Examples with SearchResponse org.graylog2.rest.resources.search.responses.SearchResponse used on opensource projects

Search in sources :

Example 1 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class KeywordSearchResource method searchKeyword.

@GET
@Timed
@ApiOperation(value = "Message search with keyword as timerange.", notes = "Search for messages in a timerange defined by a keyword like \"yesterday\" or \"2 weeks ago to wednesday\".")
@Produces(MediaType.APPLICATION_JSON)
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid keyword provided.") })
public SearchResponse searchKeyword(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "keyword", value = "Range keyword", required = true) @QueryParam("keyword") @NotEmpty String keyword, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = false) @QueryParam("fields") String fields, @ApiParam(name = "sort", value = "Sorting (field:asc / field:desc)", required = false) @QueryParam("sort") String sort, @ApiParam(name = "decorate", value = "Run decorators on search result", required = false) @QueryParam("decorate") @DefaultValue("true") boolean decorate) {
    checkSearchPermission(filter, RestPermissions.SEARCHES_KEYWORD);
    final List<String> fieldList = parseOptionalFields(fields);
    final Sorting sorting = buildSorting(sort);
    final TimeRange timeRange = buildKeywordTimeRange(keyword);
    final SearchesConfig searchesConfig = SearchesConfig.builder().query(query).filter(filter).fields(fieldList).range(timeRange).limit(limit).offset(offset).sorting(sorting).build();
    final Optional<String> streamId = Searches.extractStreamId(filter);
    try {
        return buildSearchResponse(searches.search(searchesConfig), timeRange, decorate, streamId);
    } catch (SearchPhaseExecutionException e) {
        throw createRequestExceptionForParseFailure(query, e);
    }
}
Also used : TimeRange(org.graylog2.plugin.indexer.searches.timeranges.TimeRange) SearchesConfig(org.graylog2.indexer.searches.SearchesConfig) SearchPhaseExecutionException(org.elasticsearch.action.search.SearchPhaseExecutionException) Sorting(org.graylog2.indexer.searches.Sorting) Produces(javax.ws.rs.Produces) Timed(com.codahale.metrics.annotation.Timed) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 2 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class Searches method fieldHistogram.

public HistogramResult fieldHistogram(String query, String field, DateHistogramInterval interval, String filter, TimeRange range, boolean includeCardinality) throws FieldTypeException {
    final DateHistogramBuilder dateHistogramBuilder = AggregationBuilders.dateHistogram(AGG_HISTOGRAM).field("timestamp").subAggregation(AggregationBuilders.stats(AGG_STATS).field(field)).interval(interval.toESInterval());
    if (includeCardinality) {
        dateHistogramBuilder.subAggregation(AggregationBuilders.cardinality(AGG_CARDINALITY).field(field));
    }
    FilterAggregationBuilder builder = AggregationBuilders.filter(AGG_FILTER).subAggregation(dateHistogramBuilder).filter(standardAggregationFilters(range, filter));
    QueryStringQueryBuilder qs = queryStringQuery(query);
    qs.allowLeadingWildcard(configuration.isAllowLeadingWildcardSearches());
    SearchRequestBuilder srb = c.prepareSearch();
    final Set<String> affectedIndices = determineAffectedIndices(range, filter);
    srb.setIndices(affectedIndices.toArray(new String[affectedIndices.size()]));
    srb.setQuery(qs);
    srb.addAggregation(builder);
    SearchResponse r;
    final SearchRequest request = srb.request();
    try {
        r = c.search(request).actionGet();
    } catch (org.elasticsearch.action.search.SearchPhaseExecutionException e) {
        throw new FieldTypeException(e);
    }
    checkForFailedShards(r);
    recordEsMetrics(r, range);
    final Filter f = r.getAggregations().get(AGG_FILTER);
    return new FieldHistogramResult(f.getAggregations().get(AGG_HISTOGRAM), query, request.source(), interval, r.getTook());
}
Also used : SearchRequest(org.elasticsearch.action.search.SearchRequest) FilterAggregationBuilder(org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder) SearchRequestBuilder(org.elasticsearch.action.search.SearchRequestBuilder) SearchResponse(org.elasticsearch.action.search.SearchResponse) Filter(org.elasticsearch.search.aggregations.bucket.filter.Filter) QueryStringQueryBuilder(org.elasticsearch.index.query.QueryStringQueryBuilder) FieldHistogramResult(org.graylog2.indexer.results.FieldHistogramResult) DateHistogramBuilder(org.elasticsearch.search.aggregations.bucket.histogram.DateHistogramBuilder)

Example 3 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class Searches method termsStats.

public TermsStatsResult termsStats(String keyField, String valueField, TermsStatsOrder order, int size, String query, String filter, TimeRange range) {
    if (size == 0) {
        size = 50;
    }
    SearchRequestBuilder srb;
    if (filter == null) {
        srb = standardSearchRequest(query, determineAffectedIndices(range, filter), range);
    } else {
        srb = filteredSearchRequest(query, filter, determineAffectedIndices(range, filter), range);
    }
    Terms.Order termsOrder;
    switch(order) {
        case COUNT:
            termsOrder = Terms.Order.count(true);
            break;
        case REVERSE_COUNT:
            termsOrder = Terms.Order.count(false);
            break;
        case TERM:
            termsOrder = Terms.Order.term(true);
            break;
        case REVERSE_TERM:
            termsOrder = Terms.Order.term(false);
            break;
        case MIN:
            termsOrder = Terms.Order.aggregation(AGG_STATS, "min", true);
            break;
        case REVERSE_MIN:
            termsOrder = Terms.Order.aggregation(AGG_STATS, "min", false);
            break;
        case MAX:
            termsOrder = Terms.Order.aggregation(AGG_STATS, "max", true);
            break;
        case REVERSE_MAX:
            termsOrder = Terms.Order.aggregation(AGG_STATS, "max", false);
            break;
        case MEAN:
            termsOrder = Terms.Order.aggregation(AGG_STATS, "avg", true);
            break;
        case REVERSE_MEAN:
            termsOrder = Terms.Order.aggregation(AGG_STATS, "avg", false);
            break;
        case TOTAL:
            termsOrder = Terms.Order.aggregation(AGG_STATS, "sum", true);
            break;
        case REVERSE_TOTAL:
            termsOrder = Terms.Order.aggregation(AGG_STATS, "sum", false);
            break;
        default:
            termsOrder = Terms.Order.count(true);
    }
    FilterAggregationBuilder builder = AggregationBuilders.filter(AGG_FILTER).subAggregation(AggregationBuilders.terms(AGG_TERMS_STATS).field(keyField).subAggregation(AggregationBuilders.stats(AGG_STATS).field(valueField)).order(termsOrder).size(size)).filter(standardAggregationFilters(range, filter));
    srb.addAggregation(builder);
    final SearchRequest request = srb.request();
    SearchResponse r = c.search(request).actionGet();
    recordEsMetrics(r, range);
    final Filter f = r.getAggregations().get(AGG_FILTER);
    return new TermsStatsResult(f.getAggregations().get(AGG_TERMS_STATS), query, request.source(), r.getTook());
}
Also used : SearchRequest(org.elasticsearch.action.search.SearchRequest) FilterAggregationBuilder(org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder) SearchRequestBuilder(org.elasticsearch.action.search.SearchRequestBuilder) Filter(org.elasticsearch.search.aggregations.bucket.filter.Filter) Terms(org.elasticsearch.search.aggregations.bucket.terms.Terms) TermsStatsResult(org.graylog2.indexer.results.TermsStatsResult) SearchResponse(org.elasticsearch.action.search.SearchResponse)

Example 4 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class Searches method fieldStats.

public FieldStatsResult fieldStats(String field, String query, String filter, TimeRange range, boolean includeCardinality, boolean includeStats, boolean includeCount) throws FieldTypeException {
    SearchRequestBuilder srb;
    final Set<String> indices = indicesContainingField(determineAffectedIndices(range, filter), field);
    if (filter == null) {
        srb = standardSearchRequest(query, indices, range);
    } else {
        srb = filteredSearchRequest(query, filter, indices, range);
    }
    FilterAggregationBuilder builder = AggregationBuilders.filter(AGG_FILTER).filter(standardAggregationFilters(range, filter));
    if (includeCount) {
        builder.subAggregation(AggregationBuilders.count(AGG_VALUE_COUNT).field(field));
    }
    if (includeStats) {
        builder.subAggregation(AggregationBuilders.extendedStats(AGG_EXTENDED_STATS).field(field));
    }
    if (includeCardinality) {
        builder.subAggregation(AggregationBuilders.cardinality(AGG_CARDINALITY).field(field));
    }
    srb.addAggregation(builder);
    SearchResponse r;
    final SearchRequest request;
    try {
        request = srb.request();
        r = c.search(request).actionGet();
    } catch (org.elasticsearch.action.search.SearchPhaseExecutionException e) {
        throw new FieldTypeException(e);
    }
    checkForFailedShards(r);
    recordEsMetrics(r, range);
    final Filter f = r.getAggregations().get(AGG_FILTER);
    return new FieldStatsResult(f.getAggregations().get(AGG_VALUE_COUNT), f.getAggregations().get(AGG_EXTENDED_STATS), f.getAggregations().get(AGG_CARDINALITY), r.getHits(), query, request.source(), r.getTook());
}
Also used : SearchRequest(org.elasticsearch.action.search.SearchRequest) FieldStatsResult(org.graylog2.indexer.results.FieldStatsResult) FilterAggregationBuilder(org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder) SearchRequestBuilder(org.elasticsearch.action.search.SearchRequestBuilder) Filter(org.elasticsearch.search.aggregations.bucket.filter.Filter) SearchResponse(org.elasticsearch.action.search.SearchResponse)

Example 5 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class Searches method scroll.

public ScrollResult scroll(String query, TimeRange range, int limit, int offset, List<String> fields, String filter) {
    final Set<String> indices = determineAffectedIndices(range, filter);
    // only request the fields we asked for otherwise we can't figure out which fields will be in the result set
    // until we've scrolled through the entire set.
    // TODO: Check if we can get away without loading the _source field.
    // http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/search-request-fields.html#search-request-fields
    // "For backwards compatibility, if the fields parameter specifies fields which are not stored , it will
    // load the _source and extract it from it. This functionality has been replaced by the source filtering
    // parameter." -- So we should look at the source filtering parameter once we switched to ES 1.x.
    final SearchRequest request = standardSearchRequest(query, indices, limit, offset, range, filter, null, false).setScroll(new TimeValue(1, TimeUnit.MINUTES)).setSize(// TODO magic numbers
    500).addSort(SortBuilders.fieldSort(SortParseElement.DOC_FIELD_NAME)).addFields(fields.toArray(new String[fields.size()])).addField(// always request the _source field because otherwise we can't access non-stored values
    "_source").request();
    if (LOG.isDebugEnabled()) {
        try {
            LOG.debug("ElasticSearch scroll query: {}", XContentHelper.convertToJson(request.source(), false));
        } catch (IOException ignored) {
        }
    }
    final SearchResponse r = c.search(request).actionGet();
    recordEsMetrics(r, range);
    return new ScrollResult(c, query, request.source(), r, fields);
}
Also used : SearchRequest(org.elasticsearch.action.search.SearchRequest) ScrollResult(org.graylog2.indexer.results.ScrollResult) IOException(java.io.IOException) TimeValue(org.elasticsearch.common.unit.TimeValue) SearchResponse(org.elasticsearch.action.search.SearchResponse)

Aggregations

SearchRequest (org.elasticsearch.action.search.SearchRequest)7 SearchResponse (org.elasticsearch.action.search.SearchResponse)7 SearchRequestBuilder (org.elasticsearch.action.search.SearchRequestBuilder)5 Filter (org.elasticsearch.search.aggregations.bucket.filter.Filter)5 FilterAggregationBuilder (org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)5 ResultMessageSummary (org.graylog2.rest.models.messages.responses.ResultMessageSummary)4 SearchResponse (org.graylog2.rest.resources.search.responses.SearchResponse)4 Timed (com.codahale.metrics.annotation.Timed)3 ApiOperation (io.swagger.annotations.ApiOperation)3 ApiResponses (io.swagger.annotations.ApiResponses)3 GET (javax.ws.rs.GET)3 Produces (javax.ws.rs.Produces)3 SearchPhaseExecutionException (org.elasticsearch.action.search.SearchPhaseExecutionException)3 SearchesConfig (org.graylog2.indexer.searches.SearchesConfig)3 Sorting (org.graylog2.indexer.searches.Sorting)3 TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)3 Test (org.junit.Test)3 QueryStringQueryBuilder (org.elasticsearch.index.query.QueryStringQueryBuilder)2 Terms (org.elasticsearch.search.aggregations.bucket.terms.Terms)2 IndexRangeSummary (org.graylog2.rest.models.system.indexer.responses.IndexRangeSummary)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial