Examples with SearchResponse org.graylog2.rest.resources.search.responses.SearchResponse used on opensource projects

Search in sources :

Example 6 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class SyslogSeverityMapperDecoratorTest method testDecorator.

@Test
public void testDecorator() throws Exception {
    final DecoratorImpl decorator = DecoratorImpl.create("id", SyslogSeverityMapperDecorator.class.getCanonicalName(), ImmutableMap.of("source_field", "level", "target_field", "severity"), Optional.empty(), 1);
    final SyslogSeverityMapperDecorator mapperDecorator = new SyslogSeverityMapperDecorator(decorator);
    final IndexRangeSummary indexRangeSummary = IndexRangeSummary.create("graylog_0", Tools.nowUTC().minusDays(1), Tools.nowUTC(), null, 100);
    final List<ResultMessageSummary> messages = ImmutableList.of(ResultMessageSummary.create(ImmutableMultimap.of(), ImmutableMap.of("_id", "h", "level", "80"), "graylog_0"), ResultMessageSummary.create(ImmutableMultimap.of(), ImmutableMap.of("_id", "a", "level", "0"), "graylog_0"), ResultMessageSummary.create(ImmutableMultimap.of(), ImmutableMap.of("_id", "b", "level", "1"), "graylog_0"), ResultMessageSummary.create(ImmutableMultimap.of(), ImmutableMap.of("_id", "c", "level", "2"), "graylog_0"), ResultMessageSummary.create(ImmutableMultimap.of(), ImmutableMap.of("_id", "d", "level", "3"), "graylog_0"), ResultMessageSummary.create(ImmutableMultimap.of(), ImmutableMap.of("_id", "e", "level", "4"), "graylog_0"), ResultMessageSummary.create(ImmutableMultimap.of(), ImmutableMap.of("_id", "f", "level", "5"), "graylog_0"), ResultMessageSummary.create(ImmutableMultimap.of(), ImmutableMap.of("_id", "g", "level", "6"), "graylog_0"), ResultMessageSummary.create(ImmutableMultimap.of(), ImmutableMap.of("_id", "h", "level", "7"), "graylog_0"), ResultMessageSummary.create(ImmutableMultimap.of(), ImmutableMap.of("_id", "i", "foo", "1"), "graylog_0"));
    final SearchResponse searchResponse = SearchResponse.builder().query("foo").builtQuery("foo").usedIndices(ImmutableSet.of(indexRangeSummary)).messages(messages).fields(ImmutableSet.of("level")).time(100L).totalResults(messages.size()).from(Tools.nowUTC().minusHours(1)).to(Tools.nowUTC()).build();
    final SearchResponse response = mapperDecorator.apply(searchResponse);
    // Returns the value if the value cannot be mapped to a Syslog severity
    Assertions.assertThat(response.messages().get(0).message().get("level")).isEqualTo("80");
    Assertions.assertThat(response.messages().get(0).message().get("severity")).isNull();
    // Check that the mapping works correctly
    Assertions.assertThat(response.messages().get(1).message().get("level")).isEqualTo("0");
    Assertions.assertThat(response.messages().get(1).message().get("severity")).isEqualTo("Emergency (0)");
    Assertions.assertThat(response.messages().get(2).message().get("level")).isEqualTo("1");
    Assertions.assertThat(response.messages().get(2).message().get("severity")).isEqualTo("Alert (1)");
    Assertions.assertThat(response.messages().get(3).message().get("level")).isEqualTo("2");
    Assertions.assertThat(response.messages().get(3).message().get("severity")).isEqualTo("Critical (2)");
    Assertions.assertThat(response.messages().get(4).message().get("level")).isEqualTo("3");
    Assertions.assertThat(response.messages().get(4).message().get("severity")).isEqualTo("Error (3)");
    Assertions.assertThat(response.messages().get(5).message().get("level")).isEqualTo("4");
    Assertions.assertThat(response.messages().get(5).message().get("severity")).isEqualTo("Warning (4)");
    Assertions.assertThat(response.messages().get(6).message().get("level")).isEqualTo("5");
    Assertions.assertThat(response.messages().get(6).message().get("severity")).isEqualTo("Notice (5)");
    Assertions.assertThat(response.messages().get(7).message().get("level")).isEqualTo("6");
    Assertions.assertThat(response.messages().get(7).message().get("severity")).isEqualTo("Informational (6)");
    Assertions.assertThat(response.messages().get(8).message().get("level")).isEqualTo("7");
    Assertions.assertThat(response.messages().get(8).message().get("severity")).isEqualTo("Debug (7)");
    // If the message does not have a source field, we do not touch it
    Assertions.assertThat(response.messages().get(9).message().get("level")).isNull();
    Assertions.assertThat(response.messages().get(9).message().get("severity")).isNull();
    Assertions.assertThat(response.messages().get(9).message().get("foo")).isEqualTo("1");
}
Also used : IndexRangeSummary(org.graylog2.rest.models.system.indexer.responses.IndexRangeSummary) ResultMessageSummary(org.graylog2.rest.models.messages.responses.ResultMessageSummary) SearchResponse(org.graylog2.rest.resources.search.responses.SearchResponse) Test(org.junit.Test)

Example 7 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class FormatStringDecoratorTest method testFormat.

@Test
public void testFormat() {
    final DecoratorImpl decorator = getDecoratorConfig("${field_a}: ${field_b}", "message", true);
    final FormatStringDecorator formatStringDecorator = new FormatStringDecorator(decorator, templateEngine);
    final SearchResponse searchResponse = getSearchResponse();
    final SearchResponse response = formatStringDecorator.apply(searchResponse);
    assertThat(response.messages().size()).isEqualTo(4);
    assertThat(response.messages().get(0).message().get("message")).isEqualTo("1: b");
    assertThat(response.messages().get(1).message().containsKey("message")).isFalse();
    assertThat(response.messages().get(2).message().containsKey("message")).isFalse();
    assertThat(response.messages().get(3).message().containsKey("message")).isFalse();
}
Also used : SearchResponse(org.graylog2.rest.resources.search.responses.SearchResponse) Test(org.junit.Test)

Example 8 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class FormatStringDecoratorTest method formatAllowEmptyValues.

@Test
public void formatAllowEmptyValues() {
    final DecoratorImpl decorator = getDecoratorConfig("${field_a}: ${field_b}", "message", false);
    final FormatStringDecorator formatStringDecorator = new FormatStringDecorator(decorator, templateEngine);
    final SearchResponse searchResponse = getSearchResponse();
    final SearchResponse response = formatStringDecorator.apply(searchResponse);
    assertThat(response.messages().size()).isEqualTo(4);
    assertThat(response.messages().get(0).message().get("message")).isEqualTo("1: b");
    assertThat(response.messages().get(1).message().get("message")).isEqualTo("1:");
    assertThat(response.messages().get(2).message().get("message")).isEqualTo(": b");
    assertThat(response.messages().get(3).message().get("message")).isEqualTo(":");
}
Also used : SearchResponse(org.graylog2.rest.resources.search.responses.SearchResponse) Test(org.junit.Test)

Example 9 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class FormatStringDecoratorTest method getSearchResponse.

private SearchResponse getSearchResponse() {
    final IndexRangeSummary indexRangeSummary = IndexRangeSummary.create("graylog_0", Tools.nowUTC().minusDays(1), Tools.nowUTC(), null, 100);
    final ImmutableMultimap<String, Range<Integer>> hlRanges = ImmutableMultimap.of();
    final List<ResultMessageSummary> messages = ImmutableList.of(create(hlRanges, ImmutableMap.of("_id", "h", "field_a", "1", "field_b", "b"), "graylog_0"), create(hlRanges, ImmutableMap.of("_id", "h", "field_a", "1"), "graylog_0"), create(hlRanges, ImmutableMap.of("_id", "h", "field_b", "b"), "graylog_0"), create(hlRanges, ImmutableMap.of("_id", "i", "foo", "1"), "graylog_0"));
    return SearchResponse.builder().query("foo").builtQuery("foo").usedIndices(ImmutableSet.of(indexRangeSummary)).messages(messages).fields(ImmutableSet.of("field_a", "field_b", "foo")).time(100L).totalResults(messages.size()).from(Tools.nowUTC().minusHours(1)).to(Tools.nowUTC()).build();
}
Also used : IndexRangeSummary(org.graylog2.rest.models.system.indexer.responses.IndexRangeSummary) Range(com.google.common.collect.Range) ResultMessageSummary(org.graylog2.rest.models.messages.responses.ResultMessageSummary)

Example 10 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class Searches method terms.

public TermsResult terms(String field, int size, String query, String filter, TimeRange range, Sorting.Direction sorting) {
    Terms.Order termsOrder;
    if (size == 0) {
        size = 50;
    }
    if (sorting == Sorting.Direction.DESC) {
        termsOrder = Terms.Order.count(false);
    } else {
        termsOrder = Terms.Order.count(true);
    }
    SearchRequestBuilder srb;
    if (filter == null) {
        srb = standardSearchRequest(query, determineAffectedIndices(range, null), range);
    } else {
        srb = filteredSearchRequest(query, filter, determineAffectedIndices(range, filter), range);
    }
    FilterAggregationBuilder builder = AggregationBuilders.filter(AGG_FILTER).subAggregation(AggregationBuilders.terms(AGG_TERMS).field(field).size(size).order(termsOrder)).subAggregation(AggregationBuilders.missing("missing").field(field)).filter(standardAggregationFilters(range, filter));
    srb.addAggregation(builder);
    final SearchRequest request = srb.request();
    SearchResponse r = c.search(request).actionGet();
    recordEsMetrics(r, range);
    final Filter f = r.getAggregations().get(AGG_FILTER);
    return new TermsResult(f.getAggregations().get(AGG_TERMS), f.getAggregations().get("missing"), f.getDocCount(), query, request.source(), r.getTook());
}
Also used : SearchRequest(org.elasticsearch.action.search.SearchRequest) FilterAggregationBuilder(org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder) SearchRequestBuilder(org.elasticsearch.action.search.SearchRequestBuilder) Filter(org.elasticsearch.search.aggregations.bucket.filter.Filter) Terms(org.elasticsearch.search.aggregations.bucket.terms.Terms) TermsResult(org.graylog2.indexer.results.TermsResult) SearchResponse(org.elasticsearch.action.search.SearchResponse)

Aggregations

SearchRequest (org.elasticsearch.action.search.SearchRequest)7 SearchResponse (org.elasticsearch.action.search.SearchResponse)7 SearchRequestBuilder (org.elasticsearch.action.search.SearchRequestBuilder)5 Filter (org.elasticsearch.search.aggregations.bucket.filter.Filter)5 FilterAggregationBuilder (org.elasticsearch.search.aggregations.bucket.filter.FilterAggregationBuilder)5 ResultMessageSummary (org.graylog2.rest.models.messages.responses.ResultMessageSummary)4 SearchResponse (org.graylog2.rest.resources.search.responses.SearchResponse)4 Timed (com.codahale.metrics.annotation.Timed)3 ApiOperation (io.swagger.annotations.ApiOperation)3 ApiResponses (io.swagger.annotations.ApiResponses)3 GET (javax.ws.rs.GET)3 Produces (javax.ws.rs.Produces)3 SearchPhaseExecutionException (org.elasticsearch.action.search.SearchPhaseExecutionException)3 SearchesConfig (org.graylog2.indexer.searches.SearchesConfig)3 Sorting (org.graylog2.indexer.searches.Sorting)3 TimeRange (org.graylog2.plugin.indexer.searches.timeranges.TimeRange)3 Test (org.junit.Test)3 QueryStringQueryBuilder (org.elasticsearch.index.query.QueryStringQueryBuilder)2 Terms (org.elasticsearch.search.aggregations.bucket.terms.Terms)2 IndexRangeSummary (org.graylog2.rest.models.system.indexer.responses.IndexRangeSummary)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial