sb.append(")"); if (!qDef.getHostFilters().isEmpty()) { sb.append(" AND (" + COL_EVENT_HOSTNAME + " IN "); sb.append(buildClauseIn(qDef.getHostFilters())); sb.append(")");
sb.append(")"); if (qDef.getHostFilters() != null && !qDef.getHostFilters().isEmpty()) { sb.append(" AND (" + COL_EVENT_HOSTNAME + " IN "); sb.append(buildClauseIn(qDef.getHostFilters())); sb.append(")");
if (!qDef.getHostFilters().isEmpty()) { filterList.addFilter( createFilterListOR(B_EVENT_HOSTNAME, qDef.getHostFilters()));
public Search queryGetEventQueryDefinition(EventQueryDefinition query, String action) { BoolQueryBuilder booleanQuery = new BoolQueryBuilder(); // Optional constant for action filter if (action != null) { query.getActionFilters().add(action); } QueryBuilder typeQuery = QueryBuilders.termQuery("type", EventConstants.TARGET_FEATURE); // Timestamp filter RangeQueryBuilder timestampFilter = QueryBuilders.rangeQuery("timestamp") // .gt(query.getFrom().longValue()) // .lt(query.getTo().longValue()) // .includeLower(false) // .includeUpper(false); booleanQuery.must(typeQuery); booleanQuery.must(timestampFilter); // Optional filters addOptionalFilters(booleanQuery, query.getActionFilters(), "action"); addOptionalFilters(booleanQuery, query.getHostFilters(), "hostName"); addOptionalFilters(booleanQuery, query.getNamesFilter(), "name"); addOptionalFilters(booleanQuery, query.getSourceFilters(), "source"); // Warning : default size is set to 10 results, that's why it's // overridden SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder().size(100); Search searchQuery = new Search.Builder(searchSourceBuilder.query(booleanQuery.toString()).toString()) // .addIndex(connection.getIndexName()) // .addType(ElasticConstants.TYPE_EVENT) // .build(); return searchQuery; }