Example 1 with InvalidRangeParametersException
use of org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException in project graylog2-server by Graylog2.
the class TimeRangeFactory method create.
public TimeRange create(final Map<String, Object> timerangeConfig) throws InvalidRangeParametersException {
final String rangeType = Strings.isNullOrEmpty((String) timerangeConfig.get("type")) ? (String) timerangeConfig.get("range_type") : (String) timerangeConfig.get("type");
if (Strings.isNullOrEmpty(rangeType)) {
throw new InvalidRangeParametersException("range type not set");
}
switch(rangeType) {
case "relative":
return RelativeRange.create(Integer.parseInt(String.valueOf(timerangeConfig.get("range"))));
case "keyword":
return KeywordRange.create((String) timerangeConfig.get("keyword"));
case "absolute":
final String from = new DateTime(timerangeConfig.get("from"), DateTimeZone.UTC).toString();
final String to = new DateTime(timerangeConfig.get("to"), DateTimeZone.UTC).toString();
return AbsoluteRange.create(from, to);
default:
throw new InvalidRangeParametersException("range_type not recognized");
}
}
Also used :
InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)
DateTime(org.joda.time.DateTime)
Example 2 with InvalidRangeParametersException
use of org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException in project graylog2-server by Graylog2.
the class ESTimeHandlerTest method timeSpecIntervalIsCalculatedOnPivotTimerangeIfOverridden.
@Test
public void timeSpecIntervalIsCalculatedOnPivotTimerangeIfOverridden() throws InvalidRangeParametersException {
final ArgumentCaptor<TimeRange> timeRangeCaptor = ArgumentCaptor.forClass(TimeRange.class);
when(interval.toDateInterval(timeRangeCaptor.capture())).thenReturn(DateInterval.days(1));
when(pivot.timerange()).thenReturn(Optional.of(DerivedTimeRange.of(RelativeRange.create(4242))));
this.esTimeHandler.doCreateAggregation("foobar", pivot, time, esPivot, queryContext, query);
final TimeRange argumentTimeRange = timeRangeCaptor.getValue();
assertThat(argumentTimeRange).isEqualTo(RelativeRange.create(4242));
}
Also used :
DerivedTimeRange(org.graylog.plugins.views.search.timeranges.DerivedTimeRange)
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 3 with InvalidRangeParametersException
use of org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException in project graylog2-server by Graylog2.
the class ESTimeHandlerTest method timeSpecIntervalIsCalculatedOnQueryTimeRangeIfNoPivotTimeRange.
@Test
public void timeSpecIntervalIsCalculatedOnQueryTimeRangeIfNoPivotTimeRange() throws InvalidRangeParametersException {
final ArgumentCaptor<TimeRange> timeRangeCaptor = ArgumentCaptor.forClass(TimeRange.class);
when(interval.toDateInterval(timeRangeCaptor.capture())).thenReturn(DateInterval.days(1));
when(pivot.timerange()).thenReturn(Optional.empty());
when(query.timerange()).thenReturn(RelativeRange.create(2323));
this.esTimeHandler.doCreateAggregation("foobar", pivot, time, esPivot, queryContext, query);
final TimeRange argumentTimeRange = timeRangeCaptor.getValue();
assertThat(argumentTimeRange).isEqualTo(RelativeRange.create(2323));
}
Also used :
DerivedTimeRange(org.graylog.plugins.views.search.timeranges.DerivedTimeRange)
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
Test(org.junit.jupiter.api.Test)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
Example 4 with InvalidRangeParametersException
use of org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException in project graylog2-server by Graylog2.
the class ElasticsearchBackendSearchTypeOverridesTest method timerangeOverridesAffectIndicesSelection.
@Test
public void timerangeOverridesAffectIndicesSelection() throws IOException, InvalidRangeParametersException {
when(indexLookup.indexNamesForStreamsInTimeRange(ImmutableSet.of("stream1"), timeRangeForTest())).thenReturn(ImmutableSet.of("queryIndex"));
TimeRange tr = AbsoluteRange.create("2019-09-11T10:31:52.819Z", "2019-09-11T10:36:52.823Z");
when(indexLookup.indexNamesForStreamsInTimeRange(ImmutableSet.of("stream1"), tr)).thenReturn(ImmutableSet.of("searchTypeIndex"));
final ESGeneratedQueryContext queryContext = this.elasticsearchBackend.generate(searchJob, query, new SearchConfig(Period.ZERO));
when(jestClient.execute(any(), any())).thenReturn(resultFor(resourceFile("successfulMultiSearchResponse.json")));
final String generatedRequest = run(searchJob, query, queryContext, Collections.emptySet());
assertThat(generatedRequest).isEqualTo(resourceFile("timerangeOverridesAffectIndicesSelection.request.ndjson"));
}
Also used :
TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange)
DerivedTimeRange(org.graylog.plugins.views.search.timeranges.DerivedTimeRange)
SearchConfig(org.graylog.plugins.views.search.engine.SearchConfig)
ElasticsearchQueryString(org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)
Test(org.junit.Test)
Example 5 with InvalidRangeParametersException
use of org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException in project graylog2-server by Graylog2.
the class FieldValueAlertCondition method runCheck.
@Override
public CheckResult runCheck() {
try {
final String filter = buildQueryFilter(stream.getId(), query);
// TODO we don't support cardinality yet
final FieldStatsResult fieldStatsResult = searches.fieldStats(field, "*", filter, RelativeRange.create(time * 60), false, true, false);
if (fieldStatsResult.count() == 0) {
LOG.debug("Alert check <{}> did not match any messages. Returning not triggered.", type);
return new NegativeCheckResult();
}
final double result;
switch(type) {
case MEAN:
result = fieldStatsResult.mean();
break;
case MIN:
result = fieldStatsResult.min();
break;
case MAX:
result = fieldStatsResult.max();
break;
case SUM:
result = fieldStatsResult.sum();
break;
case STDDEV:
result = fieldStatsResult.stdDeviation();
break;
default:
LOG.error("No such field value check type: [{}]. Returning not triggered.", type);
return new NegativeCheckResult();
}
LOG.debug("Alert check <{}> result: [{}]", id, result);
if (Double.isInfinite(result)) {
// This happens when there are no ES results/docs.
LOG.debug("Infinite value. Returning not triggered.");
return new NegativeCheckResult();
}
final boolean triggered;
switch(thresholdType) {
case HIGHER:
triggered = result > threshold.doubleValue();
break;
case LOWER:
triggered = result < threshold.doubleValue();
break;
default:
triggered = false;
}
if (triggered) {
final String resultDescription = "Field " + field + " had a " + type + " of " + decimalFormat.format(result) + " in the last " + time + " minutes with trigger condition " + thresholdType + " than " + decimalFormat.format(threshold) + ". " + "(Current grace time: " + grace + " minutes)";
final List<MessageSummary> summaries;
if (getBacklog() > 0) {
final List<ResultMessage> searchResult = fieldStatsResult.searchHits();
summaries = Lists.newArrayListWithCapacity(searchResult.size());
for (ResultMessage resultMessage : searchResult) {
final Message msg = resultMessage.getMessage();
summaries.add(new MessageSummary(resultMessage.getIndex(), msg));
}
} else {
summaries = Collections.emptyList();
}
return new CheckResult(true, this, resultDescription, Tools.nowUTC(), summaries);
} else {
return new NegativeCheckResult();
}
} catch (InvalidRangeParametersException e) {
// cannot happen lol
LOG.error("Invalid timerange.", e);
return null;
} catch (FieldTypeException e) {
LOG.debug("Field [{}] seems not to have a numerical type or doesn't even exist at all. Returning not triggered.", field, e);
return new NegativeCheckResult();
}
}
Also used :
InvalidRangeParametersException(org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
Message(org.graylog2.plugin.Message)
ResultMessage(org.graylog2.indexer.results.ResultMessage)
FieldStatsResult(org.graylog2.indexer.results.FieldStatsResult)
FieldTypeException(org.graylog2.indexer.FieldTypeException)
MessageSummary(org.graylog2.plugin.MessageSummary)
Aggregations
TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)13
DerivedTimeRange (org.graylog.plugins.views.search.timeranges.DerivedTimeRange)10
Test (org.junit.Test)9
InvalidRangeParametersException (org.graylog2.plugin.indexer.searches.timeranges.InvalidRangeParametersException)8
BasicDBObject (com.mongodb.BasicDBObject)3
DashboardWidget (org.graylog2.dashboards.widgets.DashboardWidget)3
InvalidWidgetConfigurationException (org.graylog2.dashboards.widgets.InvalidWidgetConfigurationException)3
ResultMessage (org.graylog2.indexer.results.ResultMessage)3
Message (org.graylog2.plugin.Message)3
MessageSummary (org.graylog2.plugin.MessageSummary)3
Timed (com.codahale.metrics.annotation.Timed)2
ApiOperation (io.swagger.annotations.ApiOperation)2
ApiResponses (io.swagger.annotations.ApiResponses)2
HashMap (java.util.HashMap)2
List (java.util.List)2
Map (java.util.Map)2
BadRequestException (javax.ws.rs.BadRequestException)2
Produces (javax.ws.rs.Produces)2
ElasticsearchQueryString (org.graylog.plugins.views.search.elasticsearch.ElasticsearchQueryString)2
SearchConfig (org.graylog.plugins.views.search.engine.SearchConfig)2
