def get_last_machine_heartbeats(self, machine_serial_number):
body = self._get_machine_events_body(machine_serial_number, tag="heartbeat")
body.update({
'size': 0,
'aggs': {
'inventory_heartbeats': {
'filter': {'type': {'value': 'inventory_heartbeat'}},
'aggs': {
'sources': {
'terms': {
'field': 'inventory_heartbeat.source.name',
'size': 10 # TODO: HARDCODED
},
'aggs': {
'max_created_at': {
'max': {
'field': 'created_at'
}
}
}
}
}
},
'other_events': {
'filter': {'bool': {'must_not': {'type': {'value': 'inventory_heartbeat'}}}},
'aggs': {
'event_types': {
'terms': {
'field': '_type',
'size': len([et for et in event_types.values()
if 'heartbeat' in et.tags])
},
'aggs': {
'max_created_at': {
'max': {
'field': 'created_at'
}
}
}
}
}
}
}
})
r = self._es.search(index=self.read_index, body=body)
heartbeats = []
for bucket in r["aggregations"]["inventory_heartbeats"]["sources"]["buckets"]:
heartbeats.append((event_types["inventory_heartbeat"],
bucket["key"],
parser.parse(bucket["max_created_at"]["value_as_string"])))
for bucket in r["aggregations"]["other_events"]["event_types"]["buckets"]:
event_type = bucket["key"]
event_type_class = event_types.get(event_type, None)
if not event_type_class:
logger.error("Unknown event type %s", event_type)
else:
heartbeats.append((event_type_class,
None,
parser.parse(bucket["max_created_at"]["value_as_string"])))
return heartbeats
def get_last_machine_heartbeats(self, machine_serial_number):
body = self._get_machine_events_body(machine_serial_number, tag="heartbeat")
body.update({
'size': 0,
'aggs': {
'inventory_heartbeats': {
'filter': {'type': {'value': 'inventory_heartbeat'}},
'aggs': {
'sources': {
'terms': {
'field': 'inventory_heartbeat.source.name',
'size': 10 # TODO: HARDCODED
},
'aggs': {
'max_created_at': {
'max': {
'field': 'created_at'
}
}
}
}
}
},
'other_events': {
'filter': {'bool': {'must_not': {'type': {'value': 'inventory_heartbeat'}}}},
'aggs': {
'event_types': {
'terms': {
'field': '_type',
'size': len([et for et in event_types.values()
if 'heartbeat' in et.tags])
},
'aggs': {
'max_created_at': {
'max': {
'field': 'created_at'
}
}
}
}
}
}
}
})
r = self._es.search(index=self.read_index, body=body)
heartbeats = []
for bucket in r["aggregations"]["inventory_heartbeats"]["sources"]["buckets"]:
heartbeats.append((event_types["inventory_heartbeat"],
bucket["key"],
parser.parse(bucket["max_created_at"]["value_as_string"])))
for bucket in r["aggregations"]["other_events"]["event_types"]["buckets"]:
event_type = bucket["key"]
event_type_class = event_types.get(event_type, None)
if not event_type_class:
logger.error("Unknown event type %s", event_type)
else:
heartbeats.append((event_type_class,
None,
parser.parse(bucket["max_created_at"]["value_as_string"])))
return heartbeats
def get_last_machine_heartbeats(self, serial_number, from_dt):
heartbeats = []
# heartbeat events
heartbeat_event_filters = self._build_filters("inventory_heartbeat",
serial_number)
heartbeat_event_search = f"{heartbeat_event_filters} | stats max(_time) by inventory.source.name"
sid = self._post_search_job(heartbeat_event_search, from_dt, None)
results = self._get_search_results(sid)
for result in results["results"]:
heartbeats.append(
(event_types["inventory_heartbeat"],
result["inventory.source.name"], [
(None,
datetime.utcfromtimestamp(float(result["max(_time)"])))
]))
# other events
other_event_filters = self._build_filters(
serial_number=serial_number,
excluded_event_type="inventory_heartbeat",
tag="heartbeat")
other_event_search = f'{other_event_filters} | stats max(_time) by sourcetype request.user_agent'
sid = self._post_search_job(other_event_search, from_dt, None)
event_uas = {}
results = self._get_search_results(sid)
for result in results["results"]:
event_type_class = event_types.get(result["sourcetype"])
if not event_type_class:
logger.error("Unknown event type %s", result["sourcetype"])
continue
event_uas.setdefault(event_type_class, []).append(
(result["request.user_agent"],
datetime.utcfromtimestamp(float(result["max(_time)"]))))
for event_type_class, ua_max_dates in event_uas.items():
heartbeats.append((event_type_class, None, ua_max_dates))
return heartbeats
def get_event_type_classes(self):
return [
etc for etc in (event_types.get(et, None)
for et in self.event_types) if etc
]
def get_event_type_classes(self):
return [etc for etc in (event_types.get(et, None) for et in self.event_types) if etc]
