Search in sources :

Example 11 with SearchResult

use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.

the class SearchesIT method searchDoesNotIncludeJestMetadata.

@Test
public void searchDoesNotIncludeJestMetadata() throws Exception {
    importFixture("org/graylog2/indexer/searches/SearchesIT.json");
    final AbsoluteRange range = AbsoluteRange.create(new DateTime(2015, 1, 1, 0, 0, DateTimeZone.UTC).withZone(UTC), new DateTime(2015, 1, 2, 0, 0, DateTimeZone.UTC).withZone(UTC));
    final SearchResult searchResult = searches.search("_id:1", range, 0, 0, Sorting.DEFAULT);
    assertThat(searchResult).isNotNull();
    assertThat(searchResult.getTotalResults()).isEqualTo(1L);
    assertThat(searchResult.getFields()).doesNotContain("es_metadata_id", "es_metadata_version");
}
Also used : AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange) SearchResult(org.graylog2.indexer.results.SearchResult) ZonedDateTime(java.time.ZonedDateTime) DateTime(org.joda.time.DateTime) ElasticsearchBaseTest(org.graylog.testing.elasticsearch.ElasticsearchBaseTest) Test(org.junit.Test)

Example 12 with SearchResult

use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.

the class SearchesIT method searchReturnsResultWithSelectiveFields.

@Test
public void searchReturnsResultWithSelectiveFields() throws Exception {
    importFixture("org/graylog2/indexer/searches/SearchesIT.json");
    final AbsoluteRange range = AbsoluteRange.create(new DateTime(2015, 1, 1, 0, 0, DateTimeZone.UTC).withZone(UTC), new DateTime(2015, 1, 2, 0, 0, DateTimeZone.UTC).withZone(UTC));
    final SearchesConfig searchesConfig = SearchesConfig.builder().query("*").range(range).limit(1).offset(0).fields(Collections.singletonList("source")).build();
    final SearchResult searchResult = searches.search(searchesConfig);
    assertThat(searchResult).isNotNull();
    assertThat(searchResult.getResults()).hasSize(1);
    assertThat(searchResult.getTotalResults()).isEqualTo(10L);
}
Also used : AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange) SearchResult(org.graylog2.indexer.results.SearchResult) ZonedDateTime(java.time.ZonedDateTime) DateTime(org.joda.time.DateTime) ElasticsearchBaseTest(org.graylog.testing.elasticsearch.ElasticsearchBaseTest) Test(org.junit.Test)

Example 13 with SearchResult

use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.

the class FieldContentValueAlertConditionTest method testRunNoMatchingMessages.

@Test
public void testRunNoMatchingMessages() throws Exception {
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final IndexRange indexRange = MongoIndexRange.create("graylog_test", now.minusDays(1), now, now, 0);
    final Set<IndexRange> indexRanges = Sets.newHashSet(indexRange);
    final SearchResult searchResult = spy(new SearchResult(Collections.emptyList(), 0L, indexRanges, "message:something", null, 100L));
    when(searches.search(anyString(), anyString(), any(RelativeRange.class), anyInt(), anyInt(), any(Sorting.class))).thenReturn(searchResult);
    final FieldContentValueAlertCondition condition = getCondition(getParametersMap(0, "message", "something"), alertConditionTitle);
    final AlertCondition.CheckResult result = condition.runCheck();
    assertNotTriggered(result);
}
Also used : IndexRange(org.graylog2.indexer.ranges.IndexRange) MongoIndexRange(org.graylog2.indexer.ranges.MongoIndexRange) RelativeRange(org.graylog2.plugin.indexer.searches.timeranges.RelativeRange) AbstractAlertCondition(org.graylog2.alerts.AbstractAlertCondition) AlertCondition(org.graylog2.plugin.alarms.AlertCondition) SearchResult(org.graylog2.indexer.results.SearchResult) DateTime(org.joda.time.DateTime) Sorting(org.graylog2.indexer.searches.Sorting) Test(org.junit.Test) AlertConditionTest(org.graylog2.alerts.AlertConditionTest)

Example 14 with SearchResult

use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.

the class FieldContentValueAlertConditionTest method testRunMatchingMessagesInStream.

@Test
public void testRunMatchingMessagesInStream() throws Exception {
    final ResultMessage searchHit = ResultMessage.parseFromSource("some_id", "graylog_test", Collections.singletonMap("message", "something is in here"));
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final IndexRange indexRange = MongoIndexRange.create("graylog_test", now.minusDays(1), now, now, 0);
    final Set<IndexRange> indexRanges = Sets.newHashSet(indexRange);
    final SearchResult searchResult = spy(new SearchResult(Collections.singletonList(searchHit), 1L, indexRanges, "message:something", null, 100L));
    when(searchResult.getTotalResults()).thenReturn(1L);
    when(searches.search(anyString(), anyString(), any(RelativeRange.class), anyInt(), anyInt(), any(Sorting.class))).thenReturn(searchResult);
    final FieldContentValueAlertCondition condition = getCondition(getParametersMap(0, "message", "something"), "Alert Condition for testing");
    final AlertCondition.CheckResult result = condition.runCheck();
    assertTriggered(condition, result);
}
Also used : IndexRange(org.graylog2.indexer.ranges.IndexRange) MongoIndexRange(org.graylog2.indexer.ranges.MongoIndexRange) RelativeRange(org.graylog2.plugin.indexer.searches.timeranges.RelativeRange) AbstractAlertCondition(org.graylog2.alerts.AbstractAlertCondition) AlertCondition(org.graylog2.plugin.alarms.AlertCondition) SearchResult(org.graylog2.indexer.results.SearchResult) ResultMessage(org.graylog2.indexer.results.ResultMessage) DateTime(org.joda.time.DateTime) Sorting(org.graylog2.indexer.searches.Sorting) Test(org.junit.Test) AlertConditionTest(org.graylog2.alerts.AlertConditionTest)

Example 15 with SearchResult

use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.

the class UnboundLDAPConnector method search.

public ImmutableList<LDAPEntry> search(LDAPConnection connection, String searchBase, Filter filter, String uniqueIdAttribute, Set<String> attributes) throws LDAPException {
    final ImmutableSet<String> allAttributes = ImmutableSet.<String>builder().add(OBJECT_CLASS_ATTRIBUTE).addAll(attributes).build();
    // TODO: Use LDAPEntrySource for a more memory efficient search
    final SearchRequest searchRequest = new SearchRequest(searchBase, SearchScope.SUB, filter, allAttributes.toArray(new String[0]));
    searchRequest.setTimeLimitSeconds(requestTimeoutSeconds);
    if (LOG.isTraceEnabled()) {
        LOG.trace("Search LDAP for <{}> using search base <{}>", filter.toNormalizedString(), searchBase);
    }
    final SearchResult searchResult = connection.search(searchRequest);
    if (searchResult.getSearchEntries().isEmpty()) {
        LOG.trace("No LDAP entry found for filter <{}>", filter.toNormalizedString());
        return ImmutableList.of();
    }
    return searchResult.getSearchEntries().stream().map(entry -> createLDAPEntry(entry, uniqueIdAttribute)).collect(ImmutableList.toImmutableList());
}
Also used : LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) Arrays(java.util.Arrays) Entry(com.unboundid.ldap.sdk.Entry) TrustAllX509TrustManager(org.graylog2.security.TrustAllX509TrustManager) Attribute(com.unboundid.ldap.sdk.Attribute) LoggerFactory(org.slf4j.LoggerFactory) Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty) Singleton(javax.inject.Singleton) Base64(com.unboundid.util.Base64) BindRequest(com.unboundid.ldap.sdk.BindRequest) MessageFormat(java.text.MessageFormat) ExtendedResult(com.unboundid.ldap.sdk.ExtendedResult) Inject(javax.inject.Inject) LDAPBindException(com.unboundid.ldap.sdk.LDAPBindException) Preconditions.checkArgument(com.google.common.base.Preconditions.checkArgument) GeneralSecurityException(java.security.GeneralSecurityException) ImmutableList(com.google.common.collect.ImmutableList) Locale(java.util.Locale) SSLUtil(com.unboundid.util.ssl.SSLUtil) Objects.requireNonNull(java.util.Objects.requireNonNull) SearchRequest(com.unboundid.ldap.sdk.SearchRequest) Named(javax.inject.Named) BindResult(com.unboundid.ldap.sdk.BindResult) LDAPException(com.unboundid.ldap.sdk.LDAPException) ResultCode(com.unboundid.ldap.sdk.ResultCode) LDAPTestUtils(com.unboundid.util.LDAPTestUtils) TLSProtocolsConfiguration(org.graylog2.configuration.TLSProtocolsConfiguration) ImmutableSet(com.google.common.collect.ImmutableSet) EncryptedValue(org.graylog2.security.encryption.EncryptedValue) Logger(org.slf4j.Logger) StaticUtils.isValidUTF8(com.unboundid.util.StaticUtils.isValidUTF8) TrustManagerProvider(org.graylog2.security.TrustManagerProvider) LDAPConnectionOptions(com.unboundid.ldap.sdk.LDAPConnectionOptions) Set(java.util.Set) FailoverServerSet(com.unboundid.ldap.sdk.FailoverServerSet) Ints(com.google.common.primitives.Ints) StartTLSExtendedRequest(com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest) SocketFactory(javax.net.SocketFactory) SearchResult(com.unboundid.ldap.sdk.SearchResult) StaticUtils.toUTF8String(com.unboundid.util.StaticUtils.toUTF8String) StringUtils.isBlank(org.apache.commons.lang3.StringUtils.isBlank) EncryptedValueService(org.graylog2.security.encryption.EncryptedValueService) Optional(java.util.Optional) Filter(com.unboundid.ldap.sdk.Filter) SearchScope(com.unboundid.ldap.sdk.SearchScope) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) SearchRequest(com.unboundid.ldap.sdk.SearchRequest) SearchResult(com.unboundid.ldap.sdk.SearchResult) StaticUtils.toUTF8String(com.unboundid.util.StaticUtils.toUTF8String)

Aggregations

SearchResult (org.graylog2.indexer.results.SearchResult)11 DateTime (org.joda.time.DateTime)11 ResultMessage (org.graylog2.indexer.results.ResultMessage)10 Inject (javax.inject.Inject)8 AbsoluteRange (org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)8 List (java.util.List)7 Optional (java.util.Optional)7 SearchSourceBuilder (org.graylog.shaded.elasticsearch6.org.elasticsearch.search.builder.SearchSourceBuilder)7 Sorting (org.graylog2.indexer.searches.Sorting)7 Message (org.graylog2.plugin.Message)7 Test (org.junit.Test)7 Search (io.searchbox.core.Search)6 SearchResult (io.searchbox.core.SearchResult)6 Map (java.util.Map)6 Set (java.util.Set)6 RelativeRange (org.graylog2.plugin.indexer.searches.timeranges.RelativeRange)6 Collectors (java.util.stream.Collectors)5 Logger (org.slf4j.Logger)5 LoggerFactory (org.slf4j.LoggerFactory)5 ImmutableList (com.google.common.collect.ImmutableList)4