public async Task<IHttpActionResult> TermAggragation([FromBody] QueryInfo info) { try { var resp = await _client.SearchAsync<logs>(s => s .Size(info.Size) .Aggregations(fa => fa .Filter("ff", f => f .Filter(fd => fd .Range(t => t .OnField("@timestamp").Greater(info.Start).Lower(info.End))) .Aggregations(a => a.Terms("agg", ag => ag.Field(info.AggField).Size(info.SubSize))) ) ) ); var ff = resp.Aggs.Filter("ff"); var fagg = ff.Terms("agg"); ELSresult result = new ELSresult { Time = resp.ElapsedMilliseconds, Document = (int)resp.HitsMetaData.Total, Total = (int)ff.DocCount, AggData = fagg.Items, AggTotal = fagg.Items.Count }; return Ok(result); } catch (Exception e) { return BadRequest(e.Message); } }
public async Task<IHttpActionResult> StringQuery([FromBody] QueryInfo info) { var es=new ESauth(); try { var l = ""; if (!string.IsNullOrEmpty(info.Lat) && !string.IsNullOrEmpty(info.Lon)) { l = info.Lat + "," + info.Lon; } var x = Filter<logs>.Range(t => t.OnField("@timestamp").Greater(info.Start).Lower(info.End)); var y = Filter<logs>.GeoDistance("geoip.location", g => g.Distance(info.GeoDistance).Location(l)); var resp = await _client.SearchAsync<logs>(s => s //.Indices(new [] {"1","2"}) .Size(info.Size) .Query(p => p.QueryString(q => q.Query(info.SearchText))) //.Query(p => p.Term("logs.geoip.city_name.raw", "Beijing")) //.Filter(f => f.Range(t => t.OnField("@timestamp").Greater(info.Start).Lower(info.End))) .Filter(f => f.Bool(b => b .Must(mf => mf.And(x && y)) ) ) ); ELSresult result = new ELSresult { Time = resp.ElapsedMilliseconds, Total = (int)resp.HitsMetaData.Total, MaxScore = resp.HitsMetaData.MaxScore, Data = resp.Hits }; //_logHandler.CallMessageApi(HttpContext.Current.Request, HttpContext.Current.Response); return Ok(result); } catch (Exception e) { return BadRequest("stringquery" + e.Message); } }
public async Task<IHttpActionResult> AutoFill([FromBody] QueryInfo info) { //var autoField = new ArrayList() { "ident.raw", "auth.raw", "geoip.city_name.raw","geoip.real_region_name.raw", "response","clientip.raw","geoip.country_code3.raw", // "geoip.country_name.raw", "geoip.region_name.raw", "geoip.postal_code.raw"}; var autoField = new ArrayList() { "geoip.postal_code.raw", "geoip.country_name.raw", "ident.raw", "clientip.raw", "geoip.region_name.raw", "auth.raw", "request.raw", "agent.raw", "geoip.continent_code.raw", "geoip.city_name.raw", "geoip.continent_code.raw", "geoip.country_code2.raw", "geoip.country_code3.raw", "response.raw", "geoip.region_name.raw", "geoip.country_name.raw", "APIresponse.raw", "geoip.real_region_name.raw", "verb.raw", "action.raw" }; try { var res = new ArrayList(); foreach (var af in autoField) { var x = Query<logs>.Prefix(af.ToString().Substring(0, af.ToString().Length - 4), info.SearchText); var y = Query<logs>.Prefix(af.ToString(), info.SearchText); var resp = await _client.SearchAsync<logs>(s => s //.Query(p => p.Prefix(af.ToString(), info.SearchText)).Analyzer("simple") .Query(p => p.Bool(b => b.Should(x||y))) .Aggregations(fa => fa .Filter("ff", f => f .Filter(fd => fd .Range(t => t .OnField("@timestamp").Greater(info.Start).Lower(info.End))) .Aggregations(a => a.Terms("agg", ag => ag.Field(af.ToString()).Size(info.SubSize))) ) ) ); //time += resp.ElapsedMilliseconds; var ff = resp.Aggs.Filter("ff"); var fagg = ff.Terms("agg"); foreach (var item in fagg.Items) { res.Add(item.Key); } } ELSresult result = new ELSresult { Total = res.Count, AutoData = res }; return Ok(result); } catch (Exception e) { return BadRequest(e.Message); } }
public async Task<IHttpActionResult> GeoDistanceAggragation([FromBody] QueryInfo info) { try { var l = ""; if (info.Location.Lat != "" && info.Location.Lon != "") { l = info.Location.Lat + "," + info.Location.Lon; } var resp = await _client.SearchAsync<logs>(s => s .Aggregations(fa => fa .Filter("ff", f => f .Filter(fd => fd .Range(t => t .OnField("@timestamp").Greater(info.Start).Lower(info.End))) .Aggregations(a => a .GeoDistance("geo", g => g .Field("geoip.location") .Origin(l).Unit(GeoUnit.Miles) .Ranges( r => r.To(1000), r => r.From(1000).To(3000), r => r.From(3000) )) ) )) ); var ff = resp.Aggs.Filter("ff"); var fagg = ff.GeoDistance("geo"); ELSresult result = new ELSresult { Time = resp.ElapsedMilliseconds, Document = (int)resp.HitsMetaData.Total, Total = (int)ff.DocCount, GeoAggdata = fagg.Items, AggTotal = fagg.Items.Count }; return Ok(result); } catch (Exception e) { return BadRequest(e.Message); } }
public async Task<IHttpActionResult> GetSampledata([FromBody] QueryInfo info) { try { /* var uri ="http://*****:*****@timestamp").Greater(info.Start).Lower(info.End)); var y = Filter<logs>.GeoDistance("geoip.location", g => g.Distance(info.GeoDistance).Location(l)); var resp = await _client.SearchAsync<logs>(s => s .Size(info.Size) .Query(qq => qq.MatchAll()) .Filter(f => f.Bool(b => b .Must(mf => mf.And(x && y)) ) ) ); ELSresult result = new ELSresult { Time = resp.ElapsedMilliseconds, Total = (int)resp.HitsMetaData.Total, MaxScore = resp.HitsMetaData.MaxScore, Data = resp.Hits }; return Ok(result); } catch (Exception e) { return BadRequest("SampleData " + e.Message); } }
public async Task<IHttpActionResult> StringQueryWithBoolFilter([FromBody] QueryInfo info) { try { var l = ""; if (!string.IsNullOrEmpty(info.Lat) && !string.IsNullOrEmpty(info.Lon)) { l = info.Lat + "," + info.Lon; } var x = Filter<logs>.Range(t => t.OnField("@timestamp").Greater(info.Start).Lower(info.End)); var y = Filter<logs>.GeoDistance("geoip.location", g => g.Distance(info.GeoDistance).Location(l)); var fmust = x & y; var fnot = Filter<logs>.Not(fn => fn.Term("", "")); var fshould = Filter<logs>.MatchAll(); if (info.Filterdata != null) { foreach (var cc in info.Filterdata) { if (cc.Condition == "MUST") { var xx = Filter<logs>.Term(cc.Field, cc.Text); fmust = fmust & xx; } if (cc.Condition == "MUST_NOT") { var yy = Filter<logs>.Term(cc.Field, cc.Text); fnot = fnot & yy; } if (cc.Condition == "SHOULD") { var zz = Filter<logs>.Term(cc.Field, cc.Text); fshould = fshould & zz; } } } var resp = await _client.SearchAsync<logs>(s => s .Size(info.Size) .Query(p => p.QueryString(q => q.Query(info.SearchText))) .Filter(f => f.Bool(b => b .Must(mf => mf.And(fmust)) .MustNot(nf => nf.And(fnot)) .Should(sf => sf.And(fshould)) ) ) ); ELSresult result = new ELSresult { Time = resp.ElapsedMilliseconds, Total = (int)resp.HitsMetaData.Total, MaxScore = resp.HitsMetaData.MaxScore, Data = resp.Hits }; return Ok(result); } catch (Exception e) { return BadRequest("stringbool " + e.Message); } }
public async Task<IHttpActionResult> TermQuery([FromBody] QueryInfo info) { try { var l = ""; if (!string.IsNullOrEmpty(info.Lat) && !string.IsNullOrEmpty(info.Lon)) { l = info.Lat + "," + info.Lon; } var x = Filter<logs>.Range(t => t.OnField("@timestamp").Greater(info.Start).Lower(info.End)); var y = Filter<logs>.GeoDistance("geoip.location", g => g.Distance(info.GeoDistance).Location(l)); var resp = await _client.SearchAsync<logs>(s => s .Size(info.Size) .Query(qt => qt.Term(info.Field, info.SearchText)) .Filter(f => f.Bool(b => b .Must(mf => mf.And(x && y)) ) ) ); ELSresult result = new ELSresult { Time = resp.ElapsedMilliseconds, Total = (int)resp.HitsMetaData.Total, MaxScore = resp.HitsMetaData.MaxScore, Data = resp.Hits }; return Ok(result); } catch (Exception e) { return BadRequest("term " + e.Message); } }