public String cqlUserHitCount(EventQueryDefinition qDef) { qDef.getActionFilters().add(ACTION_CHECK_OK); return cqlSearchAudit(qDef, COL_EVENT_USER, EventConstants.TARGET_FEATURE); }
public String cqlHostHitCount(EventQueryDefinition qDef) { qDef.getActionFilters().add(ACTION_CHECK_OK); return cqlSearchAudit(qDef, COL_EVENT_HOSTNAME, EventConstants.TARGET_FEATURE); }
/** * Get uids * -> between 2 dates * -> For features only * -> for check only * @return */ public String cqlFeatureUsageHitCount(EventQueryDefinition qDef) { qDef.getActionFilters().add(ACTION_CHECK_OK); return cqlSearchAudit(qDef, COL_EVENT_NAME, EventConstants.TARGET_FEATURE); }
public String cqlSourceHitCount(EventQueryDefinition qDef) { qDef.getActionFilters().add(ACTION_CHECK_OK); return cqlSearchAudit(qDef, COL_EVENT_SOURCE, EventConstants.TARGET_FEATURE); }
public String cqlAuditFeatureUsage(EventQueryDefinition qDef) { qDef.getActionFilters().add(ACTION_CHECK_OK); return cqlSearchAudit(qDef, "*", EventConstants.TARGET_FEATURE); }
sb.append(" AND (" + COL_EVENT_TIME + "< ?) "); if (qDef.getActionFilters().isEmpty()) { if (filterForCheck) { qDef.getActionFilters().add(ACTION_CHECK_OK); qDef.getActionFilters().add(ACTION_CONNECT); qDef.getActionFilters().add(ACTION_DISCONNECT); qDef.getActionFilters().add(ACTION_TOGGLE_ON); qDef.getActionFilters().add(ACTION_TOGGLE_OFF); qDef.getActionFilters().add(ACTION_CREATE); qDef.getActionFilters().add(ACTION_DELETE); qDef.getActionFilters().add(ACTION_UPDATE); qDef.getActionFilters().add(ACTION_CLEAR); if (qDef.getActionFilters() != null && !qDef.getActionFilters().isEmpty()) { sb.append(" AND (" + COL_EVENT_ACTION + " IN "); sb.append(buildClauseIn(qDef.getActionFilters())); sb.append(")");
/** {@inheritDoc} */ @Override public void purgeFeatureUsage(EventQueryDefinition query) { Util.assertNotNull(query); // Enforce removing events for feature usage query.getActionFilters().add(ACTION_CHECK_OK); getJdbcTemplate().update( getQueryBuilder().getPurgeFeatureUsageQuery(query), new java.sql.Timestamp(query.getFrom()), new java.sql.Timestamp(query.getTo())); }
if (!qDef.getActionFilters().isEmpty()) { sb.append(" AND (" + COL_EVENT_ACTION + " IN "); sb.append(buildClauseIn(qDef.getActionFilters())); sb.append(")");
/** {@inheritDoc} */ @Override public void purgeFeatureUsage(EventQueryDefinition qDef) { Util.assertNotNull(qDef); // Enforce remove "checks" qDef.getActionFilters().add(ACTION_CHECK_OK); Connection sqlConn = null; PreparedStatement ps = null; ResultSet rs = null; try { sqlConn = getDataSource().getConnection(); ps = sqlConn.prepareStatement(getQueryBuilder().getPurgeFeatureUsageQuery(qDef)); ps.setTimestamp(1, new java.sql.Timestamp(qDef.getFrom())); ps.setTimestamp(2, new java.sql.Timestamp(qDef.getTo())); ps.executeUpdate(); } catch (SQLException sqlEX) { throw new IllegalStateException("CANNOT_READ_AUDITTABLE", sqlEX); } finally { closeResultSet(rs); closeStatement(ps); closeConnection(sqlConn); } }
/** {@inheritDoc} */ private Map<String, MutableHitCount> computeHitCount(EventQueryDefinition query, String pColName) { Map < String, MutableHitCount > hitCount = new HashMap<String, MutableHitCount>(); try (Connection hbConn = ConnectionFactory.createConnection(conn.getConfig())) { try(Table table = hbConn.getTable(AUDIT_TABLENAME)) { query.getActionFilters().add(ACTION_CHECK_OK); Scan scanQuery = buildQuery(query, Util.set(pColName), EventConstants.TARGET_FEATURE); try(ResultScanner scanner = table.getScanner(scanQuery)) { for (Result rr = scanner.next(); rr != null; rr = scanner.next()) { String colValue = Bytes.toString(rr.getValue(B_AUDIT_CF, Bytes.toBytes(pColName))); if (hitCount.containsKey(colValue)) { hitCount.get(colValue).inc(); } else { hitCount.put(colValue, new MutableHitCount(1)); } } } } } catch (IOException e) { throw new AuditAccessException("Compute hitcount based on " + pColName, e); } return hitCount; }
/** {@inheritDoc} */ @Override public void purgeAuditTrail(EventQueryDefinition query) { try (Connection hbConn = ConnectionFactory.createConnection(conn.getConfig())) { try(Table table = hbConn.getTable(AUDIT_TABLENAME)) { query.getActionFilters().add(ACTION_CHECK_OK); // Scan for ids Scan scanQuery = buildQuery(query, Util.set(COL_EVENT_UID), null); List < Delete > list = new ArrayList<Delete>(); try(ResultScanner scanner = table.getScanner(scanQuery)) { for (Result rr = scanner.next(); rr != null; rr = scanner.next()) { list.add(new Delete(rr.getValue(B_AUDIT_CF, B_EVENT_UID))); } } table.delete(list); } } catch (IOException e) { throw new AuditAccessException("Cannot search audit trail ", e); } }
/** {@inheritDoc} */ @Override public EventSeries getAuditTrail(EventQueryDefinition query) { EventSeries es = new EventSeries(); try (Connection hbConn = ConnectionFactory.createConnection(conn.getConfig())) { try(Table table = hbConn.getTable(AUDIT_TABLENAME)) { query.getActionFilters().add(ACTION_CHECK_OK); Scan scanQuery = buildQuery(query, COLS_EVENT, null); Set < String > candidates = Util.set(ACTION_DISCONNECT, ACTION_TOGGLE_ON, ACTION_TOGGLE_OFF, ACTION_CREATE, ACTION_DELETE, ACTION_UPDATE, ACTION_CLEAR); try(ResultScanner scanner = table.getScanner(scanQuery)) { for (Result rr = scanner.next(); rr != null; rr = scanner.next()) { String action = Bytes.toString(rr.getValue(B_AUDIT_CF, B_EVENT_ACTION)); if (candidates.contains(action)) { es.add(MAPPER.fromStore(rr)); } } } } } catch (IOException e) { throw new AuditAccessException("Cannot search audit trail ", e); } return es; }
/** {@inheritDoc} */ @Override public EventSeries searchFeatureUsageEvents(EventQueryDefinition query) { EventSeries es = new EventSeries(); try (Connection hbConn = ConnectionFactory.createConnection(conn.getConfig())) { try(Table table = hbConn.getTable(AUDIT_TABLENAME)) { query.getActionFilters().add(ACTION_CHECK_OK); Scan scanQuery = buildQuery(query, COLS_EVENT, EventConstants.TARGET_FEATURE); try(ResultScanner scanner = table.getScanner(scanQuery)) { for (Result rr = scanner.next(); rr != null; rr = scanner.next()) { es.add(MAPPER.fromStore(rr)); } } } } catch (IOException e) { throw new AuditAccessException("Cannot search feature usage ", e); } return es; }
if (!qDef.getActionFilters().isEmpty()) { filterList.addFilter( createFilterListOR(B_EVENT_ACTION, qDef.getActionFilters()));
public Search queryGetEventQueryDefinition(EventQueryDefinition query, String action) { BoolQueryBuilder booleanQuery = new BoolQueryBuilder(); // Optional constant for action filter if (action != null) { query.getActionFilters().add(action); } QueryBuilder typeQuery = QueryBuilders.termQuery("type", EventConstants.TARGET_FEATURE); // Timestamp filter RangeQueryBuilder timestampFilter = QueryBuilders.rangeQuery("timestamp") // .gt(query.getFrom().longValue()) // .lt(query.getTo().longValue()) // .includeLower(false) // .includeUpper(false); booleanQuery.must(typeQuery); booleanQuery.must(timestampFilter); // Optional filters addOptionalFilters(booleanQuery, query.getActionFilters(), "action"); addOptionalFilters(booleanQuery, query.getHostFilters(), "hostName"); addOptionalFilters(booleanQuery, query.getNamesFilter(), "name"); addOptionalFilters(booleanQuery, query.getSourceFilters(), "source"); // Warning : default size is set to 10 results, that's why it's // overridden SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder().size(100); Search searchQuery = new Search.Builder(searchSourceBuilder.query(booleanQuery.toString()).toString()) // .addIndex(connection.getIndexName()) // .addType(ElasticConstants.TYPE_EVENT) // .build(); return searchQuery; }