Package org.graylog.events.search

Class MoreSearch

java.lang.Object
org.graylog.events.search.MoreSearch
public class MoreSearch extends Object
This class contains search helper for the events system.

  • Constructor Details

  • Method Details

    • scrollQuery

      public void scrollQuery(String queryString, Set<String> streams, Set<Parameter> queryParameters, TimeRange timeRange, int batchSize, MoreSearch.ScrollCallback resultCallback) throws EventProcessorException
      This scrolls results for the given query, streams and time range from Elasticsearch. The result is passed to the given callback in batches. (using the given batch size)

      The search will continue until it is done, an error occurs or the search is stopped by setting the continueScrolling boolean to false from the MoreSearch.ScrollCallback.

      TODO: Elasticsearch has a default limit of 500 concurrent scrolls. Every caller of this method should check if there is capacity to create a new scroll request. This can be done by using the ES nodes stats API. See: https://www.elastic.co/guide/en/elasticsearch/reference/current/search-request-scroll.html#scroll-search-context
      Parameters:
      queryString - the search query string
      streams - the set of streams to search in
      timeRange - the time range for the search
      batchSize - the number of documents to retrieve at once
      resultCallback - the callback that gets executed for each batch
      Throws:
      EventProcessorException

    • loadStreams

      public Set<Stream> loadStreams(Set<String> streamIds)

    • luceneEscape

      public static String luceneEscape(String searchString)
      Helper to perform basic Lucene escaping of query string values
      Parameters:
      searchString - search string which may contain unescaped reserved characters
      Returns:
      String where those characters that Lucene expects to be escaped are escaped by a preceding \