Example 1 with Max
use of org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.Max in project graylog2-server by Graylog2.
the class ElasticsearchBackendMultiSearchTest method multiSearchResultsAreAssignedToSearchTypes.
@Test
public void multiSearchResultsAreAssignedToSearchTypes() throws Exception {
final MultiSearchResponse response = TestMultisearchResponse.fromFixture("successfulMultiSearchResponse.json");
final List<MultiSearchResponse.Item> items = Arrays.stream(response.getResponses()).collect(Collectors.toList());
when(client.msearch(any(), any())).thenReturn(items);
final ESGeneratedQueryContext queryContext = this.elasticsearchBackend.generate(searchJob, query, new SearchConfig(Period.ZERO));
final QueryResult queryResult = this.elasticsearchBackend.doRun(searchJob, query, queryContext);
assertThat(queryResult.searchTypes()).containsOnlyKeys("pivot1", "pivot2");
final PivotResult pivot1Result = (PivotResult) queryResult.searchTypes().get("pivot1");
assertThat(pivot1Result.rows().get(0)).isEqualTo(PivotResult.Row.builder().key(ImmutableList.of()).source("leaf").addValue(PivotResult.Value.create(Collections.singletonList("avg(field1)"), 27220.273504273504, true, "row-leaf")).build());
final PivotResult pivot2Result = (PivotResult) queryResult.searchTypes().get("pivot2");
assertThat(pivot2Result.rows().get(0)).isEqualTo(PivotResult.Row.builder().key(ImmutableList.of()).source("leaf").addValue(PivotResult.Value.create(Collections.singletonList("max(field2)"), 42.0, true, "row-leaf")).build());
}
Also used :
MultiSearchResponse(org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.MultiSearchResponse)
QueryResult(org.graylog.plugins.views.search.QueryResult)
PivotResult(org.graylog.plugins.views.search.searchtypes.pivot.PivotResult)
SearchConfig(org.graylog.plugins.views.search.engine.SearchConfig)
Test(org.junit.Test)
Example 2 with Max
use of org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.Max in project graylog2-server by Graylog2.
the class ESPivot method extractEffectiveTimeRange.
private AbsoluteRange extractEffectiveTimeRange(SearchResponse queryResult, Query query, Pivot pivot) {
final Min min = queryResult.getAggregations().get("timestamp-min");
final Double from = min.getValue();
final Max max = queryResult.getAggregations().get("timestamp-max");
final Double to = max.getValue();
final TimeRange pivotRange = query.effectiveTimeRange(pivot);
return AbsoluteRange.create(isAllMessagesTimeRange(pivotRange) && from != 0 ? new DateTime(from.longValue(), DateTimeZone.UTC) : query.effectiveTimeRange(pivot).getFrom(), isAllMessagesTimeRange(pivotRange) && to != 0 ? new DateTime(to.longValue(), DateTimeZone.UTC) : query.effectiveTimeRange(pivot).getTo());
}Example 3 with Max
use of org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.Max in project graylog2-server by Graylog2.
the class ESMaxHandler method doCreateAggregation.
@Nonnull
@Override
public Optional<AggregationBuilder> doCreateAggregation(String name, Pivot pivot, Max maxSpec, ESPivot searchTypeHandler, ESGeneratedQueryContext queryContext) {
final MaxAggregationBuilder max = AggregationBuilders.max(name).field(maxSpec.field());
record(queryContext, pivot, maxSpec, name, org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.Max.class);
return Optional.of(max);
}
Also used :
MaxAggregationBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.MaxAggregationBuilder)
Nonnull(javax.annotation.Nonnull)
Example 4 with Max
use of org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.Max in project graylog2-server by Graylog2.
the class ESPivot method doGenerateQueryPart.
@Override
public void doGenerateQueryPart(SearchJob job, Query query, Pivot pivot, ESGeneratedQueryContext queryContext) {
LOG.debug("Generating aggregation for {}", pivot);
final SearchSourceBuilder searchSourceBuilder = queryContext.searchSourceBuilder(pivot);
final Map<Object, Object> contextMap = queryContext.contextMap();
final AggTypes aggTypes = new AggTypes();
contextMap.put(pivot.id(), aggTypes);
// holds the initial level aggregation to be added to the query
AggregationBuilder topLevelAggregation = null;
// holds the last complete bucket aggregation into which subsequent buckets get added
AggregationBuilder previousAggregation = null;
// add global rollup series if those were requested
if (pivot.rollup()) {
seriesStream(pivot, queryContext, "global rollup").forEach(searchSourceBuilder::aggregation);
}
final Iterator<BucketSpec> rowBuckets = pivot.rowGroups().iterator();
while (rowBuckets.hasNext()) {
final BucketSpec bucketSpec = rowBuckets.next();
final String name = queryContext.nextName();
LOG.debug("Creating row group aggregation '{}' as {}", bucketSpec.type(), name);
final ESPivotBucketSpecHandler<? extends PivotSpec, ? extends Aggregation> handler = bucketHandlers.get(bucketSpec.type());
if (handler == null) {
throw new IllegalArgumentException("Unknown row_group type " + bucketSpec.type());
}
final Optional<AggregationBuilder> generatedAggregation = handler.createAggregation(name, pivot, bucketSpec, this, queryContext, query);
if (generatedAggregation.isPresent()) {
final AggregationBuilder aggregationBuilder = generatedAggregation.get();
if (topLevelAggregation == null) {
topLevelAggregation = aggregationBuilder;
}
// always insert the series for the final row group, or for each one if explicit rollup was requested
if (!rowBuckets.hasNext() || pivot.rollup()) {
seriesStream(pivot, queryContext, !rowBuckets.hasNext() ? "leaf row" : "row rollup").forEach(aggregationBuilder::subAggregation);
}
if (previousAggregation != null) {
previousAggregation.subAggregation(aggregationBuilder);
} else {
searchSourceBuilder.aggregation(aggregationBuilder);
}
previousAggregation = aggregationBuilder;
}
}
final Iterator<BucketSpec> colBuckets = pivot.columnGroups().iterator();
while (colBuckets.hasNext()) {
final BucketSpec bucketSpec = colBuckets.next();
final String name = queryContext.nextName();
LOG.debug("Creating column group aggregation '{}' as {}", bucketSpec.type(), name);
final ESPivotBucketSpecHandler<? extends PivotSpec, ? extends Aggregation> handler = bucketHandlers.get(bucketSpec.type());
if (handler == null) {
throw new IllegalArgumentException("Unknown column_group type " + bucketSpec.type());
}
final Optional<AggregationBuilder> generatedAggregation = handler.createAggregation(name, pivot, bucketSpec, this, queryContext, query);
if (generatedAggregation.isPresent()) {
final AggregationBuilder aggregationBuilder = generatedAggregation.get();
// always insert the series for the final row group, or for each one if explicit rollup was requested
if (!colBuckets.hasNext() || pivot.rollup()) {
seriesStream(pivot, queryContext, !colBuckets.hasNext() ? "leaf column" : "column rollup").forEach(aggregationBuilder::subAggregation);
}
if (previousAggregation != null) {
previousAggregation.subAggregation(aggregationBuilder);
} else {
searchSourceBuilder.aggregation(aggregationBuilder);
}
previousAggregation = aggregationBuilder;
}
}
final MinAggregationBuilder startTimestamp = AggregationBuilders.min("timestamp-min").field("timestamp");
final MaxAggregationBuilder endTimestamp = AggregationBuilders.max("timestamp-max").field("timestamp");
searchSourceBuilder.aggregation(startTimestamp);
searchSourceBuilder.aggregation(endTimestamp);
if (topLevelAggregation == null) {
LOG.debug("No aggregations generated for {}", pivot);
}
}
Also used :
AggregationBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.AggregationBuilder)
MaxAggregationBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.MaxAggregationBuilder)
MinAggregationBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.MinAggregationBuilder)
BucketSpec(org.graylog.plugins.views.search.searchtypes.pivot.BucketSpec)
SearchSourceBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.builder.SearchSourceBuilder)
MaxAggregationBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.MaxAggregationBuilder)
MinAggregationBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.MinAggregationBuilder)
Example 5 with Max
use of org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.Max in project graylog2-server by Graylog2.
the class IndicesAdapterES7 method indexRangeStatsOfIndex.
@Override
public IndexRangeStats indexRangeStatsOfIndex(String index) {
final FilterAggregationBuilder builder = AggregationBuilders.filter("agg", QueryBuilders.existsQuery(Message.FIELD_TIMESTAMP)).subAggregation(AggregationBuilders.min("ts_min").field(Message.FIELD_TIMESTAMP)).subAggregation(AggregationBuilders.max("ts_max").field(Message.FIELD_TIMESTAMP)).subAggregation(AggregationBuilders.terms("streams").size(Integer.MAX_VALUE).field(Message.FIELD_STREAMS));
final SearchSourceBuilder query = SearchSourceBuilder.searchSource().aggregation(builder).size(0);
final SearchRequest request = new SearchRequest().source(query).indices(index).searchType(SearchType.DFS_QUERY_THEN_FETCH).indicesOptions(IndicesOptions.lenientExpandOpen());
final SearchResponse result = client.execute((c, requestOptions) -> c.search(request, requestOptions), "Couldn't build index range of index " + index);
if (result.getTotalShards() == 0 || result.getAggregations() == null) {
throw new IndexNotFoundException("Couldn't build index range of index " + index + " because it doesn't exist.");
}
final Filter f = result.getAggregations().get("agg");
if (f == null) {
throw new IndexNotFoundException("Couldn't build index range of index " + index + " because it doesn't exist.");
} else if (f.getDocCount() == 0L) {
LOG.debug("No documents with attribute \"timestamp\" found in index <{}>", index);
return IndexRangeStats.EMPTY;
}
final Min minAgg = f.getAggregations().get("ts_min");
final long minUnixTime = new Double(minAgg.getValue()).longValue();
final DateTime min = new DateTime(minUnixTime, DateTimeZone.UTC);
final Max maxAgg = f.getAggregations().get("ts_max");
final long maxUnixTime = new Double(maxAgg.getValue()).longValue();
final DateTime max = new DateTime(maxUnixTime, DateTimeZone.UTC);
// make sure we return an empty list, so we can differentiate between old indices that don't have this information
// and newer ones that simply have no streams.
final Terms streams = f.getAggregations().get("streams");
final List<String> streamIds = streams.getBuckets().stream().map(MultiBucketsAggregation.Bucket::getKeyAsString).collect(toList());
return IndexRangeStats.create(min, max, streamIds);
}
Also used :
SearchRequest(org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.SearchRequest)
FilterAggregationBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)
Max(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.Max)
Terms(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.bucket.terms.Terms)
DateTime(org.joda.time.DateTime)
SearchSourceBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.builder.SearchSourceBuilder)
SearchResponse(org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.SearchResponse)
Min(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.Min)
Filter(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.bucket.filter.Filter)
MultiBucketsAggregation(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.bucket.MultiBucketsAggregation)
IndexNotFoundException(org.graylog2.indexer.IndexNotFoundException)
Aggregations
MultiSearchResponse (org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.MultiSearchResponse)3
Max (org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.Max)3
Min (org.graylog.shaded.elasticsearch7.org.elasticsearch.search.aggregations.metrics.Min)3
QueryResult (org.graylog.plugins.views.search.QueryResult)2
SearchConfig (org.graylog.plugins.views.search.engine.SearchConfig)2
PivotResult (org.graylog.plugins.views.search.searchtypes.pivot.PivotResult)2
SearchSourceBuilder (org.graylog.shaded.elasticsearch7.org.elasticsearch.search.builder.SearchSourceBuilder)2
Resources (com.google.common.io.Resources)1
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
UncheckedIOException (java.io.UncheckedIOException)1
URISyntaxException (java.net.URISyntaxException)1
URL (java.net.URL)1
Files (java.nio.file.Files)1
Path (java.nio.file.Path)1
Paths (java.nio.file.Paths)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
List (java.util.List)1
Map (java.util.Map)1
