Examples with SearchResponse org.graylog2.rest.resources.search.responses.SearchResponse used on opensource projects

Example 11 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class Searches method search.

public SearchResult search(SearchesConfig config) {
    Set<IndexRange> indices = determineAffectedIndicesWithRanges(config.range(), config.filter());
    Set<String> indexNames = Sets.newHashSet();
    for (IndexRange index : indices) {
        indexNames.add(index.indexName());
    }
    SearchRequest request = searchRequest(config, indexNames).request();
    SearchResponse r = c.search(request).actionGet();
    recordEsMetrics(r, config.range());
    return new SearchResult(r.getHits(), indices, config.query(), request.source(), r.getTook());
}

Example 12 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class Searches method histogram.

public HistogramResult histogram(String query, DateHistogramInterval interval, String filter, TimeRange range) {
    FilterAggregationBuilder builder = AggregationBuilders.filter(AGG_FILTER).subAggregation(AggregationBuilders.dateHistogram(AGG_HISTOGRAM).field("timestamp").interval(interval.toESInterval())).filter(standardAggregationFilters(range, filter));
    QueryStringQueryBuilder qs = queryStringQuery(query);
    qs.allowLeadingWildcard(configuration.isAllowLeadingWildcardSearches());
    final Set<String> affectedIndices = determineAffectedIndices(range, filter);
    final SearchRequestBuilder srb = c.prepareSearch(affectedIndices.toArray(new String[affectedIndices.size()])).setIndicesOptions(IndicesOptions.lenientExpandOpen()).setQuery(qs).addAggregation(builder);
    final SearchRequest request = srb.request();
    SearchResponse r = c.search(request).actionGet();
    recordEsMetrics(r, range);
    final Filter f = r.getAggregations().get(AGG_FILTER);
    return new DateHistogramResult(f.getAggregations().get(AGG_HISTOGRAM), query, request.source(), interval, r.getTook());
}

Example 13 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class DecoratorProcessorImpl method decorate.

@Override
public SearchResponse decorate(SearchResponse searchResponse, Optional<String> streamId) {
    try {
        final List<SearchResponseDecorator> searchResponseDecorators = streamId.isPresent() ? decoratorResolver.searchResponseDecoratorsForStream(streamId.get()) : decoratorResolver.searchResponseDecoratorsForGlobal();
        final Optional<SearchResponseDecorator> metaDecorator = searchResponseDecorators.stream().reduce((f, g) -> (v) -> g.apply(f.apply(v)));
        if (metaDecorator.isPresent()) {
            final Map<String, ResultMessageSummary> originalMessages = searchResponse.messages().stream().collect(Collectors.toMap(this::getMessageKey, Function.identity()));
            final SearchResponse newSearchResponse = metaDecorator.get().apply(searchResponse);
            final Set<String> newFields = extractFields(newSearchResponse.messages());
            final List<ResultMessageSummary> decoratedMessages = newSearchResponse.messages().stream().map(resultMessage -> {
                final ResultMessageSummary originalMessage = originalMessages.get(getMessageKey(resultMessage));
                if (originalMessage != null) {
                    return resultMessage.toBuilder().decorationStats(DecorationStats.create(originalMessage.message(), resultMessage.message())).build();
                }
                return resultMessage;
            }).collect(Collectors.toList());
            return newSearchResponse.toBuilder().messages(decoratedMessages).fields(newFields).decorationStats(this.getSearchDecoratorStats(decoratedMessages)).build();
        }
    } catch (Exception e) {
        LOG.error("Error decorating search response", e);
    }
    return searchResponse;
}

Example 14 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class SearchResponseCsvWriter method writeTo.

@Override
public void writeTo(SearchResponse searchResponse, Class<?> type, Type genericType, Annotation[] annotations, MediaType mediaType, MultivaluedMap<String, Object> httpHeaders, OutputStream entityStream) throws IOException, WebApplicationException {
    final CSVWriter csvWriter = new CSVWriter(new OutputStreamWriter(entityStream, StandardCharsets.UTF_8));
    final ImmutableSortedSet<String> sortedFields = ImmutableSortedSet.copyOf(Iterables.concat(searchResponse.fields(), Lists.newArrayList("source", "timestamp")));
    // write field headers
    csvWriter.writeNext(sortedFields.toArray(new String[sortedFields.size()]));
    // write result set in same order as the header row
    final String[] fieldValues = new String[sortedFields.size()];
    for (ResultMessageSummary message : searchResponse.messages()) {
        int idx = 0;
        // first collect all values from the current message
        for (String fieldName : sortedFields) {
            final Object val = message.message().get(fieldName);
            fieldValues[idx++] = ((val == null) ? null : val.toString().replaceAll("\n", "\\\\n"));
            fieldValues[idx++] = ((val == null) ? null : val.toString().replaceAll("\r", "\\\\r"));
        }
        // write the complete line, some fields might not be present in the message, so there might be null values
        csvWriter.writeNext(fieldValues);
    }
    if (csvWriter.checkError()) {
        LOG.error("Encountered unspecified error when writing message result as CSV, result is likely malformed.");
    }
    csvWriter.close();
}

Example 15 with SearchResponse

use of org.graylog2.rest.resources.search.responses.SearchResponse in project graylog2-server by Graylog2.

the class RelativeSearchResource method searchRelative.

@GET
@Timed
@ApiOperation(value = "Message search with relative timerange.", notes = "Search for messages in a relative timerange, specified as seconds from now. " + "Example: 300 means search from 5 minutes ago to now.")
@ApiResponses(value = { @ApiResponse(code = 400, message = "Invalid timerange parameters provided.") })
@Produces(MediaType.APPLICATION_JSON)
public SearchResponse searchRelative(@ApiParam(name = "query", value = "Query (Lucene syntax)", required = true) @QueryParam("query") @NotEmpty String query, @ApiParam(name = "range", value = "Relative timeframe to search in. See method description.", required = true) @QueryParam("range") int range, @ApiParam(name = "limit", value = "Maximum number of messages to return.", required = false) @QueryParam("limit") int limit, @ApiParam(name = "offset", value = "Offset", required = false) @QueryParam("offset") int offset, @ApiParam(name = "filter", value = "Filter", required = false) @QueryParam("filter") String filter, @ApiParam(name = "fields", value = "Comma separated list of fields to return", required = false) @QueryParam("fields") String fields, @ApiParam(name = "sort", value = "Sorting (field:asc / field:desc)", required = false) @QueryParam("sort") String sort, @ApiParam(name = "decorate", value = "Run decorators on search result", required = false) @QueryParam("decorate") @DefaultValue("true") boolean decorate) {
    checkSearchPermission(filter, RestPermissions.SEARCHES_RELATIVE);
    final List<String> fieldList = parseOptionalFields(fields);
    final Sorting sorting = buildSorting(sort);
    final TimeRange timeRange = buildRelativeTimeRange(range);
    final SearchesConfig searchesConfig = SearchesConfig.builder().query(query).filter(filter).fields(fieldList).range(timeRange).limit(limit).offset(offset).sorting(sorting).build();
    final Optional<String> streamId = Searches.extractStreamId(filter);
    try {
        return buildSearchResponse(searches.search(searchesConfig), timeRange, decorate, streamId);
    } catch (SearchPhaseExecutionException e) {
        throw createRequestExceptionForParseFailure(query, e);
    }
}