Search in sources :

Example 26 with AnomalyResult

use of org.opensearch.ad.model.AnomalyResult in project anomaly-detection by opensearch-project.

the class AnomalyDetectorRestApiIT method testSearchTopAnomalyResultsOnPopulatedResultIndex.

public void testSearchTopAnomalyResultsOnPopulatedResultIndex() throws IOException {
    String indexName = randomAlphaOfLength(10).toLowerCase(Locale.ROOT);
    Map<String, String> categoryFieldsAndTypes = new HashMap<String, String>() {

        {
            put("keyword-field", "keyword");
            put("ip-field", "ip");
        }
    };
    String testIndexData = "{\"keyword-field\": \"field-1\", \"ip-field\": \"1.2.3.4\", \"timestamp\": 1}";
    TestHelpers.createIndexWithHCADFields(client(), indexName, categoryFieldsAndTypes);
    TestHelpers.ingestDataToIndex(client(), indexName, TestHelpers.toHttpEntity(testIndexData));
    AnomalyDetector detector = createAnomalyDetector(TestHelpers.randomAnomalyDetectorUsingCategoryFields(randomAlphaOfLength(10), TIME_FIELD, ImmutableList.of(indexName), categoryFieldsAndTypes.keySet().stream().collect(Collectors.toList())), true, client());
    // Ingest some sample results
    if (!indexExistsWithAdminClient(CommonName.ANOMALY_RESULT_INDEX_ALIAS)) {
        TestHelpers.createEmptyAnomalyResultIndex(adminClient());
    }
    Map<String, Object> entityAttrs1 = new HashMap<String, Object>() {

        {
            put("keyword-field", "field-1");
            put("ip-field", "1.2.3.4");
        }
    };
    Map<String, Object> entityAttrs2 = new HashMap<String, Object>() {

        {
            put("keyword-field", "field-2");
            put("ip-field", "5.6.7.8");
        }
    };
    Map<String, Object> entityAttrs3 = new HashMap<String, Object>() {

        {
            put("keyword-field", "field-2");
            put("ip-field", "5.6.7.8");
        }
    };
    AnomalyResult anomalyResult1 = TestHelpers.randomHCADAnomalyDetectResult(detector.getDetectorId(), null, entityAttrs1, 0.5, 0.8, null, 5L, 5L);
    AnomalyResult anomalyResult2 = TestHelpers.randomHCADAnomalyDetectResult(detector.getDetectorId(), null, entityAttrs2, 0.5, 0.5, null, 5L, 5L);
    AnomalyResult anomalyResult3 = TestHelpers.randomHCADAnomalyDetectResult(detector.getDetectorId(), null, entityAttrs3, 0.5, 0.2, null, 5L, 5L);
    TestHelpers.ingestDataToIndex(adminClient(), CommonName.ANOMALY_RESULT_INDEX_ALIAS, TestHelpers.toHttpEntity(anomalyResult1));
    TestHelpers.ingestDataToIndex(adminClient(), CommonName.ANOMALY_RESULT_INDEX_ALIAS, TestHelpers.toHttpEntity(anomalyResult2));
    TestHelpers.ingestDataToIndex(adminClient(), CommonName.ANOMALY_RESULT_INDEX_ALIAS, TestHelpers.toHttpEntity(anomalyResult3));
    // Sorting by severity
    Response severityResponse = searchTopAnomalyResults(detector.getDetectorId(), false, "{\"category_field\":[\"keyword-field\"]," + "\"start_time_ms\":0, \"end_time_ms\":10, \"order\":\"severity\"}", client());
    Map<String, Object> severityResponseMap = entityAsMap(severityResponse);
    @SuppressWarnings("unchecked") List<Map<String, Object>> severityBuckets = (ArrayList<Map<String, Object>>) XContentMapValues.extractValue("buckets", severityResponseMap);
    assertEquals(2, severityBuckets.size());
    @SuppressWarnings("unchecked") Map<String, String> severityBucketKey1 = (Map<String, String>) severityBuckets.get(0).get("key");
    @SuppressWarnings("unchecked") Map<String, String> severityBucketKey2 = (Map<String, String>) severityBuckets.get(1).get("key");
    assertEquals("field-1", severityBucketKey1.get("keyword-field"));
    assertEquals("field-2", severityBucketKey2.get("keyword-field"));
    // Sorting by occurrence
    Response occurrenceResponse = searchTopAnomalyResults(detector.getDetectorId(), false, "{\"category_field\":[\"keyword-field\"]," + "\"start_time_ms\":0, \"end_time_ms\":10, \"order\":\"occurrence\"}", client());
    Map<String, Object> occurrenceResponseMap = entityAsMap(occurrenceResponse);
    @SuppressWarnings("unchecked") List<Map<String, Object>> occurrenceBuckets = (ArrayList<Map<String, Object>>) XContentMapValues.extractValue("buckets", occurrenceResponseMap);
    assertEquals(2, occurrenceBuckets.size());
    @SuppressWarnings("unchecked") Map<String, String> occurrenceBucketKey1 = (Map<String, String>) occurrenceBuckets.get(0).get("key");
    @SuppressWarnings("unchecked") Map<String, String> occurrenceBucketKey2 = (Map<String, String>) occurrenceBuckets.get(1).get("key");
    assertEquals("field-2", occurrenceBucketKey1.get("keyword-field"));
    assertEquals("field-1", occurrenceBucketKey2.get("keyword-field"));
    // Sorting using all category fields
    Response allFieldsResponse = searchTopAnomalyResults(detector.getDetectorId(), false, "{\"category_field\":[\"keyword-field\", \"ip-field\"]," + "\"start_time_ms\":0, \"end_time_ms\":10, \"order\":\"severity\"}", client());
    Map<String, Object> allFieldsResponseMap = entityAsMap(allFieldsResponse);
    @SuppressWarnings("unchecked") List<Map<String, Object>> allFieldsBuckets = (ArrayList<Map<String, Object>>) XContentMapValues.extractValue("buckets", allFieldsResponseMap);
    assertEquals(2, allFieldsBuckets.size());
    @SuppressWarnings("unchecked") Map<String, String> allFieldsBucketKey1 = (Map<String, String>) allFieldsBuckets.get(0).get("key");
    @SuppressWarnings("unchecked") Map<String, String> allFieldsBucketKey2 = (Map<String, String>) allFieldsBuckets.get(1).get("key");
    assertEquals("field-1", allFieldsBucketKey1.get("keyword-field"));
    assertEquals("1.2.3.4", allFieldsBucketKey1.get("ip-field"));
    assertEquals("field-2", allFieldsBucketKey2.get("keyword-field"));
    assertEquals("5.6.7.8", allFieldsBucketKey2.get("ip-field"));
}
Also used : Response(org.opensearch.client.Response) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) ToXContentObject(org.opensearch.common.xcontent.ToXContentObject) AnomalyResult(org.opensearch.ad.model.AnomalyResult) Matchers.containsString(org.hamcrest.Matchers.containsString) HashMap(java.util.HashMap) Map(java.util.Map) ImmutableMap(com.google.common.collect.ImmutableMap) AnomalyDetector(org.opensearch.ad.model.AnomalyDetector)

Aggregations

AnomalyResult (org.opensearch.ad.model.AnomalyResult)26 ArrayList (java.util.ArrayList)10 AnomalyDetector (org.opensearch.ad.model.AnomalyDetector)10 IOException (java.io.IOException)9 List (java.util.List)9 ActionListener (org.opensearch.action.ActionListener)8 EndRunException (org.opensearch.ad.common.exception.EndRunException)7 Instant (java.time.Instant)6 IndexRequest (org.opensearch.action.index.IndexRequest)6 Map (java.util.Map)5 LogManager (org.apache.logging.log4j.LogManager)5 Logger (org.apache.logging.log4j.Logger)5 AnomalyDetectionException (org.opensearch.ad.common.exception.AnomalyDetectionException)5 FeatureData (org.opensearch.ad.model.FeatureData)5 Settings (org.opensearch.common.settings.Settings)5 XContentBuilder (org.opensearch.common.xcontent.XContentBuilder)5 Test (org.junit.Test)4 Client (org.opensearch.client.Client)4 ClusterService (org.opensearch.cluster.service.ClusterService)4 ThreadPool (org.opensearch.threadpool.ThreadPool)4