@Override public int hashCode() { int result = 31 * (int) getTotal() + (getResults() != null ? getResults().hashCode() : 0); result = 31 * result + (getFacetCounts() != null ? getFacetCounts().hashCode() : 0); return result; }
@Override public boolean equals(Object o) { if (this == o) { return true; } if (o == null || getClass() != o.getClass()) { return false; } SearchResponse that = (SearchResponse) o; return getTotal() == that.getTotal() && (getResults() != null ? getResults().equals(that.getResults()) : that.getResults() != null) && (getFacetCounts() != null ? getFacetCounts().equals(that.getFacetCounts()) : that.getFacetCounts() != null); }
@Test public void missing_type_facet_query() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(missingTypeFacetQuery, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(10, response.getTotal()); Map<String, Map<String, Long>> facetCounts = response.getFacetCounts(); Assert.assertEquals(1, facetCounts.size()); Map<String, Long> snortFieldCounts = facetCounts.get("sig_generator"); Assert.assertEquals(5, snortFieldCounts.size()); Assert.assertEquals(1L, snortFieldCounts.get("sig_generator 5").longValue()); Assert.assertEquals(1L, snortFieldCounts.get("sig_generator 4").longValue()); Assert.assertEquals(1L, snortFieldCounts.get("sig_generator 3").longValue()); Assert.assertEquals(1L, snortFieldCounts.get("sig_generator 2").longValue()); Assert.assertEquals(1L, snortFieldCounts.get("sig_generator 1").longValue()); response.getFacetCounts(); }
@Test public void filter_query_filters_results() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(filterQuery, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(3, response.getTotal()); List<SearchResult> results = response.getResults(); Assert.assertEquals("snort", results.get(0).getSource().get(getSourceTypeField())); Assert.assertEquals("9", results.get(0).getSource().get("timestamp").toString()); Assert.assertEquals("snort", results.get(1).getSource().get(getSourceTypeField())); Assert.assertEquals("7", results.get(1).getSource().get("timestamp").toString()); Assert.assertEquals("bro", results.get(2).getSource().get(getSourceTypeField())); Assert.assertEquals("1", results.get(2).getSource().get("timestamp").toString()); }
@Test public void results_are_paginated() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(paginationQuery, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(10, response.getTotal()); List<SearchResult> results = response.getResults(); Assert.assertEquals(3, results.size()); Assert.assertEquals("snort", results.get(0).getSource().get(getSourceTypeField())); Assert.assertEquals("6", results.get(0).getSource().get("timestamp").toString()); Assert.assertEquals("bro", results.get(1).getSource().get(getSourceTypeField())); Assert.assertEquals("5", results.get(1).getSource().get("timestamp").toString()); Assert.assertEquals("bro", results.get(2).getSource().get(getSourceTypeField())); Assert.assertEquals("4", results.get(2).getSource().get("timestamp").toString()); }
@Test public void different_type_filter_query() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(differentTypeFilterQuery, SearchRequest.class); SearchResponse response = dao.search(request); Assert.assertEquals(1, response.getTotal()); List<SearchResult> results = response.getResults(); Assert.assertEquals("bro", results.get(0).getSource().get("source:type")); Assert.assertEquals("data 1", results.get(0).getSource().get("ttl")); }
@Test public void sort_ascending_with_missing_fields() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(sortAscendingWithMissingFields, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(10, response.getTotal()); List<SearchResult> results = response.getResults(); Assert.assertEquals(10, results.size()); // the remaining are missing the 'threat:triage:score' and should be sorted last for (int i = 0; i < 8; i++) { Assert.assertFalse(results.get(i).getSource().containsKey("threat:triage:score")); } // validate sorted order - there are only 2 with a 'threat:triage:score' Assert.assertEquals("10.0", results.get(8).getSource().get("threat:triage:score").toString()); Assert.assertEquals("20.0", results.get(9).getSource().get("threat:triage:score").toString()); }
@Test public void sort_descending_with_missing_fields() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(sortDescendingWithMissingFields, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(10, response.getTotal()); List<SearchResult> results = response.getResults(); Assert.assertEquals(10, results.size()); // validate sorted order - there are only 2 with a 'threat:triage:score' Assert.assertEquals("20.0", results.get(0).getSource().get("threat:triage:score").toString()); Assert.assertEquals("10.0", results.get(1).getSource().get("threat:triage:score").toString()); // the remaining are missing the 'threat:triage:score' and should be sorted last for (int i = 2; i < 10; i++) { Assert.assertFalse(results.get(i).getSource().containsKey("threat:triage:score")); } }
@Test public void returns_results_only_for_specified_indices() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(indexQuery, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(5, response.getTotal()); List<SearchResult> results = response.getResults(); for (int i = 5, j = 0; i > 0; i--, j++) { Assert.assertEquals("bro", results.get(j).getSource().get(getSourceTypeField())); Assert.assertEquals(i + "", results.get(j).getSource().get("timestamp").toString()); } }
@Test public void sort_by_guid() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(sortByGuidQuery, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(5, response.getTotal()); List<SearchResult> results = response.getResults(); for (int i = 0; i < 5; ++i) { Map<String, Object> source = results.get(i).getSource(); Assert.assertEquals(1, source.size()); Assert.assertEquals(source.get("guid"), "bro_" + (i + 1)); } }
@Test public void queries_fields() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(fieldsQuery, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(10, response.getTotal()); List<SearchResult> results = response.getResults(); for (int i = 0; i < 5; ++i) { Map<String, Object> source = results.get(i).getSource(); Assert.assertEquals(1, source.size()); Assert.assertNotNull(source.get("ip_src_addr")); } for (int i = 5; i < 10; ++i) { Map<String, Object> source = results.get(i).getSource(); Assert.assertEquals(1, source.size()); Assert.assertNotNull(source.get("ip_src_addr")); } }
SearchRequest request = JSONUtils.INSTANCE.load(facetQuery, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(10, response.getTotal()); Map<String, Map<String, Long>> facetCounts = response.getFacetCounts(); Assert.assertEquals(8, facetCounts.size());
@Test public void sort_query_sorts_results_ascending() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(sortQuery, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(10, response.getTotal()); List<SearchResult> results = response.getResults(); for (int i = 8001; i < 8011; ++i) { Assert.assertEquals(i, results.get(i - 8001).getSource().get("ip_src_port")); } }
@Test public void all_query_returns_all_results() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(allQuery, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(10, response.getTotal()); List<SearchResult> results = response.getResults(); Assert.assertEquals(10, results.size()); for(int i = 0;i < 5;++i) { Assert.assertEquals("snort", results.get(i).getSource().get(getSourceTypeField())); Assert.assertEquals(getIndexName("snort"), results.get(i).getIndex()); Assert.assertEquals(10 - i + "", results.get(i).getSource().get("timestamp").toString()); } for (int i = 5; i < 10; ++i) { Assert.assertEquals("bro", results.get(i).getSource().get(getSourceTypeField())); Assert.assertEquals(getIndexName("bro"), results.get(i).getIndex()); Assert.assertEquals(10 - i + "", results.get(i).getSource().get("timestamp").toString()); } }
@Test public void no_results_returned_when_query_does_not_match() throws Exception { SearchRequest request = JSONUtils.INSTANCE.load(noResultsFieldsQuery, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(0, response.getTotal()); }
Assert.assertEquals(1, searchResponse.getTotal()); Assert.assertEquals(MetaAlertStatus.ACTIVE.getStatusString(), searchResponse.getResults().get(0).getSource().get(STATUS_FIELD));
@Test public void shouldSortMetaAlertsByAlertStatus() throws Exception { final String guid = "meta_alert"; setupTypings(); // should be able to sort meta-alert search results by 'alert_status' SortField sortField = new SortField(); sortField.setField("alert_status"); sortField.setSortOrder("asc"); // when no meta-alerts exist, it should work Assert.assertEquals(0, searchForSortedMetaAlerts(sortField).getTotal()); // when meta-alert just created, it should work createMetaAlert(guid); Assert.assertEquals(1, searchForSortedMetaAlerts(sortField).getTotal()); // when meta-alert 'esclated', it should work escalateMetaAlert(guid); Assert.assertEquals(1, searchForSortedMetaAlerts(sortField).getTotal()); }
@Test public void different_type_facet_query() throws Exception { thrown.expect(Exception.class); SearchRequest request = JSONUtils.INSTANCE.load(differentTypeFacetQuery, SearchRequest.class); SearchResponse response = getIndexDao().search(request); Assert.assertEquals(3, response.getTotal()); }
Assert.assertEquals(0, searchResponse.getTotal()); Assert.assertEquals(1, searchResponse.getTotal()); Assert.assertEquals("meta_active", searchResponse.getResults().get(0).getSource().get("guid")); Assert.assertEquals(1, searchResponse.getTotal()); Assert.assertEquals("message_2", searchResponse.getResults().get(0).getSource().get("guid"));