Github user justinleet commented on a diff in the pull request:
https://github.com/apache/metron/pull/702#discussion_r137762973
--- Diff:
metron-platform/metron-elasticsearch/src/main/java/org/apache/metron/elasticsearch/dao/ElasticsearchDao.java
---
@@ -330,43 +334,112 @@ public void update(Document update, Optional<String>
index) throws IOException {
return latestIndices.values().toArray(new
String[latestIndices.size()]);
}
- public void addFacetFields(SearchSourceBuilder searchSourceBuilder,
List<String> fields) {
- for(String field: fields) {
- searchSourceBuilder = searchSourceBuilder.aggregation(new
TermsBuilder(getAggregationName(field)).field(field));
+ private org.elasticsearch.search.sort.SortOrder
getElasticsearchSortOrder(
+ org.apache.metron.indexing.dao.search.SortOrder sortOrder) {
+ return sortOrder ==
org.apache.metron.indexing.dao.search.SortOrder.DESC ?
+ org.elasticsearch.search.sort.SortOrder.DESC :
org.elasticsearch.search.sort.SortOrder.ASC;
+ }
+
+ private Order getElasticsearchGroupOrder(GroupOrder groupOrder) {
+ if (groupOrder.getGroupOrderType() == GroupOrderType.TERM) {
+ return groupOrder.getSortOrder() == SortOrder.ASC ? Order.term(true)
: Order.term(false);
+ } else {
+ return groupOrder.getSortOrder() == SortOrder.ASC ?
Order.count(true) : Order.count(false);
}
}
public Map<String, Map<String, Long>> getFacetCounts(List<String>
fields, Aggregations aggregations, Map<String, FieldType> commonColumnMetadata)
{
Map<String, Map<String, Long>> fieldCounts = new HashMap<>();
for (String field: fields) {
Map<String, Long> valueCounts = new HashMap<>();
- Aggregation aggregation =
aggregations.get(getAggregationName(field));
- if (aggregation instanceof LongTerms) {
- LongTerms longTerms = (LongTerms) aggregation;
- FieldType type = commonColumnMetadata.get(field);
- if (FieldType.IP.equals(type)) {
- longTerms.getBuckets().stream().forEach(bucket ->
valueCounts.put(IpFieldMapper.longToIp((Long) bucket.getKey()),
bucket.getDocCount()));
- } else if (FieldType.BOOLEAN.equals(type)) {
- longTerms.getBuckets().stream().forEach(bucket -> {
- String key = (Long) bucket.getKey() == 1 ? "true" : "false";
- valueCounts.put(key, bucket.getDocCount());
- });
- } else {
- longTerms.getBuckets().stream().forEach(bucket ->
valueCounts.put(bucket.getKeyAsString(), bucket.getDocCount()));
- }
- } else if (aggregation instanceof DoubleTerms) {
- DoubleTerms doubleTerms = (DoubleTerms) aggregation;
- doubleTerms.getBuckets().stream().forEach(bucket ->
valueCounts.put(bucket.getKeyAsString(), bucket.getDocCount()));
- } else if (aggregation instanceof StringTerms) {
- StringTerms stringTerms = (StringTerms) aggregation;
- stringTerms.getBuckets().stream().forEach(bucket ->
valueCounts.put(bucket.getKeyAsString(), bucket.getDocCount()));
+ Aggregation aggregation =
aggregations.get(getFacentAggregationName(field));
+ if (aggregation instanceof Terms) {
+ Terms terms = (Terms) aggregation;
+ terms.getBuckets().stream().forEach(bucket ->
valueCounts.put(formatKey(bucket.getKey(), commonColumnMetadata.get(field)),
bucket.getDocCount()));
}
fieldCounts.put(field, valueCounts);
}
return fieldCounts;
}
- private String getAggregationName(String field) {
+ private String formatKey(Object key, FieldType type) {
+ if (FieldType.IP.equals(type)) {
+ return IpFieldMapper.longToIp((Long) key);
+ } else if (FieldType.BOOLEAN.equals(type)) {
+ return (Long) key == 1 ? "true" : "false";
+ } else {
+ return key.toString();
+ }
+ }
+
+ private TermsBuilder getGroupsTermBuilder(GroupRequest groupRequest, int
index) {
+ List<Group> groups = groupRequest.getGroups();
+ Group group = groups.get(index);
--- End diff --
If the groups field is empty, this will end up throwing an exception:
```
{
"timestamp": "2017-09-08 10:44:34",
"status": 500,
"error": "Internal Server Error",
"exception": "java.lang.IndexOutOfBoundsException",
"message": "Index: 0, Size: 0",
"path": "/api/v1/search/group"
}
```
It seems like we should either return no results (after all, if there's
nothing requested in the group by, then no results seems at least vaguely
reasonable) or throw a more informative exception
---
