Examples with FieldTypeException org.graylog2.indexer.FieldTypeException used on opensource projects

Search in sources :

Example 1 with FieldTypeException

use of org.graylog2.indexer.FieldTypeException in project graylog2-server by Graylog2.

the class Searches method fieldHistogram.

public HistogramResult fieldHistogram(String query, String field, DateHistogramInterval interval, String filter, TimeRange range, boolean includeCardinality) throws FieldTypeException {
    final DateHistogramBuilder dateHistogramBuilder = AggregationBuilders.dateHistogram(AGG_HISTOGRAM).field("timestamp").subAggregation(AggregationBuilders.stats(AGG_STATS).field(field)).interval(interval.toESInterval());
    if (includeCardinality) {
        dateHistogramBuilder.subAggregation(AggregationBuilders.cardinality(AGG_CARDINALITY).field(field));
    }
    FilterAggregationBuilder builder = AggregationBuilders.filter(AGG_FILTER).subAggregation(dateHistogramBuilder).filter(standardAggregationFilters(range, filter));
    QueryStringQueryBuilder qs = queryStringQuery(query);
    qs.allowLeadingWildcard(configuration.isAllowLeadingWildcardSearches());
    SearchRequestBuilder srb = c.prepareSearch();
    final Set<String> affectedIndices = determineAffectedIndices(range, filter);
    srb.setIndices(affectedIndices.toArray(new String[affectedIndices.size()]));
    srb.setQuery(qs);
    srb.addAggregation(builder);
    SearchResponse r;
    final SearchRequest request = srb.request();
    try {
        r = c.search(request).actionGet();
    } catch (org.elasticsearch.action.search.SearchPhaseExecutionException e) {
        throw new FieldTypeException(e);
    }
    checkForFailedShards(r);
    recordEsMetrics(r, range);
    final Filter f = r.getAggregations().get(AGG_FILTER);
    return new FieldHistogramResult(f.getAggregations().get(AGG_HISTOGRAM), query, request.source(), interval, r.getTook());
}
Also used : SearchRequest(org.elasticsearch.action.search.SearchRequest) FilterAggregationBuilder(org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder) SearchRequestBuilder(org.elasticsearch.action.search.SearchRequestBuilder) SearchResponse(org.elasticsearch.action.search.SearchResponse) Filter(org.elasticsearch.search.aggregations.bucket.filter.Filter) QueryStringQueryBuilder(org.elasticsearch.index.query.QueryStringQueryBuilder) FieldHistogramResult(org.graylog2.indexer.results.FieldHistogramResult) DateHistogramBuilder(org.elasticsearch.search.aggregations.bucket.histogram.DateHistogramBuilder)

Example 2 with FieldTypeException

use of org.graylog2.indexer.FieldTypeException in project graylog2-server by Graylog2.

the class ElasticsearchBackend method checkForFailedShards.

private Optional<ElasticsearchException> checkForFailedShards(MultiSearchResponse.Item multiSearchResponse) {
    if (multiSearchResponse.isFailure()) {
        return Optional.of(new ElasticsearchException(multiSearchResponse.getFailureMessage(), multiSearchResponse.getFailure()));
    }
    final SearchResponse searchResponse = multiSearchResponse.getResponse();
    if (searchResponse != null && searchResponse.getFailedShards() > 0) {
        final List<Throwable> shardFailures = Arrays.stream(searchResponse.getShardFailures()).map(ShardOperationFailedException::getCause).collect(Collectors.toList());
        final List<String> nonNumericFieldErrors = shardFailures.stream().filter(shardFailure -> shardFailure.getMessage().contains("Expected numeric type on field")).map(Throwable::getMessage).distinct().collect(Collectors.toList());
        if (!nonNumericFieldErrors.isEmpty()) {
            return Optional.of(new FieldTypeException("Unable to perform search query: ", nonNumericFieldErrors));
        }
        final List<String> errors = shardFailures.stream().map(Throwable::getMessage).distinct().collect(Collectors.toList());
        return Optional.of(new ElasticsearchException("Unable to perform search query: ", errors));
    }
    return Optional.empty();
}
Also used : ESSearchTypeHandler(org.graylog.storage.elasticsearch7.views.searchtypes.ESSearchTypeHandler) AndFilter(org.graylog.plugins.views.search.filter.AndFilter) ElasticsearchClient(org.graylog.storage.elasticsearch7.ElasticsearchClient) Arrays(java.util.Arrays) BackendQuery(org.graylog.plugins.views.search.engine.BackendQuery) QueryBackend(org.graylog.plugins.views.search.engine.QueryBackend) Provider(javax.inject.Provider) LoggerFactory(org.slf4j.LoggerFactory) FieldTypeException(org.graylog2.indexer.FieldTypeException) MultiSearchResponse(org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.MultiSearchResponse) StreamFilter(org.graylog.plugins.views.search.filter.StreamFilter) Map(java.util.Map) IndicesOptions(org.graylog.shaded.elasticsearch7.org.elasticsearch.action.support.IndicesOptions) SearchConfig(org.graylog.plugins.views.search.engine.SearchConfig) Set(java.util.Set) Collectors(java.util.stream.Collectors) BoolQueryBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.index.query.BoolQueryBuilder) Objects(java.util.Objects) List(java.util.List) Filter(org.graylog.plugins.views.search.Filter) Optional(java.util.Optional) SearchResponse(org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.SearchResponse) Query(org.graylog.plugins.views.search.Query) SearchTypeErrorParser(org.graylog.plugins.views.search.errors.SearchTypeErrorParser) HashMap(java.util.HashMap) ElasticsearchException(org.graylog2.indexer.ElasticsearchException) ShardOperationFailedException(org.graylog.shaded.elasticsearch7.org.elasticsearch.action.ShardOperationFailedException) ArrayList(java.util.ArrayList) GlobalOverride(org.graylog.plugins.views.search.GlobalOverride) Inject(javax.inject.Inject) HashSet(java.util.HashSet) OrFilter(org.graylog.plugins.views.search.filter.OrFilter) SearchType(org.graylog.plugins.views.search.SearchType) QueryStringFilter(org.graylog.plugins.views.search.filter.QueryStringFilter) SearchTypeError(org.graylog.plugins.views.search.errors.SearchTypeError) QueryResult(org.graylog.plugins.views.search.QueryResult) TimeRangeQueryFactory(org.graylog.storage.elasticsearch7.TimeRangeQueryFactory) SearchJob(org.graylog.plugins.views.search.SearchJob) QueryBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.index.query.QueryBuilder) SearchSourceBuilder(org.graylog.shaded.elasticsearch7.org.elasticsearch.search.builder.SearchSourceBuilder) Logger(org.slf4j.Logger) SearchRequest(org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.SearchRequest) Maps(com.google.common.collect.Maps) QueryStringDecorators(org.graylog.plugins.views.search.elasticsearch.QueryStringDecorators) Named(com.google.inject.name.Named) IndexLookup(org.graylog.plugins.views.search.elasticsearch.IndexLookup) QueryBuilders(org.graylog.shaded.elasticsearch7.org.elasticsearch.index.query.QueryBuilders) Message(org.graylog2.plugin.Message) Collections(java.util.Collections) FieldTypeException(org.graylog2.indexer.FieldTypeException) ElasticsearchException(org.graylog2.indexer.ElasticsearchException) MultiSearchResponse(org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.MultiSearchResponse) SearchResponse(org.graylog.shaded.elasticsearch7.org.elasticsearch.action.search.SearchResponse)

Example 3 with FieldTypeException

use of org.graylog2.indexer.FieldTypeException in project graylog2-server by Graylog2.

the class FieldValueAlertCondition method runCheck.

@Override
public CheckResult runCheck() {
    try {
        final String filter = buildQueryFilter(stream.getId(), query);
        // TODO we don't support cardinality yet
        final FieldStatsResult fieldStatsResult = searches.fieldStats(field, "*", filter, RelativeRange.create(time * 60), false, true, false);
        if (fieldStatsResult.count() == 0) {
            LOG.debug("Alert check <{}> did not match any messages. Returning not triggered.", type);
            return new NegativeCheckResult();
        }
        final double result;
        switch(type) {
            case MEAN:
                result = fieldStatsResult.mean();
                break;
            case MIN:
                result = fieldStatsResult.min();
                break;
            case MAX:
                result = fieldStatsResult.max();
                break;
            case SUM:
                result = fieldStatsResult.sum();
                break;
            case STDDEV:
                result = fieldStatsResult.stdDeviation();
                break;
            default:
                LOG.error("No such field value check type: [{}]. Returning not triggered.", type);
                return new NegativeCheckResult();
        }
        LOG.debug("Alert check <{}> result: [{}]", id, result);
        if (Double.isInfinite(result)) {
            // This happens when there are no ES results/docs.
            LOG.debug("Infinite value. Returning not triggered.");
            return new NegativeCheckResult();
        }
        final boolean triggered;
        switch(thresholdType) {
            case HIGHER:
                triggered = result > threshold.doubleValue();
                break;
            case LOWER:
                triggered = result < threshold.doubleValue();
                break;
            default:
                triggered = false;
        }
        if (triggered) {
            final String resultDescription = "Field " + field + " had a " + type + " of " + decimalFormat.format(result) + " in the last " + time + " minutes with trigger condition " + thresholdType + " than " + decimalFormat.format(threshold) + ". " + "(Current grace time: " + grace + " minutes)";
            final List<MessageSummary> summaries;
            if (getBacklog() > 0) {
                final List<ResultMessage> searchResult = fieldStatsResult.searchHits();
                summaries = Lists.newArrayListWithCapacity(searchResult.size());
                for (ResultMessage resultMessage : searchResult) {
                    final Message msg = resultMessage.getMessage();
                    summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
                }
            } else {
                summaries = Collections.emptyList();
            }
            return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
        } else {
            return new NegativeCheckResult();
        }
    } catch (InvalidRangeParametersException e) {
        // cannot happen lol
        LOG.error("Invalid timerange.", e);
        return null;
    } catch (FieldTypeException e) {
        LOG.debug("Field [{}] seems not to have a numerical type or doesn't even exist at all. Returning not triggered.", field, e);
        return new NegativeCheckResult();
    }
}
Also used : InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException) ResultMessage(org.graylog2.indexer.results.ResultMessage) Message(org.graylog2.plugin.Message) ResultMessage(org.graylog2.indexer.results.ResultMessage) FieldStatsResult(org.graylog2.indexer.results.FieldStatsResult) FieldTypeException(org.graylog2.indexer.FieldTypeException) MessageSummary(org.graylog2.plugin.MessageSummary)

Example 4 with FieldTypeException

use of org.graylog2.indexer.FieldTypeException in project graylog2-server by Graylog2.

the class JestUtils method checkForFailedShards.

public static Optional<ElasticsearchException> checkForFailedShards(JestResult result) {
    // unwrap shard failure due to non-numeric mapping. this happens when searching across index sets
    // if at least one of the index sets comes back with a result, the overall result will have the aggregation
    // but not considered failed entirely. however, if one shard has the error, we will refuse to respond
    // otherwise we would be showing empty graphs for non-numeric fields.
    final JsonNode shards = result.getJsonObject().path("_shards");
    final double failedShards = shards.path("failed").asDouble();
    if (failedShards > 0) {
        final List<String> errors = StreamSupport.stream(shards.path("failures").spliterator(), false).map(failure -> failure.path("reason").path("reason").asText()).filter(s -> !s.isEmpty()).collect(Collectors.toList());
        final List<String> nonNumericFieldErrors = errors.stream().filter(error -> error.startsWith("Expected numeric type on field")).collect(Collectors.toList());
        if (!nonNumericFieldErrors.isEmpty()) {
            return Optional.of(new FieldTypeException("Unable to perform search query: ", deduplicateErrors(nonNumericFieldErrors)));
        }
        return Optional.of(new ElasticsearchException("Unable to perform search query: ", deduplicateErrors(errors)));
    }
    return Optional.empty();
}
Also used : IndexNotFoundException(org.graylog2.indexer.IndexNotFoundException) MasterNotDiscoveredException(org.graylog2.indexer.MasterNotDiscoveredException) QueryParsingException(org.graylog2.indexer.QueryParsingException) JestHttpClient(io.searchbox.client.http.JestHttpClient) IOException(java.io.IOException) JestResult(io.searchbox.client.JestResult) RequestConfig(org.apache.http.client.config.RequestConfig) ElasticsearchException(org.graylog2.indexer.ElasticsearchException) Supplier(java.util.function.Supplier) Collectors(java.util.stream.Collectors) FieldTypeException(org.graylog2.indexer.FieldTypeException) ArrayList(java.util.ArrayList) JestClient(io.searchbox.client.JestClient) List(java.util.List) Action(io.searchbox.action.Action) Matcher(java.util.regex.Matcher) Optional(java.util.Optional) JsonNode(com.fasterxml.jackson.databind.JsonNode) StreamSupport(java.util.stream.StreamSupport) InvalidWriteTargetException(org.graylog2.indexer.InvalidWriteTargetException) Pattern(java.util.regex.Pattern) Collections(java.util.Collections) FieldTypeException(org.graylog2.indexer.FieldTypeException) JsonNode(com.fasterxml.jackson.databind.JsonNode) ElasticsearchException(org.graylog2.indexer.ElasticsearchException)

Aggregations

FieldTypeException (org.graylog2.indexer.FieldTypeException)3 ArrayList (java.util.ArrayList)2 Collections (java.util.Collections)2 List (java.util.List)2 Optional (java.util.Optional)2 Collectors (java.util.stream.Collectors)2 ElasticsearchException (org.graylog2.indexer.ElasticsearchException)2 Message (org.graylog2.plugin.Message)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 Maps (com.google.common.collect.Maps)1 Named (com.google.inject.name.Named)1 Action (io.searchbox.action.Action)1 JestClient (io.searchbox.client.JestClient)1 JestResult (io.searchbox.client.JestResult)1 JestHttpClient (io.searchbox.client.http.JestHttpClient)1 IOException (java.io.IOException)1 Arrays (java.util.Arrays)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial