Examples with SearchSourceBuilder org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder used on opensource projects

Example 41 with SearchSourceBuilder

use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder in project opennms by OpenNMS.

the class AlarmElasticsearch5IT method getNumberOfAlarmsInEsWithUei.

private static int getNumberOfAlarmsInEsWithUei(InetSocketAddress esHttpAddr, String uei) throws IOException {
    JestClient client = null;
    try {
        JestClientFactory factory = new JestClientFactory();
        factory.setHttpClientConfig(new HttpClientConfig.Builder(String.format("http://%s:%d", esHttpAddr.getHostString(), esHttpAddr.getPort())).multiThreaded(true).build());
        client = factory.getObject();
        SearchResult response = client.execute(new Search.Builder(new SearchSourceBuilder().query(QueryBuilders.matchQuery("eventuei", EventConstants.IMPORT_FAILED_UEI)).toString()).addIndex("opennms-alarms*").build());
        LOG.debug("SEARCH RESPONSE: {}", response.toString());
        return response.getTotal();
    } finally {
        if (client != null) {
            client.shutdownClient();
        }
    }
}

Example 42 with SearchSourceBuilder

use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder in project opennms by OpenNMS.

the class AbstractSyslogTestCase method pollForElasticsearchEventsUsingJest.

protected static void pollForElasticsearchEventsUsingJest(Supplier<InetSocketAddress> esTransportAddr, int numMessages) {
    with().pollInterval(15, SECONDS).await().atMost(5, MINUTES).until(() -> {
        JestClient client = null;
        try {
            JestClientFactory factory = new JestClientFactory();
            factory.setHttpClientConfig(new HttpClientConfig.Builder(String.format("http://%s:%d", esTransportAddr.get().getHostString(), esTransportAddr.get().getPort())).multiThreaded(true).build());
            client = factory.getObject();
            SearchResult response = client.execute(new Search.Builder(new SearchSourceBuilder().query(QueryBuilders.matchQuery("eventuei", "uei.opennms.org/vendor/cisco/syslog/SEC-6-IPACCESSLOGP/aclDeniedIPTraffic")).toString()).addIndex("opennms*").build());
            LOG.debug("SEARCH RESPONSE: {}", response.toString());
            // Sometimes, the first warm-up message is successful so treat both message counts as valid
            assertTrue("ES search hits was not equal to " + numMessages + ": " + response.getTotal(), (numMessages == response.getTotal()));
        // assertEquals("Event UEI did not match", "uei.opennms.org/vendor/cisco/syslog/SEC-6-IPACCESSLOGP/aclDeniedIPTraffic", response.getHits().getAt(0).getSource().get("eventuei"));
        // assertEquals("Event IP address did not match", "4.2.2.2", response.getHits().getAt(0).getSource().get("ipaddr"));
        } catch (Throwable e) {
            LOG.warn(e.getMessage(), e);
            return false;
        } finally {
            if (client != null) {
                client.shutdownClient();
            }
        }
        return true;
    });
}

Example 43 with SearchSourceBuilder

use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder in project metron by apache.

the class ElasticsearchDao method buildGroupRequest.

/**
 * Builds a group search request.
 * @param groupRequest The Metron group request.
 * @param queryBuilder The search query.
 * @return An Elasticsearch search request.
 */
private org.elasticsearch.action.search.SearchRequest buildGroupRequest(GroupRequest groupRequest, QueryBuilder queryBuilder) {
    // handle groups
    TermsAggregationBuilder groups = getGroupsTermBuilder(groupRequest, 0);
    final SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder().query(queryBuilder).aggregation(groups);
    // return the search request
    String[] indices = wildcardIndices(groupRequest.getIndices());
    return new org.elasticsearch.action.search.SearchRequest().indices(indices).source(searchSourceBuilder);
}

Example 44 with SearchSourceBuilder

use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder in project metron by apache.

the class ElasticsearchDao method buildSearchRequest.

/**
 * Builds an Elasticsearch search request.
 * @param searchRequest The Metron search request.
 * @param queryBuilder
 * @return An Elasticsearch search request.
 */
private org.elasticsearch.action.search.SearchRequest buildSearchRequest(SearchRequest searchRequest, QueryBuilder queryBuilder) throws InvalidSearchException {
    if (LOG.isDebugEnabled()) {
        LOG.debug("Got search request; request={}", ElasticsearchUtils.toJSON(searchRequest).orElse("???"));
    }
    SearchSourceBuilder searchBuilder = new SearchSourceBuilder().size(searchRequest.getSize()).from(searchRequest.getFrom()).query(queryBuilder).trackScores(true);
    List<String> fields = searchRequest.getFields();
    // column metadata needed to understand the type of each sort field
    Map<String, FieldType> meta;
    try {
        meta = getColumnMetadata(searchRequest.getIndices());
    } catch (IOException e) {
        throw new InvalidSearchException("Unable to get column metadata", e);
    }
    // handle sort fields
    for (SortField sortField : searchRequest.getSort()) {
        // what type is the sort field?
        FieldType sortFieldType = meta.getOrDefault(sortField.getField(), FieldType.OTHER);
        // sort order - if ascending missing values sorted last. otherwise, missing values sorted first
        org.elasticsearch.search.sort.SortOrder sortOrder = getElasticsearchSortOrder(sortField.getSortOrder());
        String missingSortOrder;
        if (sortOrder == org.elasticsearch.search.sort.SortOrder.DESC) {
            missingSortOrder = SORT_MISSING_LAST;
        } else {
            missingSortOrder = SORT_MISSING_FIRST;
        }
        // sort by the field - missing fields always last
        FieldSortBuilder sortBy = new FieldSortBuilder(sortField.getField()).order(sortOrder).missing(missingSortOrder).unmappedType(sortFieldType.getFieldType());
        searchBuilder.sort(sortBy);
    }
    // handle search fields
    if (fields != null) {
        searchBuilder.fetchSource("*", null);
    } else {
        searchBuilder.fetchSource(true);
    }
    List<String> facetFields = searchRequest.getFacetFields();
    // handle facet fields
    if (facetFields != null) {
        // https://www.elastic.co/guide/en/elasticsearch/client/java-api/current/_bucket_aggregations.html
        for (String field : facetFields) {
            String name = getFacetAggregationName(field);
            TermsAggregationBuilder terms = AggregationBuilders.terms(name).field(field);
            // new TermsBuilder(name).field(field);
            searchBuilder.aggregation(terms);
        }
    }
    // return the search request
    String[] indices = wildcardIndices(searchRequest.getIndices());
    if (LOG.isDebugEnabled()) {
        LOG.debug("Built Elasticsearch request; indices={}, request={}", indices, searchBuilder.toString());
    }
    return new org.elasticsearch.action.search.SearchRequest().indices(indices).source(searchBuilder);
}

Example 45 with SearchSourceBuilder

use of org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder in project metron by apache.

the class ElasticsearchRetrieveLatestDao method searchByGuids.

/**
 * Return the search hit based on the UUID and sensor type.
 * A callback can be specified to transform the hit into a type T.
 * If more than one hit happens, the first one will be returned.
 */
<T> List<T> searchByGuids(Collection<String> guids, Collection<String> sensorTypes, Function<SearchHit, Optional<T>> callback) throws IOException {
    if (guids == null || guids.isEmpty()) {
        return Collections.emptyList();
    }
    // should match any of the guids
    // the 'guid' field must be of type 'keyword' or this term query will not match
    BoolQueryBuilder guidQuery = boolQuery().must(termsQuery(Constants.GUID, guids));
    // should match any of the sensor types
    BoolQueryBuilder sensorQuery = boolQuery();
    sensorTypes.forEach(sensorType -> sensorQuery.should(typeQuery(sensorType + "_doc")));
    // must have a match for both guid and sensor
    BoolQueryBuilder query = boolQuery().must(guidQuery).must(sensorQuery);
    // submit the search
    SearchResponse response;
    try {
        SearchSourceBuilder source = new SearchSourceBuilder().query(query).size(guids.size());
        SearchRequest request = new SearchRequest().source(source);
        response = submitter.submitSearch(request);
    } catch (InvalidSearchException e) {
        throw new IOException(e);
    }
    // transform the search hits to results using the callback
    List<T> results = new ArrayList<>();
    for (SearchHit hit : response.getHits()) {
        Optional<T> result = callback.apply(hit);
        result.ifPresent(r -> results.add(r));
    }
    return results;
}