def process_alert(self): search_query = SearchQuery(hours=1) search_query.add_must(TermMatch('tags', self.sqs_queue_name)) self.filtersManual(search_query) self.searchEventsSimple() self.walkEvents()
def test_search_nonexisting_index(self): search_query = SearchQuery() search_query.add_must(TermMatch('key', 'value')) with pytest.raises(ElasticsearchInvalidIndex): search_query.execute(self.es_client, indices=['doesnotexist'])
def getESAlerts(es): search_query = SearchQuery(minutes=50) search_query.add_must(TermMatch('_type', 'alert')) results = search_query.execute(es, indices=['alerts'], size=10000) return results
def test_search_no_results(self): search_query = SearchQuery() search_query.add_must( TermMatch('garbagefielddoesntexist', 'testingvalues')) results = search_query.execute(self.es_client) assert results['hits'] == []
def query_tests(self): tests = { TermMatch('details.resultss', 'ldap'): [{ 'details': { "resultss": "LDAP", } }], TermMatch('summary', 'test'): [ { 'summary': 'example summary' }, { 'summary': 'example summary tes' }, { 'summary': 'testing' }, { 'summary': 'test.mozilla.domain' }, { 'summary': 'mozilla.test.domain' }, { 'summary': 'mozilla.test' }, ], TermMatch('note', 'test'): [ { 'note': 'example note' }, { 'note': 'example note tes' }, { 'note': 'testing' }, { 'summnoteary': 'test.mozilla.domain' }, { 'note': 'mozilla.test.domain' }, { 'note': 'mozilla.test' }, ], TermMatch('summary', 'sum'): [ { 'summary': 'example test summary' }, { 'summary': 'example summary' }, { 'summary': 'summary test' }, { 'summary': 'summary' }, ], TermMatch('hostname', 'hostname.domain.com'): [ { 'hostname': 'sub.hostname.domain.com' }, { 'hostname': 'hostnames.domain.com' }, { 'hostname': 'domain.com' }, { 'hostname': 'com' }, ], } return tests
def test_array_input(self): queries = [ExistsMatch('note'), TermMatch('note', 'test')] self.query.add_should(queries) assert self.query.should == queries
def test_array_input(self): queries = [ExistsMatch('note'), TermMatch('note', 'test')] self.query.add_must_not(queries) assert self.query.must_not == queries
def esLdapResults(begindateUTC=None, enddateUTC=None): '''an ES query/facet to count success/failed logins''' resultsList = list() if begindateUTC is None: begindateUTC = datetime.now() - timedelta(hours=1) begindateUTC = toUTC(begindateUTC) if enddateUTC is None: enddateUTC = datetime.now() enddateUTC = toUTC(enddateUTC) try: es_client = ElasticsearchClient( list('{0}'.format(s) for s in options.esservers)) search_query = SearchQuery() range_match = RangeMatch('utctimestamp', begindateUTC, enddateUTC) search_query.add_must(range_match) search_query.add_must(TermMatch('tags', 'ldap')) search_query.add_must( TermMatch('details.result', 'LDAP_INVALID_CREDENTIALS')) search_query.add_aggregation(Aggregation('details.result')) search_query.add_aggregation(Aggregation('details.dn')) results = search_query.execute(es_client, indices=['events']) stoplist = ('o', 'mozilla', 'dc', 'com', 'mozilla.com', 'mozillafoundation.org', 'org', 'mozillafoundation') for t in results['aggregations']['details.dn']['terms']: if t['key'] in stoplist: continue #print(t['key']) failures = 0 success = 0 dn = t['key'] details_query = SearchQuery() details_query.add_must(range_match) details_query.add_must(TermMatch('tags', 'ldap')) details_query.add_must(TermMatch('details.dn', dn)) details_query.add_aggregation(Aggregation('details.result')) results = details_query.execute(es_client) for t in results['aggregations']['details.result']['terms']: #print(t['key'],t['count']) if t['key'].upper() == 'LDAP_SUCCESS': success = t['count'] if t['key'].upper() == 'LDAP_INVALID_CREDENTIALS': failures = t['count'] resultsList.append( dict(dn=dn, failures=failures, success=success, begin=begindateUTC.isoformat(), end=enddateUTC.isoformat())) return (json.dumps(resultsList)) except Exception as e: sys.stderr.write('Error trying to get ldap results: {0}\n'.format(e))