Search in sources :

Example 6 with Indices

use of org.graylog2.indexer.indices.Indices in project graylog2-server by Graylog2.

the class Indices method deleteIndexTemplate.

public void deleteIndexTemplate(IndexSet indexSet) {
    final String templateName = indexSet.getConfig().indexTemplateName();
    final DeleteIndexTemplateRequest deleteRequest = c.admin().indices().prepareDeleteTemplate(templateName).request();
    try {
        final boolean acknowledged = c.admin().indices().deleteTemplate(deleteRequest).actionGet().isAcknowledged();
        if (acknowledged) {
            LOG.info("Deleted Graylog index template \"{}\" in Elasticsearch.", templateName);
        }
    } catch (Exception e) {
        LOG.error("Unable to delete the Graylog index template: " + templateName, e);
    }
}
Also used : DeleteIndexTemplateRequest(org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateRequest) ElasticsearchException(org.elasticsearch.ElasticsearchException) IndexClosedException(org.elasticsearch.indices.IndexClosedException) IndexNotFoundException(org.graylog2.indexer.IndexNotFoundException) IOException(java.io.IOException)

Example 7 with Indices

use of org.graylog2.indexer.indices.Indices in project graylog2-server by Graylog2.

the class Indices method getIndexNamesAndAliases.

@NotNull
public Map<String, Set<String>> getIndexNamesAndAliases(String indexPattern) {
    // only request indices matching the name or pattern in `indexPattern` and only get the alias names for each index,
    // not the settings or mappings
    final GetIndexRequestBuilder getIndexRequestBuilder = c.admin().indices().prepareGetIndex();
    getIndexRequestBuilder.addFeatures(GetIndexRequest.Feature.ALIASES);
    getIndexRequestBuilder.setIndices(indexPattern);
    final GetIndexResponse getIndexResponse = c.admin().indices().getIndex(getIndexRequestBuilder.request()).actionGet();
    final String[] indices = getIndexResponse.indices();
    final ImmutableOpenMap<String, List<AliasMetaData>> aliases = getIndexResponse.aliases();
    final Map<String, Set<String>> indexAliases = Maps.newHashMap();
    for (String index : indices) {
        final List<AliasMetaData> aliasMetaData = aliases.get(index);
        if (aliasMetaData == null) {
            indexAliases.put(index, Collections.emptySet());
        } else {
            indexAliases.put(index, aliasMetaData.stream().map(AliasMetaData::alias).collect(toSet()));
        }
    }
    return indexAliases;
}
Also used : AliasMetaData(org.elasticsearch.cluster.metadata.AliasMetaData) IndexSet(org.graylog2.indexer.IndexSet) Collectors.toSet(java.util.stream.Collectors.toSet) ImmutableSet(com.google.common.collect.ImmutableSet) Set(java.util.Set) GetIndexResponse(org.elasticsearch.action.admin.indices.get.GetIndexResponse) List(java.util.List) ImmutableList(com.google.common.collect.ImmutableList) GetIndexRequestBuilder(org.elasticsearch.action.admin.indices.get.GetIndexRequestBuilder) NotNull(javax.validation.constraints.NotNull)

Example 8 with Indices

use of org.graylog2.indexer.indices.Indices in project graylog2-server by Graylog2.

the class Searches method determineAffectedIndicesWithRanges.

public Set<IndexRange> determineAffectedIndicesWithRanges(TimeRange range, @Nullable String filter) {
    final Optional<String> streamId = extractStreamId(filter);
    IndexSet indexSet = null;
    // a stream has changed: a stream only knows about its currently configured index set, no the history
    if (streamId.isPresent()) {
        try {
            final Stream stream = streamService.load(streamId.get());
            indexSet = stream.getIndexSet();
        } catch (NotFoundException ignored) {
        }
    }
    final ImmutableSortedSet.Builder<IndexRange> indices = ImmutableSortedSet.orderedBy(IndexRange.COMPARATOR);
    final SortedSet<IndexRange> indexRanges = indexRangeService.find(range.getFrom(), range.getTo());
    for (IndexRange indexRange : indexRanges) {
        // if we aren't in a stream search, we look at all the ranges matching the time range.
        if (indexSet == null && filter == null) {
            indices.add(indexRange);
            continue;
        }
        // A range applies to this search if either: the current index set of the stream matches or a previous index set matched.
        final boolean streamInIndexRange = streamId.isPresent() && indexRange.streamIds() != null && indexRange.streamIds().contains(streamId.get());
        final boolean streamInCurrentIndexSet = indexSet != null && indexSet.isManagedIndex(indexRange.indexName());
        if (streamInIndexRange) {
            indices.add(indexRange);
        }
        if (streamInCurrentIndexSet) {
            indices.add(indexRange);
        }
    }
    return indices.build();
}
Also used : IndexRange(org.graylog2.indexer.ranges.IndexRange) ImmutableSortedSet(com.google.common.collect.ImmutableSortedSet) NotFoundException(org.graylog2.database.NotFoundException) Stream(org.graylog2.plugin.streams.Stream) IndexSet(org.graylog2.indexer.IndexSet)

Example 9 with Indices

use of org.graylog2.indexer.indices.Indices in project graylog2-server by Graylog2.

the class Searches method fieldStats.

public FieldStatsResult fieldStats(String field, String query, String filter, TimeRange range, boolean includeCardinality, boolean includeStats, boolean includeCount) throws FieldTypeException {
    SearchRequestBuilder srb;
    final Set<String> indices = indicesContainingField(determineAffectedIndices(range, filter), field);
    if (filter == null) {
        srb = standardSearchRequest(query, indices, range);
    } else {
        srb = filteredSearchRequest(query, filter, indices, range);
    }
    FilterAggregationBuilder builder = AggregationBuilders.filter(AGG_FILTER).filter(standardAggregationFilters(range, filter));
    if (includeCount) {
        builder.subAggregation(AggregationBuilders.count(AGG_VALUE_COUNT).field(field));
    }
    if (includeStats) {
        builder.subAggregation(AggregationBuilders.extendedStats(AGG_EXTENDED_STATS).field(field));
    }
    if (includeCardinality) {
        builder.subAggregation(AggregationBuilders.cardinality(AGG_CARDINALITY).field(field));
    }
    srb.addAggregation(builder);
    SearchResponse r;
    final SearchRequest request;
    try {
        request = srb.request();
        r = c.search(request).actionGet();
    } catch (org.elasticsearch.action.search.SearchPhaseExecutionException e) {
        throw new FieldTypeException(e);
    }
    checkForFailedShards(r);
    recordEsMetrics(r, range);
    final Filter f = r.getAggregations().get(AGG_FILTER);
    return new FieldStatsResult(f.getAggregations().get(AGG_VALUE_COUNT), f.getAggregations().get(AGG_EXTENDED_STATS), f.getAggregations().get(AGG_CARDINALITY), r.getHits(), query, request.source(), r.getTook());
}
Also used : SearchRequest(org.elasticsearch.action.search.SearchRequest) FieldStatsResult(org.graylog2.indexer.results.FieldStatsResult) FilterAggregationBuilder(org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder) SearchRequestBuilder(org.elasticsearch.action.search.SearchRequestBuilder) Filter(org.elasticsearch.search.aggregations.bucket.filter.Filter) SearchResponse(org.elasticsearch.action.search.SearchResponse)

Example 10 with Indices

use of org.graylog2.indexer.indices.Indices in project graylog2-server by Graylog2.

the class Searches method scroll.

public ScrollResult scroll(String query, TimeRange range, int limit, int offset, List<String> fields, String filter) {
    final Set<String> indices = determineAffectedIndices(range, filter);
    // only request the fields we asked for otherwise we can't figure out which fields will be in the result set
    // until we've scrolled through the entire set.
    // TODO: Check if we can get away without loading the _source field.
    // http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-request-fields.html#search-request-fields
    // "For backwards compatibility, if the fields parameter specifies fields which are not stored , it will
    // load the _source and extract it from it. This functionality has been replaced by the source filtering
    // parameter." -- So we should look at the source filtering parameter once we switched to ES 1.x.
    final SearchRequest request = standardSearchRequest(query, indices, limit, offset, range, filter, null, false).setScroll(new TimeValue(1, TimeUnit.MINUTES)).setSize(// TODO magic numbers
    500).addSort(SortBuilders.fieldSort(SortParseElement.DOC_FIELD_NAME)).addFields(fields.toArray(new String[fields.size()])).addField(// always request the _source field because otherwise we can't access non-stored values
    "_source").request();
    if (LOG.isDebugEnabled()) {
        try {
            LOG.debug("ElasticSearch scroll query: {}", XContentHelper.convertToJson(request.source(), false));
        } catch (IOException ignored) {
        }
    }
    final SearchResponse r = c.search(request).actionGet();
    recordEsMetrics(r, range);
    return new ScrollResult(c, query, request.source(), r, fields);
}
Also used : SearchRequest(org.elasticsearch.action.search.SearchRequest) ScrollResult(org.graylog2.indexer.results.ScrollResult) IOException(java.io.IOException) TimeValue(org.elasticsearch.common.unit.TimeValue) SearchResponse(org.elasticsearch.action.search.SearchResponse)

Aggregations

IndexSet (org.graylog2.indexer.IndexSet)14 Test (org.junit.Test)12 IndexRange (org.graylog2.indexer.ranges.IndexRange)10 Set (java.util.Set)9 ZonedDateTime (java.time.ZonedDateTime)6 Map (java.util.Map)6 DateTime (org.joda.time.DateTime)6 Timed (com.codahale.metrics.annotation.Timed)5 ApiOperation (io.swagger.annotations.ApiOperation)5 ApiResponses (io.swagger.annotations.ApiResponses)5 IOException (java.io.IOException)5 HashMap (java.util.HashMap)5 Collectors (java.util.stream.Collectors)5 Inject (javax.inject.Inject)5 POST (javax.ws.rs.POST)5 Path (javax.ws.rs.Path)5 Produces (javax.ws.rs.Produces)5 AuditEvent (org.graylog2.audit.jersey.AuditEvent)5 MongoIndexRange (org.graylog2.indexer.ranges.MongoIndexRange)5 TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)5