use of org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange in project graylog2-server by Graylog2.
the class SearchesTest method determineAffectedIndicesWithRangesIncludesDeflectorTarget.
@Test
public void determineAffectedIndicesWithRangesIncludesDeflectorTarget() throws Exception {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final MongoIndexRange indexRange0 = MongoIndexRange.create("graylog_0", now, now.plusDays(1), now, 0);
final MongoIndexRange indexRange1 = MongoIndexRange.create("graylog_1", now.plusDays(1), now.plusDays(2), now, 0);
final MongoIndexRange indexRangeLatest = MongoIndexRange.create("graylog_2", new DateTime(0L, DateTimeZone.UTC), new DateTime(0L, DateTimeZone.UTC), now, 0);
final SortedSet<IndexRange> indices = ImmutableSortedSet.orderedBy(IndexRange.COMPARATOR).add(indexRange0).add(indexRange1).add(indexRangeLatest).build();
when(indexRangeService.find(any(DateTime.class), any(DateTime.class))).thenReturn(indices);
final TimeRange absoluteRange = AbsoluteRange.create(now.minusDays(1), now.plusDays(1));
final TimeRange keywordRange = KeywordRange.create("1 day ago");
final TimeRange relativeRange = RelativeRange.create(3600);
assertThat(searches.determineAffectedIndicesWithRanges(absoluteRange, null)).containsExactly(indexRangeLatest, indexRange0, indexRange1);
assertThat(searches.determineAffectedIndicesWithRanges(keywordRange, null)).containsExactly(indexRangeLatest, indexRange0, indexRange1);
assertThat(searches.determineAffectedIndicesWithRanges(relativeRange, null)).containsExactly(indexRangeLatest, indexRange0, indexRange1);
}
use of org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange in project graylog2-server by Graylog2.
the class StackedChartWidgetStrategy method compute.
@Override
public ComputationResult compute() {
String filter = null;
if (!isNullOrEmpty(streamId)) {
filter = "streams:" + streamId;
}
final List<Map> results = new ArrayList<>(chartSeries.size());
DateTime from = null;
DateTime to = null;
long tookMs = 0;
for (Series series : chartSeries) {
try {
final HistogramResult histogramResult = searches.fieldHistogram(series.query, series.field, Searches.DateHistogramInterval.valueOf(interval.toString().toUpperCase(Locale.ENGLISH)), filter, this.timeRange, "cardinality".equalsIgnoreCase(series.statisticalFunction));
if (from == null) {
from = histogramResult.getHistogramBoundaries().getFrom();
}
to = histogramResult.getHistogramBoundaries().getTo();
results.add(histogramResult.getResults());
tookMs += histogramResult.took().millis();
} catch (Searches.FieldTypeException e) {
String msg = "Could not calculate [" + this.getClass().getCanonicalName() + "] widget <" + widgetId + ">. Not a numeric field? The field was [" + series.field + "]";
LOG.error(msg, e);
throw new RuntimeException(msg, e);
}
}
final AbsoluteRange computationTimeRange = AbsoluteRange.create(from, to);
return new ComputationResult(results, tookMs, computationTimeRange);
}
use of org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange in project graylog2-server by Graylog2.
the class MessageCountAlertCondition method runCheck.
@Override
public CheckResult runCheck() {
try {
// Create an absolute range from the relative range to make sure it doesn't change during the two
// search requests. (count and find messages)
// This is needed because the RelativeRange computes the range from NOW on every invocation of getFrom() and
// getTo().
// See: https://github.com/Graylog2/graylog2-server/issues/2382
final RelativeRange relativeRange = RelativeRange.create(time * 60);
final AbsoluteRange range = AbsoluteRange.create(relativeRange.getFrom(), relativeRange.getTo());
final String filter = "streams:" + stream.getId();
final CountResult result = searches.count("*", range, filter);
final long count = result.count();
LOG.debug("Alert check <{}> result: [{}]", id, count);
final boolean triggered;
switch(thresholdType) {
case MORE:
triggered = count > threshold;
break;
case LESS:
triggered = count < threshold;
break;
default:
triggered = false;
}
if (triggered) {
final List<MessageSummary> summaries = Lists.newArrayList();
if (getBacklog() > 0) {
final SearchResult backlogResult = searches.search("*", filter, range, getBacklog(), 0, new Sorting("timestamp", Sorting.Direction.DESC));
for (ResultMessage resultMessage : backlogResult.getResults()) {
final Message msg = resultMessage.getMessage();
summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
}
}
final String resultDescription = "Stream had " + count + " messages in the last " + time + " minutes with trigger condition " + thresholdType.toString().toLowerCase(Locale.ENGLISH) + " than " + threshold + " messages. " + "(Current grace time: " + grace + " minutes)";
return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
} else {
return new NegativeCheckResult();
}
} catch (InvalidRangeParametersException e) {
// cannot happen lol
LOG.error("Invalid timerange.", e);
return null;
} catch (InvalidRangeFormatException e) {
// lol same here
LOG.error("Invalid timerange format.", e);
return null;
}
}
use of org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange in project graylog2-server by Graylog2.
the class SearchesTest method determineAffectedIndicesDoesNotIncludesDeflectorTargetIfMissing.
@Test
public void determineAffectedIndicesDoesNotIncludesDeflectorTargetIfMissing() throws Exception {
final DateTime now = DateTime.now(DateTimeZone.UTC);
final MongoIndexRange indexRange0 = MongoIndexRange.create("graylog_0", now, now.plusDays(1), now, 0);
final MongoIndexRange indexRange1 = MongoIndexRange.create("graylog_1", now.plusDays(1), now.plusDays(2), now, 0);
final SortedSet<IndexRange> indices = ImmutableSortedSet.orderedBy(IndexRange.COMPARATOR).add(indexRange0).add(indexRange1).build();
when(indexRangeService.find(any(DateTime.class), any(DateTime.class))).thenReturn(indices);
final TimeRange absoluteRange = AbsoluteRange.create(now.minusDays(1), now.plusDays(1));
final TimeRange keywordRange = KeywordRange.create("1 day ago");
final TimeRange relativeRange = RelativeRange.create(3600);
assertThat(searches.determineAffectedIndices(absoluteRange, null)).containsOnly(indexRange0.indexName(), indexRange1.indexName());
assertThat(searches.determineAffectedIndices(keywordRange, null)).containsOnly(indexRange0.indexName(), indexRange1.indexName());
assertThat(searches.determineAffectedIndices(relativeRange, null)).containsOnly(indexRange0.indexName(), indexRange1.indexName());
}
use of org.graylog2.plugin.indexer.searches.timeranges.AbsoluteRange in project graylog2-server by Graylog2.
the class SearchesTest method testFieldHistogram.
@Test
@UsingDataSet(loadStrategy = LoadStrategyEnum.CLEAN_INSERT)
@SuppressWarnings("unchecked")
public void testFieldHistogram() throws Exception {
final AbsoluteRange range = AbsoluteRange.create(new DateTime(2015, 1, 1, 0, 0, DateTimeZone.UTC).withZone(UTC), new DateTime(2015, 1, 2, 0, 0, DateTimeZone.UTC).withZone(UTC));
HistogramResult h = searches.fieldHistogram("*", "n", Searches.DateHistogramInterval.HOUR, null, range, false);
assertThat(h.getInterval()).isEqualTo(Searches.DateHistogramInterval.HOUR);
assertThat(h.getHistogramBoundaries()).isEqualTo(range);
assertThat(h.getResults()).hasSize(5);
assertThat((Map<String, Number>) h.getResults().get(new DateTime(2015, 1, 1, 1, 0, UTC).getMillis() / 1000L)).containsEntry("total_count", 2L).containsEntry("total", 0.0);
assertThat((Map<String, Number>) h.getResults().get(new DateTime(2015, 1, 1, 2, 0, UTC).getMillis() / 1000L)).containsEntry("total_count", 2L).containsEntry("total", 4.0).containsEntry("mean", 2.0);
}
Aggregations