Examples with Sorting org.graylog2.indexer.searches.Sorting used on opensource projects

Example 1 with Sorting

use of org.graylog2.indexer.searches.Sorting in project graylog2-server by Graylog2.

the class KeywordSearchResource method searchKeyword.

@GET
@Timed
@ApiOperation(value = "Message search with keyword as timerange.", notes = "Search for messages in a timerange defined by a keyword like \"yesterday\" or \"2 weeks ago to wednesday\".")
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid keyword provided.") })
public SearchResponse searchKeyword(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "keyword", value = "Range keyword", required = true) @QueryParam("keyword") @NotEmpty String keyword, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = false) @QueryParam("fields") String fields, @ApiParam(name = "sort", value = "Sorting (field:asc / field:desc)", required = false) @QueryParam("sort") String sort, @ApiParam(name = "decorate", value = "Run decorators on search result", required = false) @QueryParam("decorate") @DefaultValue("true") boolean decorate) {
    checkSearchPermission(filter, RestPermissions.SEARCHES_KEYWORD);
    final List<String> fieldList = parseOptionalFields(fields);
    final Sorting sorting = buildSorting(sort);
    final TimeRange timeRange = buildKeywordTimeRange(keyword);
    final SearchesConfig searchesConfig = SearchesConfig.builder().query(query).filter(filter).fields(fieldList).range(timeRange).limit(limit).offset(offset).sorting(sorting).build();
    final Optional<String> streamId = Searches.extractStreamId(filter);
    try {
        return buildSearchResponse(searches.search(searchesConfig), timeRange, decorate, streamId);
    } catch (SearchPhaseExecutionException e) {
        throw createRequestExceptionForParseFailure(query, e);
    }
}

Example 2 with Sorting

use of org.graylog2.indexer.searches.Sorting in project graylog2-server by Graylog2.

the class FieldContentValueAlertCondition method runCheck.

@Override
public CheckResult runCheck() {
    String filter = "streams:" + stream.getId();
    String query = field + ":\"" + value + "\"";
    Integer backlogSize = getBacklog();
    boolean backlogEnabled = false;
    int searchLimit = 1;
    if (backlogSize != null && backlogSize > 0) {
        backlogEnabled = true;
        searchLimit = backlogSize;
    }
    try {
        SearchResult result = searches.search(query, filter, RelativeRange.create(configuration.getAlertCheckInterval()), searchLimit, 0, new Sorting("timestamp", Sorting.Direction.DESC));
        final List<MessageSummary> summaries;
        if (backlogEnabled) {
            summaries = Lists.newArrayListWithCapacity(result.getResults().size());
            for (ResultMessage resultMessage : result.getResults()) {
                final Message msg = resultMessage.getMessage();
                summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
            }
        } else {
            summaries = Collections.emptyList();
        }
        final long count = result.getTotalResults();
        final String resultDescription = "Stream received messages matching <" + query + "> " + "(Current grace time: " + grace + " minutes)";
        if (count > 0) {
            LOG.debug("Alert check <{}> found [{}] messages.", id, count);
            return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
        } else {
            LOG.debug("Alert check <{}> returned no results.", id);
            return new NegativeCheckResult();
        }
    } catch (InvalidRangeParametersException e) {
        // cannot happen lol
        LOG.error("Invalid timerange.", e);
        return null;
    } catch (InvalidRangeFormatException e) {
        // lol same here
        LOG.error("Invalid timerange format.", e);
        return null;
    }
}

Example 3 with Sorting

use of org.graylog2.indexer.searches.Sorting in project graylog2-server by Graylog2.

the class MessageCountAlertCondition method runCheck.

@Override
public CheckResult runCheck() {
    try {
        // Create an absolute range from the relative range to make sure it doesn't change during the two
        // search requests. (count and find messages)
        // This is needed because the RelativeRange computes the range from NOW on every invocation of getFrom() and
        // getTo().
        // See: https://github.com/Graylog2/graylog2-server/issues/2382
        final RelativeRange relativeRange = RelativeRange.create(time * 60);
        final AbsoluteRange range = AbsoluteRange.create(relativeRange.getFrom(), relativeRange.getTo());
        final String filter = "streams:" + stream.getId();
        final CountResult result = searches.count("*", range, filter);
        final long count = result.count();
        LOG.debug("Alert check <{}> result: [{}]", id, count);
        final boolean triggered;
        switch(thresholdType) {
            case MORE:
                triggered = count > threshold;
                break;
            case LESS:
                triggered = count < threshold;
                break;
            default:
                triggered = false;
        }
        if (triggered) {
            final List<MessageSummary> summaries = Lists.newArrayList();
            if (getBacklog() > 0) {
                final SearchResult backlogResult = searches.search("*", filter, range, getBacklog(), 0, new Sorting("timestamp", Sorting.Direction.DESC));
                for (ResultMessage resultMessage : backlogResult.getResults()) {
                    final Message msg = resultMessage.getMessage();
                    summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
                }
            }
            final String resultDescription = "Stream had " + count + " messages in the last " + time + " minutes with trigger condition " + thresholdType.toString().toLowerCase(Locale.ENGLISH) + " than " + threshold + " messages. " + "(Current grace time: " + grace + " minutes)";
            return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
        } else {
            return new NegativeCheckResult();
        }
    } catch (InvalidRangeParametersException e) {
        // cannot happen lol
        LOG.error("Invalid timerange.", e);
        return null;
    } catch (InvalidRangeFormatException e) {
        // lol same here
        LOG.error("Invalid timerange format.", e);
        return null;
    }
}

Example 4 with Sorting

use of org.graylog2.indexer.searches.Sorting in project graylog2-server by Graylog2.

the class Searches method terms.

public TermsResult terms(String field, int size, String query, String filter, TimeRange range, Sorting.Direction sorting) {
    Terms.Order termsOrder;
    if (size == 0) {
        size = 50;
    }
    if (sorting == Sorting.Direction.DESC) {
        termsOrder = Terms.Order.count(false);
    } else {
        termsOrder = Terms.Order.count(true);
    }
    SearchRequestBuilder srb;
    if (filter == null) {
        srb = standardSearchRequest(query, determineAffectedIndices(range, null), range);
    } else {
        srb = filteredSearchRequest(query, filter, determineAffectedIndices(range, filter), range);
    }
    FilterAggregationBuilder builder = AggregationBuilders.filter(AGG_FILTER).subAggregation(AggregationBuilders.terms(AGG_TERMS).field(field).size(size).order(termsOrder)).subAggregation(AggregationBuilders.missing("missing").field(field)).filter(standardAggregationFilters(range, filter));
    srb.addAggregation(builder);
    final SearchRequest request = srb.request();
    SearchResponse r = c.search(request).actionGet();
    recordEsMetrics(r, range);
    final Filter f = r.getAggregations().get(AGG_FILTER);
    return new TermsResult(f.getAggregations().get(AGG_TERMS), f.getAggregations().get("missing"), f.getDocCount(), query, request.source(), r.getTook());
}

Example 5 with Sorting

use of org.graylog2.indexer.searches.Sorting in project graylog2-server by Graylog2.

the class RelativeSearchResource method searchRelative.

@GET
@Timed
@ApiOperation(value = "Message search with relative timerange.", notes = "Search for messages in a relative timerange, specified as seconds from now. " + "Example: 300 means search from 5 minutes ago to now.")
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid timerange parameters provided.") })
@Produces(MediaType.APPLICATION_JSON)
public SearchResponse searchRelative(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "range", value = "Relative timeframe to search in. See method description.", required = true) @QueryParam("range") int range, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = false) @QueryParam("fields") String fields, @ApiParam(name = "sort", value = "Sorting (field:asc / field:desc)", required = false) @QueryParam("sort") String sort, @ApiParam(name = "decorate", value = "Run decorators on search result", required = false) @QueryParam("decorate") @DefaultValue("true") boolean decorate) {
    checkSearchPermission(filter, RestPermissions.SEARCHES_RELATIVE);
    final List<String> fieldList = parseOptionalFields(fields);
    final Sorting sorting = buildSorting(sort);
    final TimeRange timeRange = buildRelativeTimeRange(range);
    final SearchesConfig searchesConfig = SearchesConfig.builder().query(query).filter(filter).fields(fieldList).range(timeRange).limit(limit).offset(offset).sorting(sorting).build();
    final Optional<String> streamId = Searches.extractStreamId(filter);
    try {
        return buildSearchResponse(searches.search(searchesConfig), timeRange, decorate, streamId);
    } catch (SearchPhaseExecutionException e) {
        throw createRequestExceptionForParseFailure(query, e);
    }
}