use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.
the class Searches method search.
public SearchResult search(SearchesConfig config) {
final Set<IndexRange> indexRanges = determineAffectedIndicesWithRanges(config.range(), config.filter());
final Set<String> indices = extractIndexNamesFromIndexRanges(indexRanges);
final SearchResult result = searchesAdapter.search(indices, indexRanges, config);
recordEsMetrics(result.tookMs(), config.range());
return result;
}
use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.
the class IndicesAdapterES6 method indexRangeStatsOfIndex.
@Override
public IndexRangeStats indexRangeStatsOfIndex(String index) {
final FilterAggregationBuilder builder = AggregationBuilders.filter("agg", QueryBuilders.existsQuery(Message.FIELD_TIMESTAMP)).subAggregation(AggregationBuilders.min("ts_min").field(Message.FIELD_TIMESTAMP)).subAggregation(AggregationBuilders.max("ts_max").field(Message.FIELD_TIMESTAMP)).subAggregation(AggregationBuilders.terms("streams").size(Integer.MAX_VALUE).field(Message.FIELD_STREAMS));
final String query = searchSource().aggregation(builder).size(0).toString();
final Search request = new Search.Builder(query).addIndex(index).setSearchType(SearchType.DFS_QUERY_THEN_FETCH).ignoreUnavailable(true).build();
if (LOG.isDebugEnabled()) {
String data = "{}";
try {
data = request.getData(objectMapper.copy().enable(SerializationFeature.INDENT_OUTPUT));
} catch (IOException e) {
LOG.debug("Couldn't pretty print request payload", e);
}
LOG.debug("Index range query: _search/{}: {}", index, data);
}
final SearchResult result = JestUtils.execute(jestClient, request, () -> "Couldn't build index range of index " + index);
final FilterAggregation f = result.getAggregations().getFilterAggregation("agg");
if (f == null) {
throw new IndexNotFoundException("Couldn't build index range of index " + index + " because it doesn't exist.");
} else if (f.getCount() == 0L) {
LOG.debug("No documents with attribute \"timestamp\" found in index <{}>", index);
return IndexRangeStats.EMPTY;
}
final MinAggregation minAgg = f.getMinAggregation("ts_min");
final DateTime min = new DateTime(minAgg.getMin().longValue(), DateTimeZone.UTC);
final MaxAggregation maxAgg = f.getMaxAggregation("ts_max");
final DateTime max = new DateTime(maxAgg.getMax().longValue(), DateTimeZone.UTC);
// make sure we return an empty list, so we can differentiate between old indices that don't have this information
// and newer ones that simply have no streams.
final TermsAggregation streams = f.getTermsAggregation("streams");
final List<String> streamIds = streams.getBuckets().stream().map(TermsAggregation.Entry::getKeyAsString).collect(toList());
return IndexRangeStats.create(min, max, streamIds);
}
use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.
the class MoreSearchAdapterES6 method eventSearch.
@Override
public MoreSearch.Result eventSearch(String queryString, TimeRange timerange, Set<String> affectedIndices, Sorting sorting, int page, int perPage, Set<String> eventStreams, String filterString, Set<String> forbiddenSourceStreams) {
final QueryBuilder query = (queryString.isEmpty() || queryString.equals("*")) ? matchAllQuery() : queryStringQuery(queryString).allowLeadingWildcard(allowLeadingWildcard);
final BoolQueryBuilder filter = boolQuery().filter(query).filter(termsQuery(EventDto.FIELD_STREAMS, eventStreams)).filter(requireNonNull(TimeRangeQueryFactory.create(timerange)));
if (!isNullOrEmpty(filterString)) {
filter.filter(queryStringQuery(filterString));
}
if (!forbiddenSourceStreams.isEmpty()) {
// If an event has any stream in "source_streams" that the calling search user is not allowed to access,
// the event must not be in the search result.
filter.filter(boolQuery().mustNot(termsQuery(EventDto.FIELD_SOURCE_STREAMS, forbiddenSourceStreams)));
}
final SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder().query(filter).from((page - 1) * perPage).size(perPage).sort(sorting.getField(), sortOrderMapper.fromSorting(sorting));
final Search.Builder searchBuilder = new Search.Builder(searchSourceBuilder.toString()).addType(IndexMapping.TYPE_MESSAGE).addIndex(affectedIndices.isEmpty() ? Collections.singleton("") : affectedIndices).allowNoIndices(false).ignoreUnavailable(false);
if (LOG.isDebugEnabled()) {
LOG.debug("Query:\n{}", searchSourceBuilder.toString(new ToXContent.MapParams(Collections.singletonMap("pretty", "true"))));
LOG.debug("Execute search: {}", searchBuilder.build().toString());
}
final io.searchbox.core.SearchResult searchResult = multiSearch.wrap(searchBuilder.build(), () -> "Unable to perform search query");
@SuppressWarnings("unchecked") final List<ResultMessage> hits = searchResult.getHits(Map.class, false).stream().map(hit -> ResultMessage.parseFromSource(hit.id, hit.index, (Map<String, Object>) hit.source, hit.highlight)).collect(Collectors.toList());
return MoreSearch.Result.builder().results(hits).resultsCount(searchResult.getTotal()).duration(multiSearch.tookMsFromSearchResult(searchResult)).usedIndexNames(affectedIndices).executedQuery(searchSourceBuilder.toString()).build();
}
use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.
the class SearchesAdapterES6 method search.
@Override
public SearchResult search(Set<String> indices, Set<IndexRange> indexRanges, SearchesConfig config) {
final SearchSourceBuilder requestBuilder = searchRequest(config);
if (indexRanges.isEmpty()) {
return SearchResult.empty(config.query(), requestBuilder.toString());
}
final Search.Builder searchBuilder = new Search.Builder(requestBuilder.toString()).addType(IndexMapping.TYPE_MESSAGE).addIndex(indices);
final io.searchbox.core.SearchResult searchResult = multiSearch.wrap(searchBuilder.build(), () -> "Unable to perform search query");
final List<ResultMessage> hits = searchResult.getHits(Map.class, false).stream().map(hit -> ResultMessage.parseFromSource(hit.id, hit.index, (Map<String, Object>) hit.source, hit.highlight)).collect(Collectors.toList());
return new SearchResult(hits, searchResult.getTotal(), indexRanges, config.query(), requestBuilder.toString(), multiSearch.tookMsFromSearchResult(searchResult));
}
use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.
the class ESMessageList method doExtractResult.
@Override
public SearchType.Result doExtractResult(SearchJob job, Query query, MessageList searchType, SearchResult result, MetricAggregation aggregations, ESGeneratedQueryContext queryContext) {
// noinspection unchecked
final List<ResultMessageSummary> messages = result.getHits(Map.class, false).stream().map(hit -> ResultMessage.parseFromSource(hit.id, hit.index, (Map<String, Object>) hit.source, hit.highlight)).map((resultMessage) -> ResultMessageSummary.create(resultMessage.highlightRanges, resultMessage.getMessage().getFields(), resultMessage.getIndex())).collect(Collectors.toList());
final String undecoratedQueryString = query.query().queryString();
final String queryString = this.esQueryDecorators.decorate(undecoratedQueryString, job, query);
final DateTime from = query.effectiveTimeRange(searchType).getFrom();
final DateTime to = query.effectiveTimeRange(searchType).getTo();
final SearchResponse searchResponse = SearchResponse.create(undecoratedQueryString, queryString, Collections.emptySet(), messages, Collections.emptySet(), 0, result.getTotal(), from, to);
final SearchResponse decoratedSearchResponse = decoratorProcessor.decorateSearchResponse(searchResponse, searchType.decorators());
final MessageList.Result.Builder resultBuilder = MessageList.Result.result(searchType.id()).messages(decoratedSearchResponse.messages()).effectiveTimerange(AbsoluteRange.create(from, to)).totalResults(decoratedSearchResponse.totalResults());
return searchType.name().map(resultBuilder::name).orElse(resultBuilder).build();
}
Aggregations