use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.
the class ESPivot method doExtractResult.
@Override
public SearchType.Result doExtractResult(SearchJob job, Query query, Pivot pivot, SearchResult queryResult, MetricAggregation aggregations, ESGeneratedQueryContext queryContext) {
final AbsoluteRange effectiveTimerange = extractEffectiveTimeRange(queryResult, query, pivot);
final PivotResult.Builder resultBuilder = PivotResult.builder().id(pivot.id()).effectiveTimerange(effectiveTimerange).total(extractDocumentCount(queryResult, pivot, queryContext));
// pivot results are a table where cells can contain multiple "values" and not only scalars:
// each combination of row and column groups can contain all series (if rollup is true)
// if rollup is false, only the "leaf" components contain the series
// in the elasticsearch result, rows and columns are simply nested aggregations (first aggregations from rows, then from columns)
// with metric aggregations on the corresponding levels.
// first we iterate over all row groups (whose values generate a "key array", corresponding to the nesting level)
// once we exhaust the row groups, we descend into the columns, which get added as values to their corresponding rows
// on each nesting level and combination we have to check for series which we also add as values to the containing row
processRows(resultBuilder, queryResult, queryContext, pivot, pivot.rowGroups(), new ArrayDeque<>(), aggregations);
return pivot.name().map(resultBuilder::name).orElse(resultBuilder).build();
}
use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.
the class ESPivot method extractEffectiveTimeRange.
private AbsoluteRange extractEffectiveTimeRange(SearchResult queryResult, Query query, Pivot pivot) {
final Double from = queryResult.getAggregations().getMinAggregation("timestamp-min").getMin();
final Double to = queryResult.getAggregations().getMaxAggregation("timestamp-max").getMax();
final TimeRange pivotRange = query.effectiveTimeRange(pivot);
return AbsoluteRange.create(isAllMessagesTimeRange(pivotRange) && from != null ? new DateTime(from.longValue(), DateTimeZone.UTC) : query.effectiveTimeRange(pivot).getFrom(), isAllMessagesTimeRange(pivotRange) && to != null ? new DateTime(to.longValue(), DateTimeZone.UTC) : query.effectiveTimeRange(pivot).getTo());
}
use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.
the class ESPivot method processSeries.
private void processSeries(PivotResult.Row.Builder rowBuilder, SearchResponse searchResult, ESGeneratedQueryContext queryContext, Pivot pivot, ArrayDeque<String> columnKeys, HasAggregations aggregation, boolean rollup, String source) {
pivot.series().forEach(seriesSpec -> {
final ESPivotSeriesSpecHandler<? extends SeriesSpec, ? extends Aggregation> seriesHandler = seriesHandlers.get(seriesSpec.type());
final Aggregation series = seriesHandler.extractAggregationFromResult(pivot, seriesSpec, aggregation, queryContext);
seriesHandler.handleResult(pivot, seriesSpec, searchResult, series, this, queryContext).map(value -> {
columnKeys.addLast(value.id());
final PivotResult.Value v = PivotResult.Value.create(columnKeys, value.value(), rollup, source);
columnKeys.removeLast();
return v;
}).forEach(rowBuilder::addValue);
});
}
use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.
the class MoreSearchAdapterES7 method eventSearch.
@Override
public MoreSearch.Result eventSearch(String queryString, TimeRange timerange, Set<String> affectedIndices, Sorting sorting, int page, int perPage, Set<String> eventStreams, String filterString, Set<String> forbiddenSourceStreams) {
final QueryBuilder query = (queryString.isEmpty() || queryString.equals("*")) ? matchAllQuery() : queryStringQuery(queryString).allowLeadingWildcard(allowLeadingWildcard);
final BoolQueryBuilder filter = boolQuery().filter(query).filter(termsQuery(EventDto.FIELD_STREAMS, eventStreams)).filter(requireNonNull(TimeRangeQueryFactory.create(timerange)));
if (!isNullOrEmpty(filterString)) {
filter.filter(queryStringQuery(filterString));
}
if (!forbiddenSourceStreams.isEmpty()) {
// If an event has any stream in "source_streams" that the calling search user is not allowed to access,
// the event must not be in the search result.
filter.filter(boolQuery().mustNot(termsQuery(EventDto.FIELD_SOURCE_STREAMS, forbiddenSourceStreams)));
}
final SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder().query(filter).from((page - 1) * perPage).size(perPage).sort(sorting.getField(), sortOrderMapper.fromSorting(sorting)).trackTotalHits(true);
final Set<String> indices = affectedIndices.isEmpty() ? Collections.singleton("") : affectedIndices;
final SearchRequest searchRequest = new SearchRequest(indices.toArray(new String[0])).source(searchSourceBuilder).indicesOptions(INDICES_OPTIONS);
if (LOG.isDebugEnabled()) {
LOG.debug("Query:\n{}", searchSourceBuilder.toString(new ToXContent.MapParams(Collections.singletonMap("pretty", "true"))));
LOG.debug("Execute search: {}", searchRequest.toString());
}
final SearchResponse searchResult = client.search(searchRequest, "Unable to perform search query");
final List<ResultMessage> hits = Streams.stream(searchResult.getHits()).map(ResultMessageFactory::fromSearchHit).collect(Collectors.toList());
final long total = searchResult.getHits().getTotalHits().value;
return MoreSearch.Result.builder().results(hits).resultsCount(total).duration(searchResult.getTook().getMillis()).usedIndexNames(affectedIndices).executedQuery(searchSourceBuilder.toString()).build();
}
use of org.graylog2.indexer.results.SearchResult in project graylog2-server by Graylog2.
the class SearchesAdapterES7 method search.
@Override
public SearchResult search(Set<String> indices, Set<IndexRange> indexRanges, SearchesConfig config) {
final SearchSourceBuilder searchSourceBuilder = searchRequestFactory.create(config);
if (indexRanges.isEmpty()) {
return SearchResult.empty(config.query(), searchSourceBuilder.toString());
}
final SearchRequest searchRequest = new SearchRequest(indices.toArray(new String[0])).source(searchSourceBuilder);
final SearchResponse searchResult = client.search(searchRequest, "Unable to perform search query");
final List<ResultMessage> resultMessages = extractResultMessages(searchResult);
final long totalResults = searchResult.getHits().getTotalHits().value;
final long tookMs = searchResult.getTook().getMillis();
final String builtQuery = searchSourceBuilder.toString();
return new SearchResult(resultMessages, totalResults, indexRanges, config.query(), builtQuery, tookMs);
}
Aggregations