def get_last_machine_heartbeats(self, machine_serial_number): body = self._get_machine_events_body(machine_serial_number, tag="heartbeat") body.update({ 'size': 0, 'aggs': { 'inventory_heartbeats': { 'filter': {'type': {'value': 'inventory_heartbeat'}}, 'aggs': { 'sources': { 'terms': { 'field': 'inventory_heartbeat.source.name', 'size': 10 # TODO: HARDCODED }, 'aggs': { 'max_created_at': { 'max': { 'field': 'created_at' } } } } } }, 'other_events': { 'filter': {'bool': {'must_not': {'type': {'value': 'inventory_heartbeat'}}}}, 'aggs': { 'event_types': { 'terms': { 'field': '_type', 'size': len([et for et in event_types.values() if 'heartbeat' in et.tags]) }, 'aggs': { 'max_created_at': { 'max': { 'field': 'created_at' } } } } } } } }) r = self._es.search(index=self.read_index, body=body) heartbeats = [] for bucket in r["aggregations"]["inventory_heartbeats"]["sources"]["buckets"]: heartbeats.append((event_types["inventory_heartbeat"], bucket["key"], parser.parse(bucket["max_created_at"]["value_as_string"]))) for bucket in r["aggregations"]["other_events"]["event_types"]["buckets"]: event_type = bucket["key"] event_type_class = event_types.get(event_type, None) if not event_type_class: logger.error("Unknown event type %s", event_type) else: heartbeats.append((event_type_class, None, parser.parse(bucket["max_created_at"]["value_as_string"]))) return heartbeats
def get_last_machine_heartbeats(self, machine_serial_number): body = self._get_machine_events_body(machine_serial_number, tag="heartbeat") body.update({ 'size': 0, 'aggs': { 'inventory_heartbeats': { 'filter': {'type': {'value': 'inventory_heartbeat'}}, 'aggs': { 'sources': { 'terms': { 'field': 'inventory_heartbeat.source.name', 'size': 10 # TODO: HARDCODED }, 'aggs': { 'max_created_at': { 'max': { 'field': 'created_at' } } } } } }, 'other_events': { 'filter': {'bool': {'must_not': {'type': {'value': 'inventory_heartbeat'}}}}, 'aggs': { 'event_types': { 'terms': { 'field': '_type', 'size': len([et for et in event_types.values() if 'heartbeat' in et.tags]) }, 'aggs': { 'max_created_at': { 'max': { 'field': 'created_at' } } } } } } } }) r = self._es.search(index=self.read_index, body=body) heartbeats = [] for bucket in r["aggregations"]["inventory_heartbeats"]["sources"]["buckets"]: heartbeats.append((event_types["inventory_heartbeat"], bucket["key"], parser.parse(bucket["max_created_at"]["value_as_string"]))) for bucket in r["aggregations"]["other_events"]["event_types"]["buckets"]: event_type = bucket["key"] event_type_class = event_types.get(event_type, None) if not event_type_class: logger.error("Unknown event type %s", event_type) else: heartbeats.append((event_type_class, None, parser.parse(bucket["max_created_at"]["value_as_string"]))) return heartbeats
def get_last_machine_heartbeats(self, serial_number, from_dt): heartbeats = [] # heartbeat events heartbeat_event_filters = self._build_filters("inventory_heartbeat", serial_number) heartbeat_event_search = f"{heartbeat_event_filters} | stats max(_time) by inventory.source.name" sid = self._post_search_job(heartbeat_event_search, from_dt, None) results = self._get_search_results(sid) for result in results["results"]: heartbeats.append( (event_types["inventory_heartbeat"], result["inventory.source.name"], [ (None, datetime.utcfromtimestamp(float(result["max(_time)"]))) ])) # other events other_event_filters = self._build_filters( serial_number=serial_number, excluded_event_type="inventory_heartbeat", tag="heartbeat") other_event_search = f'{other_event_filters} | stats max(_time) by sourcetype request.user_agent' sid = self._post_search_job(other_event_search, from_dt, None) event_uas = {} results = self._get_search_results(sid) for result in results["results"]: event_type_class = event_types.get(result["sourcetype"]) if not event_type_class: logger.error("Unknown event type %s", result["sourcetype"]) continue event_uas.setdefault(event_type_class, []).append( (result["request.user_agent"], datetime.utcfromtimestamp(float(result["max(_time)"])))) for event_type_class, ua_max_dates in event_uas.items(): heartbeats.append((event_type_class, None, ua_max_dates)) return heartbeats
def get_event_type_classes(self): return [ etc for etc in (event_types.get(et, None) for et in self.event_types) if etc ]
def get_event_type_classes(self): return [etc for etc in (event_types.get(et, None) for et in self.event_types) if etc]