use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.
the class Searches method determineAffectedIndicesWithRanges.
public Set<IndexRange> determineAffectedIndicesWithRanges(TimeRange range, @Nullable String filter) {
final Optional<String> streamId = extractStreamId(filter);
IndexSet indexSet = null;
// a stream has changed: a stream only knows about its currently configured index set, no the history
if (streamId.isPresent()) {
try {
final Stream stream = streamService.load(streamId.get());
indexSet = stream.getIndexSet();
} catch (NotFoundException ignored) {
}
}
final ImmutableSortedSet.Builder<IndexRange> indices = ImmutableSortedSet.orderedBy(IndexRange.COMPARATOR);
final SortedSet<IndexRange> indexRanges = indexRangeService.find(range.getFrom(), range.getTo());
for (IndexRange indexRange : indexRanges) {
// if we aren't in a stream search, we look at all the ranges matching the time range.
if (indexSet == null && filter == null) {
indices.add(indexRange);
continue;
}
// A range applies to this search if either: the current index set of the stream matches or a previous index set matched.
final boolean streamInIndexRange = streamId.isPresent() && indexRange.streamIds() != null && indexRange.streamIds().contains(streamId.get());
final boolean streamInCurrentIndexSet = indexSet != null && indexSet.isManagedIndex(indexRange.indexName());
if (streamInIndexRange) {
indices.add(indexRange);
}
if (streamInCurrentIndexSet) {
indices.add(indexRange);
}
}
return indices.build();
}
use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.
the class Searches method fieldStats.
public FieldStatsResult fieldStats(String field, String query, String filter, TimeRange range, boolean includeCardinality, boolean includeStats, boolean includeCount) throws FieldTypeException {
SearchRequestBuilder srb;
final Set<String> indices = indicesContainingField(determineAffectedIndices(range, filter), field);
if (filter == null) {
srb = standardSearchRequest(query, indices, range);
} else {
srb = filteredSearchRequest(query, filter, indices, range);
}
FilterAggregationBuilder builder = AggregationBuilders.filter(AGG_FILTER).filter(standardAggregationFilters(range, filter));
if (includeCount) {
builder.subAggregation(AggregationBuilders.count(AGG_VALUE_COUNT).field(field));
}
if (includeStats) {
builder.subAggregation(AggregationBuilders.extendedStats(AGG_EXTENDED_STATS).field(field));
}
if (includeCardinality) {
builder.subAggregation(AggregationBuilders.cardinality(AGG_CARDINALITY).field(field));
}
srb.addAggregation(builder);
SearchResponse r;
final SearchRequest request;
try {
request = srb.request();
r = c.search(request).actionGet();
} catch (org.elasticsearch.action.search.SearchPhaseExecutionException e) {
throw new FieldTypeException(e);
}
checkForFailedShards(r);
recordEsMetrics(r, range);
final Filter f = r.getAggregations().get(AGG_FILTER);
return new FieldStatsResult(f.getAggregations().get(AGG_VALUE_COUNT), f.getAggregations().get(AGG_EXTENDED_STATS), f.getAggregations().get(AGG_CARDINALITY), r.getHits(), query, request.source(), r.getTook());
}
use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.
the class Searches method scroll.
public ScrollResult scroll(String query, TimeRange range, int limit, int offset, List<String> fields, String filter) {
final Set<String> indices = determineAffectedIndices(range, filter);
// only request the fields we asked for otherwise we can't figure out which fields will be in the result set
// until we've scrolled through the entire set.
// TODO: Check if we can get away without loading the _source field.
// http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-request-fields.html#search-request-fields
// "For backwards compatibility, if the fields parameter specifies fields which are not stored , it will
// load the _source and extract it from it. This functionality has been replaced by the source filtering
// parameter." -- So we should look at the source filtering parameter once we switched to ES 1.x.
final SearchRequest request = standardSearchRequest(query, indices, limit, offset, range, filter, null, false).setScroll(new TimeValue(1, TimeUnit.MINUTES)).setSize(// TODO magic numbers
500).addSort(SortBuilders.fieldSort(SortParseElement.DOC_FIELD_NAME)).addFields(fields.toArray(new String[fields.size()])).addField(// always request the _source field because otherwise we can't access non-stored values
"_source").request();
if (LOG.isDebugEnabled()) {
try {
LOG.debug("ElasticSearch scroll query: {}", XContentHelper.convertToJson(request.source(), false));
} catch (IOException ignored) {
}
}
final SearchResponse r = c.search(request).actionGet();
recordEsMetrics(r, range);
return new ScrollResult(c, query, request.source(), r, fields);
}
use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.
the class SearchResultCountWidgetStrategy method computeInternal.
protected ComputationResult computeInternal(String filter) {
final TimeRange timeRange = this.timeRange;
CountResult cr = searches.count(query, timeRange, filter);
if (trend && timeRange instanceof RelativeRange) {
DateTime toPrevious = timeRange.getFrom();
DateTime fromPrevious = toPrevious.minus(Seconds.seconds(((RelativeRange) timeRange).getRange()));
TimeRange previousTimeRange = AbsoluteRange.create(fromPrevious, toPrevious);
CountResult previousCr = searches.count(query, previousTimeRange);
Map<String, Object> results = Maps.newHashMap();
results.put("now", cr.count());
results.put("previous", previousCr.count());
long tookMs = cr.tookMs() + previousCr.tookMs();
return new ComputationResult(results, tookMs);
} else {
return new ComputationResult(cr.count(), cr.tookMs());
}
}
use of org.graylog2.plugin.indexer.searches.timeranges.TimeRange in project graylog2-server by Graylog2.
the class StatisticalCountWidgetStrategy method compute.
@Override
public ComputationResult compute() {
try {
final String filter;
if (!isNullOrEmpty(streamId)) {
filter = "streams:" + streamId;
} else {
filter = null;
}
final TimeRange timeRange = this.timeRange;
boolean needsCardinality = statsFunction.equals(StatisticalFunction.CARDINALITY);
boolean needsCount = statsFunction.equals(StatisticalFunction.COUNT);
final FieldStatsResult fieldStatsResult = getSearches().fieldStats(field, query, filter, timeRange, needsCardinality, !(needsCount || needsCardinality), needsCount);
if (trend && timeRange instanceof RelativeRange) {
DateTime toPrevious = timeRange.getFrom();
DateTime fromPrevious = toPrevious.minus(Seconds.seconds(((RelativeRange) timeRange).getRange()));
TimeRange previousTimeRange = AbsoluteRange.create(fromPrevious, toPrevious);
final FieldStatsResult previousFieldStatsResult = getSearches().fieldStats(field, query, filter, previousTimeRange, needsCardinality, !(needsCount || needsCardinality), needsCount);
Map<String, Object> results = Maps.newHashMap();
results.put("now", getStatisticalValue(fieldStatsResult));
results.put("previous", getStatisticalValue(previousFieldStatsResult));
long tookMs = fieldStatsResult.took().millis() + previousFieldStatsResult.took().millis();
return new ComputationResult(results, tookMs);
} else {
return new ComputationResult(getStatisticalValue(fieldStatsResult), fieldStatsResult.took().millis());
}
} catch (Searches.FieldTypeException e) {
log.warn("Invalid field provided, returning 'NaN'", e);
return new ComputationResult(Double.NaN, 0);
}
}
Aggregations