use of org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.SearchRequest in project graylog2-server by Graylog2.
the class Searches method termsStats.
public TermsStatsResult termsStats(String keyField, String valueField, TermsStatsOrder order, int size, String query, String filter, TimeRange range) {
if (size == 0) {
size = 50;
}
SearchRequestBuilder srb;
if (filter == null) {
srb = standardSearchRequest(query, determineAffectedIndices(range, filter), range);
} else {
srb = filteredSearchRequest(query, filter, determineAffectedIndices(range, filter), range);
}
Terms.Order termsOrder;
switch(order) {
case COUNT:
termsOrder = Terms.Order.count(true);
break;
case REVERSE_COUNT:
termsOrder = Terms.Order.count(false);
break;
case TERM:
termsOrder = Terms.Order.term(true);
break;
case REVERSE_TERM:
termsOrder = Terms.Order.term(false);
break;
case MIN:
termsOrder = Terms.Order.aggregation(AGG_STATS, "min", true);
break;
case REVERSE_MIN:
termsOrder = Terms.Order.aggregation(AGG_STATS, "min", false);
break;
case MAX:
termsOrder = Terms.Order.aggregation(AGG_STATS, "max", true);
break;
case REVERSE_MAX:
termsOrder = Terms.Order.aggregation(AGG_STATS, "max", false);
break;
case MEAN:
termsOrder = Terms.Order.aggregation(AGG_STATS, "avg", true);
break;
case REVERSE_MEAN:
termsOrder = Terms.Order.aggregation(AGG_STATS, "avg", false);
break;
case TOTAL:
termsOrder = Terms.Order.aggregation(AGG_STATS, "sum", true);
break;
case REVERSE_TOTAL:
termsOrder = Terms.Order.aggregation(AGG_STATS, "sum", false);
break;
default:
termsOrder = Terms.Order.count(true);
}
FilterAggregationBuilder builder = AggregationBuilders.filter(AGG_FILTER).subAggregation(AggregationBuilders.terms(AGG_TERMS_STATS).field(keyField).subAggregation(AggregationBuilders.stats(AGG_STATS).field(valueField)).order(termsOrder).size(size)).filter(standardAggregationFilters(range, filter));
srb.addAggregation(builder);
final SearchRequest request = srb.request();
SearchResponse r = c.search(request).actionGet();
recordEsMetrics(r, range);
final Filter f = r.getAggregations().get(AGG_FILTER);
return new TermsStatsResult(f.getAggregations().get(AGG_TERMS_STATS), query, request.source(), r.getTook());
}
use of org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.SearchRequest in project camel by apache.
the class ElasticsearchActionRequestConverter method toSearchRequest.
@Converter
public static SearchRequest toSearchRequest(Object queryObject, Exchange exchange) {
SearchRequest searchRequest = new SearchRequest(exchange.getIn().getHeader(ElasticsearchConstants.PARAM_INDEX_NAME, String.class)).types(exchange.getIn().getHeader(ElasticsearchConstants.PARAM_INDEX_TYPE, String.class));
SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
String queryText = null;
if (queryObject instanceof Map<?, ?>) {
Map<String, Object> mapQuery = (Map<String, Object>) queryObject;
// Remove 'query' prefix from the query object for backward compatibility
if (mapQuery.containsKey(ElasticsearchConstants.ES_QUERY_DSL_PREFIX)) {
mapQuery = (Map<String, Object>) mapQuery.get(ElasticsearchConstants.ES_QUERY_DSL_PREFIX);
}
try {
XContentBuilder contentBuilder = XContentFactory.contentBuilder(XContentType.JSON);
queryText = contentBuilder.map(mapQuery).string();
} catch (IOException e) {
LOG.error(e.getMessage());
}
} else if (queryObject instanceof String) {
queryText = (String) queryObject;
ObjectMapper mapper = new ObjectMapper();
try {
JsonNode jsonTextObject = mapper.readValue(queryText, JsonNode.class);
JsonNode parentJsonNode = jsonTextObject.get(ElasticsearchConstants.ES_QUERY_DSL_PREFIX);
if (parentJsonNode != null) {
queryText = parentJsonNode.toString();
}
} catch (IOException e) {
LOG.error(e.getMessage());
}
} else {
// Cannot convert the queryObject into SearchRequest
return null;
}
searchSourceBuilder.query(QueryBuilders.wrapperQuery(queryText));
searchRequest.source(searchSourceBuilder);
return searchRequest;
}
use of org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.SearchRequest in project camel by apache.
the class ElasticsearchActionRequestConverter method toMultiSearchRequest.
@SuppressWarnings("unchecked")
@Converter
public static MultiSearchRequest toMultiSearchRequest(Object document, Exchange exchange) {
List<SearchRequest> items = (List<SearchRequest>) document;
MultiSearchRequest multiSearchRequest = new MultiSearchRequest();
Iterator<SearchRequest> it = items.iterator();
while (it.hasNext()) {
SearchRequest item = it.next();
multiSearchRequest.add(item);
}
return multiSearchRequest;
}
use of org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.SearchRequest in project camel by apache.
the class ElasticsearchActionRequestConverter method toMultiSearchRequest.
@Converter
public static MultiSearchRequest toMultiSearchRequest(Object document, Exchange exchange) {
List<SearchRequest> items = (List<SearchRequest>) document;
MultiSearchRequest multiSearchRequest = new MultiSearchRequest();
Iterator<SearchRequest> it = items.iterator();
while (it.hasNext()) {
SearchRequest item = it.next();
multiSearchRequest.add(item);
}
return multiSearchRequest;
}
use of org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.SearchRequest in project pancm_project by xuwujing.
the class EsAggregationSearchTest method havingSearch.
/**
* @Author pancm
* @Description having
* @Date 2020/8/21
* @Param []
* @return void
*/
private static void havingSearch() throws IOException {
String index = "";
SearchRequest searchRequest = new SearchRequest(index);
searchRequest.indices(index);
SearchSourceBuilder sourceBuilder = new SearchSourceBuilder();
BoolQueryBuilder boolQueryBuilder = new BoolQueryBuilder();
searchRequest.indicesOptions(IndicesOptions.lenientExpandOpen());
String alias_name = "nas_ip_address_group";
String group_name = "nas_ip_address";
String query_name = "acct_start_time";
String query_type = "gte,lte";
String query_name_value = "2020-08-05 13:25:55,2020-08-20 13:26:55";
String[] query_types = query_type.split(",");
String[] query_name_values = query_name_value.split(",");
for (int i = 0; i < query_types.length; i++) {
if ("gte".equals(query_types[i])) {
boolQueryBuilder.must(QueryBuilders.rangeQuery(query_name).gte(query_name_values[i]));
}
if ("lte".equals(query_types[i])) {
boolQueryBuilder.must(QueryBuilders.rangeQuery(query_name).lte(query_name_values[i]));
}
}
AggregationBuilder aggregationBuilder = AggregationBuilders.terms(alias_name).field(group_name).size(Integer.MAX_VALUE);
// 声明BucketPath,用于后面的bucket筛选
Map<String, String> bucketsPathsMap = new HashMap<>(8);
bucketsPathsMap.put("groupCount", "_count");
// 设置脚本
Script script = new Script("params.groupCount >= 1000");
// 构建bucket选择器
BucketSelectorPipelineAggregationBuilder bs = PipelineAggregatorBuilders.bucketSelector("having", bucketsPathsMap, script);
aggregationBuilder.subAggregation(bs);
sourceBuilder.aggregation(aggregationBuilder);
// 不需要解释
sourceBuilder.explain(false);
// 不需要原始数据
sourceBuilder.fetchSource(false);
// 不需要版本号
sourceBuilder.version(false);
sourceBuilder.query(boolQueryBuilder);
searchRequest.source(sourceBuilder);
System.out.println(sourceBuilder);
// 同步查询
SearchResponse searchResponse = client.search(searchRequest, RequestOptions.DEFAULT);
// 查询条数
long count = searchResponse.getHits().getHits().length;
Aggregations aggregations = searchResponse.getAggregations();
// agg(aggregations);
Map<String, Object> map = new HashMap<>();
List<Map<String, Object>> list = new ArrayList<>();
agg(list, aggregations);
// System.out.println(map);
System.out.println(list);
}
Aggregations