Search in sources :

Example 6 with AbsoluteRange

use of org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange in project graylog2-server by Graylog2.

the class SearchesTest method determineAffectedIndicesWithRangesIncludesDeflectorTarget.

@Test
public void determineAffectedIndicesWithRangesIncludesDeflectorTarget() throws Exception {
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final MongoIndexRange indexRange0 = MongoIndexRange.create("graylog_0", now, now.plusDays(1), now, 0);
    final MongoIndexRange indexRange1 = MongoIndexRange.create("graylog_1", now.plusDays(1), now.plusDays(2), now, 0);
    final MongoIndexRange indexRangeLatest = MongoIndexRange.create("graylog_2", new DateTime(0L, DateTimeZone.UTC), new DateTime(0L, DateTimeZone.UTC), now, 0);
    final SortedSet<IndexRange> indices = ImmutableSortedSet.orderedBy(IndexRange.COMPARATOR).add(indexRange0).add(indexRange1).add(indexRangeLatest).build();
    when(indexRangeService.find(any(DateTime.class), any(DateTime.class))).thenReturn(indices);
    final TimeRange absoluteRange = AbsoluteRange.create(now.minusDays(1), now.plusDays(1));
    final TimeRange keywordRange = KeywordRange.create("1 day ago");
    final TimeRange relativeRange = RelativeRange.create(3600);
    assertThat(searches.determineAffectedIndicesWithRanges(absoluteRange, null)).containsExactly(indexRangeLatest, indexRange0, indexRange1);
    assertThat(searches.determineAffectedIndicesWithRanges(keywordRange, null)).containsExactly(indexRangeLatest, indexRange0, indexRange1);
    assertThat(searches.determineAffectedIndicesWithRanges(relativeRange, null)).containsExactly(indexRangeLatest, indexRange0, indexRange1);
}
Also used : MongoIndexRange(org.graylog2.indexer.ranges.MongoIndexRange) IndexRange(org.graylog2.indexer.ranges.IndexRange) TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) MongoIndexRange(org.graylog2.indexer.ranges.MongoIndexRange) ZonedDateTime(java.time.ZonedDateTime) DateTime(org.joda.time.DateTime) Test(org.junit.Test)

Example 7 with AbsoluteRange

use of org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange in project graylog2-server by Graylog2.

the class StackedChartWidgetStrategy method compute.

@Override
public ComputationResult compute() {
    String filter = null;
    if (!isNullOrEmpty(streamId)) {
        filter = "streams:" + streamId;
    }
    final List<Map> results = new ArrayList<>(chartSeries.size());
    DateTime from = null;
    DateTime to = null;
    long tookMs = 0;
    for (Series series : chartSeries) {
        try {
            final HistogramResult histogramResult = searches.fieldHistogram(series.query, series.field, Searches.DateHistogramInterval.valueOf(interval.toString().toUpperCase(Locale.ENGLISH)), filter, this.timeRange, "cardinality".equalsIgnoreCase(series.statisticalFunction));
            if (from == null) {
                from = histogramResult.getHistogramBoundaries().getFrom();
            }
            to = histogramResult.getHistogramBoundaries().getTo();
            results.add(histogramResult.getResults());
            tookMs += histogramResult.took().millis();
        } catch (Searches.FieldTypeException e) {
            String msg = "Could not calculate [" + this.getClass().getCanonicalName() + "] widget <" + widgetId + ">. Not a numeric field? The field was [" + series.field + "]";
            LOG.error(msg, e);
            throw new RuntimeException(msg, e);
        }
    }
    final AbsoluteRange computationTimeRange = AbsoluteRange.create(from, to);
    return new ComputationResult(results, tookMs, computationTimeRange);
}
Also used : HistogramResult(org.graylog2.indexer.results.HistogramResult) Searches(org.graylog2.indexer.searches.Searches) AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange) ArrayList(java.util.ArrayList) ComputationResult(org.graylog2.plugin.dashboards.widgets.ComputationResult) DateTime(org.joda.time.DateTime) ImmutableMap(com.google.common.collect.ImmutableMap) Map(java.util.Map)

Example 8 with AbsoluteRange

use of org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange in project graylog2-server by Graylog2.

the class MessageCountAlertCondition method runCheck.

@Override
public CheckResult runCheck() {
    try {
        // Create an absolute range from the relative range to make sure it doesn't change during the two
        // search requests. (count and find messages)
        // This is needed because the RelativeRange computes the range from NOW on every invocation of getFrom() and
        // getTo().
        // See: https://github.com/Graylog2/graylog2-server/issues/2382
        final RelativeRange relativeRange = RelativeRange.create(time * 60);
        final AbsoluteRange range = AbsoluteRange.create(relativeRange.getFrom(), relativeRange.getTo());
        final String filter = "streams:" + stream.getId();
        final CountResult result = searches.count("*", range, filter);
        final long count = result.count();
        LOG.debug("Alert check <{}> result: [{}]", id, count);
        final boolean triggered;
        switch(thresholdType) {
            case MORE:
                triggered = count > threshold;
                break;
            case LESS:
                triggered = count < threshold;
                break;
            default:
                triggered = false;
        }
        if (triggered) {
            final List<MessageSummary> summaries = Lists.newArrayList();
            if (getBacklog() > 0) {
                final SearchResult backlogResult = searches.search("*", filter, range, getBacklog(), 0, new Sorting("timestamp", Sorting.Direction.DESC));
                for (ResultMessage resultMessage : backlogResult.getResults()) {
                    final Message msg = resultMessage.getMessage();
                    summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
                }
            }
            final String resultDescription = "Stream had " + count + " messages in the last " + time + " minutes with trigger condition " + thresholdType.toString().toLowerCase(Locale.ENGLISH) + " than " + threshold + " messages. " + "(Current grace time: " + grace + " minutes)";
            return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
        } else {
            return new NegativeCheckResult();
        }
    } catch (InvalidRangeParametersException e) {
        // cannot happen lol
        LOG.error("Invalid timerange.", e);
        return null;
    } catch (InvalidRangeFormatException e) {
        // lol same here
        LOG.error("Invalid timerange format.", e);
        return null;
    }
}
Also used : InvalidRangeFormatException(org.graylog2.indexer.InvalidRangeFormatException) InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException) ResultMessage(org.graylog2.indexer.results.ResultMessage) Message(org.graylog2.plugin.Message) AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange) SearchResult(org.graylog2.indexer.results.SearchResult) CountResult(org.graylog2.indexer.results.CountResult) ResultMessage(org.graylog2.indexer.results.ResultMessage) Sorting(org.graylog2.indexer.searches.Sorting) RelativeRange(org.graylog2.plugin.indexer.searches.timeranges.RelativeRange) MessageSummary(org.graylog2.plugin.MessageSummary)

Example 9 with AbsoluteRange

use of org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange in project graylog2-server by Graylog2.

the class SearchesTest method determineAffectedIndicesDoesNotIncludesDeflectorTargetIfMissing.

@Test
public void determineAffectedIndicesDoesNotIncludesDeflectorTargetIfMissing() throws Exception {
    final DateTime now = DateTime.now(DateTimeZone.UTC);
    final MongoIndexRange indexRange0 = MongoIndexRange.create("graylog_0", now, now.plusDays(1), now, 0);
    final MongoIndexRange indexRange1 = MongoIndexRange.create("graylog_1", now.plusDays(1), now.plusDays(2), now, 0);
    final SortedSet<IndexRange> indices = ImmutableSortedSet.orderedBy(IndexRange.COMPARATOR).add(indexRange0).add(indexRange1).build();
    when(indexRangeService.find(any(DateTime.class), any(DateTime.class))).thenReturn(indices);
    final TimeRange absoluteRange = AbsoluteRange.create(now.minusDays(1), now.plusDays(1));
    final TimeRange keywordRange = KeywordRange.create("1 day ago");
    final TimeRange relativeRange = RelativeRange.create(3600);
    assertThat(searches.determineAffectedIndices(absoluteRange, null)).containsOnly(indexRange0.indexName(), indexRange1.indexName());
    assertThat(searches.determineAffectedIndices(keywordRange, null)).containsOnly(indexRange0.indexName(), indexRange1.indexName());
    assertThat(searches.determineAffectedIndices(relativeRange, null)).containsOnly(indexRange0.indexName(), indexRange1.indexName());
}
Also used : MongoIndexRange(org.graylog2.indexer.ranges.MongoIndexRange) IndexRange(org.graylog2.indexer.ranges.IndexRange) TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) MongoIndexRange(org.graylog2.indexer.ranges.MongoIndexRange) ZonedDateTime(java.time.ZonedDateTime) DateTime(org.joda.time.DateTime) Test(org.junit.Test)

Example 10 with AbsoluteRange

use of org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange in project graylog2-server by Graylog2.

the class SearchesTest method testFieldHistogram.

@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.CLEAN_INSERT)
@SuppressWarnings("unchecked")
public void testFieldHistogram() throws Exception {
    final AbsoluteRange range = AbsoluteRange.create(new DateTime(2015, 1, 1, 0, 0, DateTimeZone.UTC).withZone(UTC), new DateTime(2015, 1, 2, 0, 0, DateTimeZone.UTC).withZone(UTC));
    HistogramResult h = searches.fieldHistogram("*", "n", Searches.DateHistogramInterval.HOUR, null, range, false);
    assertThat(h.getInterval()).isEqualTo(Searches.DateHistogramInterval.HOUR);
    assertThat(h.getHistogramBoundaries()).isEqualTo(range);
    assertThat(h.getResults()).hasSize(5);
    assertThat((Map<String, Number>) h.getResults().get(new DateTime(2015, 1, 1, 1, 0, UTC).getMillis() / 1000L)).containsEntry("total_count", 2L).containsEntry("total", 0.0);
    assertThat((Map<String, Number>) h.getResults().get(new DateTime(2015, 1, 1, 2, 0, UTC).getMillis() / 1000L)).containsEntry("total_count", 2L).containsEntry("total", 4.0).containsEntry("mean", 2.0);
}
Also used : HistogramResult(org.graylog2.indexer.results.HistogramResult) AbsoluteRange(org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange) Map(java.util.Map) ZonedDateTime(java.time.ZonedDateTime) DateTime(org.joda.time.DateTime) UsingDataSet(com.lordofthejars.nosqlunit.annotation.UsingDataSet) Test(org.junit.Test)

Aggregations

DateTime (org.joda.time.DateTime)11 ZonedDateTime (java.time.ZonedDateTime)10 Test (org.junit.Test)10 AbsoluteRange (org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange)7 IndexRange (org.graylog2.indexer.ranges.IndexRange)6 MongoIndexRange (org.graylog2.indexer.ranges.MongoIndexRange)6 HistogramResult (org.graylog2.indexer.results.HistogramResult)6 UsingDataSet (com.lordofthejars.nosqlunit.annotation.UsingDataSet)5 TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)5 Histogram (com.codahale.metrics.Histogram)2 Timer (com.codahale.metrics.Timer)2 Map (java.util.Map)2 ImmutableMap (com.google.common.collect.ImmutableMap)1 ArrayList (java.util.ArrayList)1 IndexSet (org.graylog2.indexer.IndexSet)1 InvalidRangeFormatException (org.graylog2.indexer.InvalidRangeFormatException)1 TestIndexSet (org.graylog2.indexer.TestIndexSet)1 CountResult (org.graylog2.indexer.results.CountResult)1 ResultMessage (org.graylog2.indexer.results.ResultMessage)1 SearchResult (org.graylog2.indexer.results.SearchResult)1