Example 66 with Indices
use of org.graylog2.indexer.indices.Indices in project graylog2-server by Graylog2.
the class MoreSearchAdapterES6 method scrollEvents.
@Override
public void scrollEvents(String queryString, TimeRange timeRange, Set<String> affectedIndices, Set<String> streams, String scrollTime, int batchSize, ScrollEventsCallback resultCallback) throws EventProcessorException {
final QueryBuilder query = (queryString.trim().isEmpty() || queryString.trim().equals("*")) ? matchAllQuery() : queryStringQuery(queryString).allowLeadingWildcard(allowLeadingWildcard);
final BoolQueryBuilder filter = boolQuery().filter(query).filter(requireNonNull(TimeRangeQueryFactory.create(timeRange)));
// Filtering with an empty streams list doesn't work and would return zero results
if (!streams.isEmpty()) {
filter.filter(termsQuery(Message.FIELD_STREAMS, streams));
}
final SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder().query(filter).size(batchSize);
final Search.Builder searchBuilder = new Search.Builder(searchSourceBuilder.toString()).addType(IndexMapping.TYPE_MESSAGE).addIndex(affectedIndices.isEmpty() ? Collections.singleton("") : affectedIndices).addSort(new Sort("timestamp", Sort.Sorting.ASC)).allowNoIndices(false).ignoreUnavailable(false).setParameter(Parameters.SCROLL, scrollTime);
if (LOG.isDebugEnabled()) {
LOG.debug("Query:\n{}", searchSourceBuilder.toString(new ToXContent.MapParams(Collections.singletonMap("pretty", "true"))));
LOG.debug("Execute search: {}", searchBuilder.build().toString());
}
final ScrollResult scrollResult = scroll.scroll(searchBuilder.build(), () -> "Unable to scroll indices.", searchSourceBuilder.toString(), scrollTime, Collections.emptyList());
final AtomicBoolean continueScrolling = new AtomicBoolean(true);
final Stopwatch stopwatch = Stopwatch.createStarted();
try {
ScrollResult.ScrollChunk scrollChunk = scrollResult.nextChunk();
while (continueScrolling.get() && scrollChunk != null) {
final List<ResultMessage> messages = scrollChunk.getMessages();
LOG.debug("Passing <{}> messages to callback", messages.size());
resultCallback.accept(Collections.unmodifiableList(messages), continueScrolling);
// Stop if the resultCallback told us to stop
if (!continueScrolling.get()) {
break;
}
scrollChunk = scrollResult.nextChunk();
}
} catch (IOException e) {
throw new UncheckedIOException(e);
} finally {
try {
// Tell Elasticsearch that we are done with the scroll so it can release resources as soon as possible
// instead of waiting for the scroll timeout to kick in.
scrollResult.cancel();
} catch (Exception ignored) {
}
LOG.debug("Scrolling done - took {} ms", stopwatch.stop().elapsed(TimeUnit.MILLISECONDS));
}
}
Also used :
QueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilder)
BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder)
SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)
Stopwatch(com.google.common.base.Stopwatch)
UncheckedIOException(java.io.UncheckedIOException)
QueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilder)
BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
EventProcessorException(org.graylog.events.processor.EventProcessorException)
IOException(java.io.IOException)
UncheckedIOException(java.io.UncheckedIOException)
SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder)
ScrollResult(org.graylog2.indexer.results.ScrollResult)
Search(io.searchbox.core.Search)
MoreSearch(org.graylog.events.search.MoreSearch)
Sort(io.searchbox.core.search.sort.Sort)
Example 67 with Indices
use of org.graylog2.indexer.indices.Indices in project graylog2-server by Graylog2.
the class SearchesAdapterES6 method search.
@Override
public SearchResult search(Set<String> indices, Set<IndexRange> indexRanges, SearchesConfig config) {
final SearchSourceBuilder requestBuilder = searchRequest(config);
if (indexRanges.isEmpty()) {
return SearchResult.empty(config.query(), requestBuilder.toString());
}
final Search.Builder searchBuilder = new Search.Builder(requestBuilder.toString()).addType(IndexMapping.TYPE_MESSAGE).addIndex(indices);
final io.searchbox.core.SearchResult searchResult = multiSearch.wrap(searchBuilder.build(), () -> "Unable to perform search query");
final List<ResultMessage> hits = searchResult.getHits(Map.class, false).stream().map(hit -> ResultMessage.parseFromSource(hit.id, hit.index, (Map<String, Object>) hit.source, hit.highlight)).collect(Collectors.toList());
return new SearchResult(hits, searchResult.getTotal(), indexRanges, config.query(), requestBuilder.toString(), multiSearch.tookMsFromSearchResult(searchResult));
}
Also used :
FilterAggregationBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)
NO_LIMIT(org.graylog2.indexer.searches.ScrollCommand.NO_LIMIT)
FieldStatsResult(org.graylog2.indexer.results.FieldStatsResult)
SearchesConfig(org.graylog2.indexer.searches.SearchesConfig)
Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty)
ScrollResult(org.graylog2.indexer.results.ScrollResult)
SearchesAdapter(org.graylog2.indexer.searches.SearchesAdapter)
QueryBuilders.existsQuery(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders.existsQuery)
Inject(javax.inject.Inject)
ScrollCommand(org.graylog2.indexer.searches.ScrollCommand)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Map(java.util.Map)
CardinalityAggregation(io.searchbox.core.search.aggregation.CardinalityAggregation)
IndexMapping(org.graylog2.indexer.IndexMapping)
SearchResult(org.graylog2.indexer.results.SearchResult)
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
QueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilder)
Nullable(javax.annotation.Nullable)
QueryBuilders(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders)
HighlightBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.fetch.subphase.highlight.HighlightBuilder)
Sorting(org.graylog2.indexer.searches.Sorting)
NO_BATCHSIZE(org.graylog2.indexer.searches.ScrollCommand.NO_BATCHSIZE)
Search(io.searchbox.core.Search)
Set(java.util.Set)
QueryBuilders.matchAllQuery(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders.matchAllQuery)
QueryBuilders.termsQuery(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders.termsQuery)
ValueCountAggregation(io.searchbox.core.search.aggregation.ValueCountAggregation)
Collectors(java.util.stream.Collectors)
ExtendedStatsAggregation(io.searchbox.core.search.aggregation.ExtendedStatsAggregation)
Strings(org.graylog.shaded.elasticsearch6.org.elasticsearch.common.Strings)
IndexRange(org.graylog2.indexer.ranges.IndexRange)
CountResult(org.graylog2.indexer.results.CountResult)
QueryBuilders.queryStringQuery(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders.queryStringQuery)
List(java.util.List)
Parameters(io.searchbox.params.Parameters)
Configuration(org.graylog2.Configuration)
Stream(org.graylog2.plugin.streams.Stream)
AggregationBuilders(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilders)
Optional(java.util.Optional)
BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Message(org.graylog2.plugin.Message)
SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)
QueryBuilders.boolQuery(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders.boolQuery)
FilterAggregationBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)
QueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilder)
HighlightBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.fetch.subphase.highlight.HighlightBuilder)
BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder)
SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)
SearchResult(org.graylog2.indexer.results.SearchResult)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)
Search(io.searchbox.core.Search)
Map(java.util.Map)
Example 68 with Indices
use of org.graylog2.indexer.indices.Indices in project graylog2-server by Graylog2.
the class SearchesAdapterES6 method fieldStats.
@Override
public FieldStatsResult fieldStats(String query, String filter, TimeRange range, Set<String> indices, String field, boolean includeCardinality, boolean includeStats, boolean includeCount) {
final SearchSourceBuilder searchSourceBuilder;
if (filter == null) {
searchSourceBuilder = standardSearchRequest(query, range);
} else {
searchSourceBuilder = filteredSearchRequest(query, filter, range);
}
final FilterAggregationBuilder filterBuilder = AggregationBuilders.filter(AGG_FILTER, standardAggregationFilters(range, filter));
if (includeCount) {
searchSourceBuilder.aggregation(AggregationBuilders.count(AGG_VALUE_COUNT).field(field));
}
if (includeStats) {
searchSourceBuilder.aggregation(AggregationBuilders.extendedStats(AGG_EXTENDED_STATS).field(field));
}
if (includeCardinality) {
searchSourceBuilder.aggregation(AggregationBuilders.cardinality(AGG_CARDINALITY).field(field));
}
searchSourceBuilder.aggregation(filterBuilder);
if (indices.isEmpty()) {
return FieldStatsResult.empty(query, searchSourceBuilder.toString());
}
final Search searchRequest = new Search.Builder(searchSourceBuilder.toString()).addType(IndexMapping.TYPE_MESSAGE).addIndex(indices).build();
final io.searchbox.core.SearchResult searchResponse = multiSearch.wrap(searchRequest, () -> "Unable to retrieve fields stats");
final List<ResultMessage> hits = searchResponse.getHits(Map.class, false).stream().map(hit -> ResultMessage.parseFromSource(hit.id, hit.index, (Map<String, Object>) hit.source)).collect(Collectors.toList());
final ExtendedStatsAggregation extendedStatsAggregation = searchResponse.getAggregations().getExtendedStatsAggregation(AGG_EXTENDED_STATS);
final ValueCountAggregation valueCountAggregation = searchResponse.getAggregations().getValueCountAggregation(AGG_VALUE_COUNT);
final CardinalityAggregation cardinalityAggregation = searchResponse.getAggregations().getCardinalityAggregation(AGG_CARDINALITY);
return createFieldStatsResult(valueCountAggregation, extendedStatsAggregation, cardinalityAggregation, hits, query, searchSourceBuilder.toString(), multiSearch.tookMsFromSearchResult(searchResponse));
}
Also used :
FilterAggregationBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)
NO_LIMIT(org.graylog2.indexer.searches.ScrollCommand.NO_LIMIT)
FieldStatsResult(org.graylog2.indexer.results.FieldStatsResult)
SearchesConfig(org.graylog2.indexer.searches.SearchesConfig)
Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty)
ScrollResult(org.graylog2.indexer.results.ScrollResult)
SearchesAdapter(org.graylog2.indexer.searches.SearchesAdapter)
QueryBuilders.existsQuery(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders.existsQuery)
Inject(javax.inject.Inject)
ScrollCommand(org.graylog2.indexer.searches.ScrollCommand)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Map(java.util.Map)
CardinalityAggregation(io.searchbox.core.search.aggregation.CardinalityAggregation)
IndexMapping(org.graylog2.indexer.IndexMapping)
SearchResult(org.graylog2.indexer.results.SearchResult)
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
QueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilder)
Nullable(javax.annotation.Nullable)
QueryBuilders(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders)
HighlightBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.fetch.subphase.highlight.HighlightBuilder)
Sorting(org.graylog2.indexer.searches.Sorting)
NO_BATCHSIZE(org.graylog2.indexer.searches.ScrollCommand.NO_BATCHSIZE)
Search(io.searchbox.core.Search)
Set(java.util.Set)
QueryBuilders.matchAllQuery(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders.matchAllQuery)
QueryBuilders.termsQuery(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders.termsQuery)
ValueCountAggregation(io.searchbox.core.search.aggregation.ValueCountAggregation)
Collectors(java.util.stream.Collectors)
ExtendedStatsAggregation(io.searchbox.core.search.aggregation.ExtendedStatsAggregation)
Strings(org.graylog.shaded.elasticsearch6.org.elasticsearch.common.Strings)
IndexRange(org.graylog2.indexer.ranges.IndexRange)
CountResult(org.graylog2.indexer.results.CountResult)
QueryBuilders.queryStringQuery(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders.queryStringQuery)
List(java.util.List)
Parameters(io.searchbox.params.Parameters)
Configuration(org.graylog2.Configuration)
Stream(org.graylog2.plugin.streams.Stream)
AggregationBuilders(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.AggregationBuilders)
Optional(java.util.Optional)
BoolQueryBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.BoolQueryBuilder)
VisibleForTesting(com.google.common.annotations.VisibleForTesting)
Message(org.graylog2.plugin.Message)
SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)
QueryBuilders.boolQuery(org.graylog.shaded.elasticsearch6.org.elasticsearch.index.query.QueryBuilders.boolQuery)
ExtendedStatsAggregation(io.searchbox.core.search.aggregation.ExtendedStatsAggregation)
FilterAggregationBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)
CardinalityAggregation(io.searchbox.core.search.aggregation.CardinalityAggregation)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
SearchSourceBuilder(org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)
ValueCountAggregation(io.searchbox.core.search.aggregation.ValueCountAggregation)
Search(io.searchbox.core.Search)
Map(java.util.Map)
Example 69 with Indices
use of org.graylog2.indexer.indices.Indices in project graylog2-server by Graylog2.
the class ClusterAdapterES6 method shardStats.
@Override
public ShardStats shardStats(Collection<String> indices) {
final Health clusterHealthRequest = new Health.Builder().addIndex(indices).build();
final JestResult clusterHealthResponse = JestUtils.execute(jestClient, clusterHealthRequest, () -> "Couldn't read Elasticsearch cluster health");
final JsonNode clusterHealthJson = clusterHealthResponse.getJsonObject();
return ShardStats.create(clusterHealthJson.path("number_of_nodes").asInt(-1), clusterHealthJson.path("number_of_data_nodes").asInt(-1), clusterHealthJson.path("active_shards").asInt(-1), clusterHealthJson.path("relocating_shards").asInt(-1), clusterHealthJson.path("active_primary_shards").asInt(-1), clusterHealthJson.path("initializing_shards").asInt(-1), clusterHealthJson.path("unassigned_shards").asInt(-1), clusterHealthJson.path("timed_out").asBoolean());
}
Also used :
ClusterHealth(org.graylog2.rest.models.system.indexer.responses.ClusterHealth)
Health(io.searchbox.cluster.Health)
JsonNode(com.fasterxml.jackson.databind.JsonNode)
JestResult(io.searchbox.client.JestResult)
Example 70 with Indices
use of org.graylog2.indexer.indices.Indices in project graylog2-server by Graylog2.
the class IndicesIT method setUp.
@BeforeEach
public void setUp() {
// noinspection UnstableApiUsage
eventBus = new EventBus("indices-test");
final Node node = new Node(createNodeAdapter());
final IndexMappingFactory indexMappingFactory = new IndexMappingFactory(node, ImmutableMap.of(MessageIndexTemplateProvider.MESSAGE_TEMPLATE_TYPE, new MessageIndexTemplateProvider()));
indices = new Indices(indexMappingFactory, mock(NodeId.class), new NullAuditEventSender(), eventBus, indicesAdapter());
}
Also used :
NullAuditEventSender(org.graylog2.audit.NullAuditEventSender)
IndexMappingFactory(org.graylog2.indexer.IndexMappingFactory)
Node(org.graylog2.indexer.cluster.Node)
MessageIndexTemplateProvider(org.graylog2.indexer.MessageIndexTemplateProvider)
EventBus(com.google.common.eventbus.EventBus)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Aggregations
IndexSet (org.graylog2.indexer.IndexSet)20
IndexRange (org.graylog2.indexer.ranges.IndexRange)19
Set (java.util.Set)18
Test (org.junit.Test)18
DateTime (org.joda.time.DateTime)17
Map (java.util.Map)16
Collectors (java.util.stream.Collectors)15
List (java.util.List)14
TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)14
ZonedDateTime (java.time.ZonedDateTime)13
Inject (javax.inject.Inject)13
JsonNode (com.fasterxml.jackson.databind.JsonNode)11
ImmutableMap (com.google.common.collect.ImmutableMap)11
HashMap (java.util.HashMap)11
Indices (org.graylog2.indexer.indices.Indices)11
MongoIndexRange (org.graylog2.indexer.ranges.MongoIndexRange)11
Logger (org.slf4j.Logger)11
LoggerFactory (org.slf4j.LoggerFactory)11
Optional (java.util.Optional)10
ImmutableSet (com.google.common.collect.ImmutableSet)9
