use of org.opensearch.ad.model.AnomalyResult in project anomaly-detection by opensearch-project.
the class AnomalyDetectorRestApiIT method testSearchTopAnomalyResultsOnPopulatedResultIndex.
public void testSearchTopAnomalyResultsOnPopulatedResultIndex() throws IOException {
String indexName = randomAlphaOfLength(10).toLowerCase(Locale.ROOT);
Map<String, String> categoryFieldsAndTypes = new HashMap<String, String>() {
{
put("keyword-field", "keyword");
put("ip-field", "ip");
}
};
String testIndexData = "{\"keyword-field\": \"field-1\", \"ip-field\": \"1.2.3.4\", \"timestamp\": 1}";
TestHelpers.createIndexWithHCADFields(client(), indexName, categoryFieldsAndTypes);
TestHelpers.ingestDataToIndex(client(), indexName, TestHelpers.toHttpEntity(testIndexData));
AnomalyDetector detector = createAnomalyDetector(TestHelpers.randomAnomalyDetectorUsingCategoryFields(randomAlphaOfLength(10), TIME_FIELD, ImmutableList.of(indexName), categoryFieldsAndTypes.keySet().stream().collect(Collectors.toList())), true, client());
// Ingest some sample results
if (!indexExistsWithAdminClient(CommonName.ANOMALY_RESULT_INDEX_ALIAS)) {
TestHelpers.createEmptyAnomalyResultIndex(adminClient());
}
Map<String, Object> entityAttrs1 = new HashMap<String, Object>() {
{
put("keyword-field", "field-1");
put("ip-field", "1.2.3.4");
}
};
Map<String, Object> entityAttrs2 = new HashMap<String, Object>() {
{
put("keyword-field", "field-2");
put("ip-field", "5.6.7.8");
}
};
Map<String, Object> entityAttrs3 = new HashMap<String, Object>() {
{
put("keyword-field", "field-2");
put("ip-field", "5.6.7.8");
}
};
AnomalyResult anomalyResult1 = TestHelpers.randomHCADAnomalyDetectResult(detector.getDetectorId(), null, entityAttrs1, 0.5, 0.8, null, 5L, 5L);
AnomalyResult anomalyResult2 = TestHelpers.randomHCADAnomalyDetectResult(detector.getDetectorId(), null, entityAttrs2, 0.5, 0.5, null, 5L, 5L);
AnomalyResult anomalyResult3 = TestHelpers.randomHCADAnomalyDetectResult(detector.getDetectorId(), null, entityAttrs3, 0.5, 0.2, null, 5L, 5L);
TestHelpers.ingestDataToIndex(adminClient(), CommonName.ANOMALY_RESULT_INDEX_ALIAS, TestHelpers.toHttpEntity(anomalyResult1));
TestHelpers.ingestDataToIndex(adminClient(), CommonName.ANOMALY_RESULT_INDEX_ALIAS, TestHelpers.toHttpEntity(anomalyResult2));
TestHelpers.ingestDataToIndex(adminClient(), CommonName.ANOMALY_RESULT_INDEX_ALIAS, TestHelpers.toHttpEntity(anomalyResult3));
// Sorting by severity
Response severityResponse = searchTopAnomalyResults(detector.getDetectorId(), false, "{\"category_field\":[\"keyword-field\"]," + "\"start_time_ms\":0, \"end_time_ms\":10, \"order\":\"severity\"}", client());
Map<String, Object> severityResponseMap = entityAsMap(severityResponse);
@SuppressWarnings("unchecked") List<Map<String, Object>> severityBuckets = (ArrayList<Map<String, Object>>) XContentMapValues.extractValue("buckets", severityResponseMap);
assertEquals(2, severityBuckets.size());
@SuppressWarnings("unchecked") Map<String, String> severityBucketKey1 = (Map<String, String>) severityBuckets.get(0).get("key");
@SuppressWarnings("unchecked") Map<String, String> severityBucketKey2 = (Map<String, String>) severityBuckets.get(1).get("key");
assertEquals("field-1", severityBucketKey1.get("keyword-field"));
assertEquals("field-2", severityBucketKey2.get("keyword-field"));
// Sorting by occurrence
Response occurrenceResponse = searchTopAnomalyResults(detector.getDetectorId(), false, "{\"category_field\":[\"keyword-field\"]," + "\"start_time_ms\":0, \"end_time_ms\":10, \"order\":\"occurrence\"}", client());
Map<String, Object> occurrenceResponseMap = entityAsMap(occurrenceResponse);
@SuppressWarnings("unchecked") List<Map<String, Object>> occurrenceBuckets = (ArrayList<Map<String, Object>>) XContentMapValues.extractValue("buckets", occurrenceResponseMap);
assertEquals(2, occurrenceBuckets.size());
@SuppressWarnings("unchecked") Map<String, String> occurrenceBucketKey1 = (Map<String, String>) occurrenceBuckets.get(0).get("key");
@SuppressWarnings("unchecked") Map<String, String> occurrenceBucketKey2 = (Map<String, String>) occurrenceBuckets.get(1).get("key");
assertEquals("field-2", occurrenceBucketKey1.get("keyword-field"));
assertEquals("field-1", occurrenceBucketKey2.get("keyword-field"));
// Sorting using all category fields
Response allFieldsResponse = searchTopAnomalyResults(detector.getDetectorId(), false, "{\"category_field\":[\"keyword-field\", \"ip-field\"]," + "\"start_time_ms\":0, \"end_time_ms\":10, \"order\":\"severity\"}", client());
Map<String, Object> allFieldsResponseMap = entityAsMap(allFieldsResponse);
@SuppressWarnings("unchecked") List<Map<String, Object>> allFieldsBuckets = (ArrayList<Map<String, Object>>) XContentMapValues.extractValue("buckets", allFieldsResponseMap);
assertEquals(2, allFieldsBuckets.size());
@SuppressWarnings("unchecked") Map<String, String> allFieldsBucketKey1 = (Map<String, String>) allFieldsBuckets.get(0).get("key");
@SuppressWarnings("unchecked") Map<String, String> allFieldsBucketKey2 = (Map<String, String>) allFieldsBuckets.get(1).get("key");
assertEquals("field-1", allFieldsBucketKey1.get("keyword-field"));
assertEquals("1.2.3.4", allFieldsBucketKey1.get("ip-field"));
assertEquals("field-2", allFieldsBucketKey2.get("keyword-field"));
assertEquals("5.6.7.8", allFieldsBucketKey2.get("ip-field"));
}
Aggregations