpec, ESPivot searchTypeHandler, ESGeneratedQueryContext queryContext) {
final ExtendedStatsAggregationBuilder stddev = AggregationBuilders.extendedStats(name).field(stddevSpec.field());
record(queryContext, pivot, stddevSpec, name, ExtendedStatsAggregation.class);
return Optional.of(stddev);
}
use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilder in project graylog2-server by Graylog2.
the class ESSumOfSquaresHandler method doCreateAggregation.
@Nonnull
@Override
public Optional<AggregationBuilder> doCreateAggregation(String name, Pivot pivot, SumOfSquares sumOfSquaresSpec, ESPivot searchTypeHandler, ESGeneratedQueryContext queryContext) {
final ExtendedStatsAggregationBuilder sumOfSquares = AggregationBuilders.extendedStats(name).field(sumOfSquaresSpec.field());
record(queryContext, pivot, sumOfSquaresSpec, name, ExtendedStatsAggregation.class);
return Optional.of(sumOfSquares);
}
use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilder in project graylog2-server by Graylog2.
the class ESMinHandler method doCreateAggregation.
@Nonnull
@Override
public Optional<AggregationBuilder> doCreateAggregation(String name, Pivot pivot, Min minSpec, ESPivot searchTypeHandler, ESGeneratedQueryContext queryContext) {
final MinAggregationBuilder min = AggregationBuilders.min(name).field(minSpec.field());
record(queryContext, pivot, minSpec, name, MinAggregation.class);
return Optional.of(min);
}
use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilder in project graylog2-server by Graylog2.
the class ESPivot method doGenerateQueryPart.
@Override
public void doGenerateQueryPart(SearchJob job, Query query, Pivot pivot, ESGeneratedQueryContext queryContext) {
LOG.debug("Generating aggregation for {}", pivot);
final SearchSourceBuilder searchSourceBuilder = queryContext.searchSourceBuilder(pivot);
final Map<Object, Object> contextMap = queryContext.contextMap();
final AggTypes aggTypes = new AggTypes();
contextMap.put(pivot.id(), aggTypes);
// holds the initial level aggregation to be added to the query
AggregationBuilder topLevelAggregation = null;
// holds the last complete bucket aggregation into which subsequent buckets get added
AggregationBuilder previousAggregation = null;
// add global rollup series if those were requested
if (pivot.rollup()) {
seriesStream(pivot, queryContext, "global rollup").forEach(previousAggregation != null ? previousAggregation::subAggregation : searchSourceBuilder::aggregation);
}
final Iterator<BucketSpec> rowBuckets = pivot.rowGroups().iterator();
while (rowBuckets.hasNext()) {
final BucketSpec bucketSpec = rowBuckets.next();
final String name = queryContext.nextName();
LOG.debug("Creating row group aggregation '{}' as {}", bucketSpec.type(), name);
final ESPivotBucketSpecHandler<? extends PivotSpec, ? extends Aggregation> handler = bucketHandlers.get(bucketSpec.type());
if (handler == null) {
throw new IllegalArgumentException("Unknown row_group type " + bucketSpec.type());
}
final Optional<AggregationBuilder> generatedAggregation = handler.createAggregation(name, pivot, bucketSpec, this, queryContext, query);
if (generatedAggregation.isPresent()) {
final AggregationBuilder aggregationBuilder = generatedAggregation.get();
if (topLevelAggregation == null) {
topLevelAggregation = aggregationBuilder;
}
// always insert the series for the final row group, or for each one if explicit rollup was requested
if (!rowBuckets.hasNext() || pivot.rollup()) {
seriesStream(pivot, queryContext, !rowBuckets.hasNext() ? "leaf row" : "row rollup").forEach(aggregationBuilder::subAggregation);
}
if (previousAggregation != null) {
previousAggregation.subAggregation(aggregationBuilder);
} else {
searchSourceBuilder.aggregation(aggregationBuilder);
}
previousAggregation = aggregationBuilder;
}
}
final Iterator<BucketSpec> colBuckets = pivot.columnGroups().iterator();
while (colBuckets.hasNext()) {
final BucketSpec bucketSpec = colBuckets.next();
final String name = queryContext.nextName();
LOG.debug("Creating column group aggregation '{}' as {}", bucketSpec.type(), name);
final ESPivotBucketSpecHandler<? extends PivotSpec, ? extends Aggregation> handler = bucketHandlers.get(bucketSpec.type());
if (handler == null) {
throw new IllegalArgumentException("Unknown column_group type " + bucketSpec.type());
}
final Optional<AggregationBuilder> generatedAggregation = handler.createAggregation(name, pivot, bucketSpec, this, queryContext, query);
if (generatedAggregation.isPresent()) {
final AggregationBuilder aggregationBuilder = generatedAggregation.get();
// always insert the series for the final row group, or for each one if explicit rollup was requested
if (!colBuckets.hasNext() || pivot.rollup()) {
seriesStream(pivot, queryContext, !colBuckets.hasNext() ? "leaf column" : "column rollup").forEach(aggregationBuilder::subAggregation);
}
if (previousAggregation != null) {
previousAggregation.subAggregation(aggregationBuilder);
} else {
searchSourceBuilder.aggregation(aggregationBuilder);
}
previousAggregation = aggregationBuilder;
}
}
final MinAggregationBuilder startTimestamp = AggregationBuilders.min("timestamp-min").field("timestamp");
final MaxAggregationBuilder endTimestamp = AggregationBuilders.max("timestamp-max").field("timestamp");
searchSourceBuilder.aggregation(startTimestamp);
searchSourceBuilder.aggregation(endTimestamp);
if (topLevelAggregation == null) {
LOG.debug("No aggregations generated for {}", pivot);
}
}
use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilder in project graylog2-server by Graylog2.
the class ESCountHandler method doCreateAggregation.
@Nonnull
@Override
public Optional<AggregationBuilder> doCreateAggregation(String name, Pivot pivot, Count count, ESPivot searchTypeHandler, ESGeneratedQueryContext queryContext) {
final String field = count.field();
if (field == null) {
// doc_count is always present in elasticsearch's bucket aggregations, no need to add it
return Optional.empty();
} else {
// the request was for a field count, we have to add a value_count sub aggregation
final ValueCountAggregationBuilder value = AggregationBuilders.count(name).field(field);
record(queryContext, pivot, count, name, ValueCountAggregation.class);
return Optional.of(value);
}
}
Aggregations