def es_get_rules_stats(request, hostname, count=20, from_date=0, qfilter=None): templ = Template(TOP_QUERY) context = Context({ 'appliance_hostname': hostname, 'count': count, 'from_date': from_date, 'field': 'alert.signature_id' }) if qfilter != None: query_filter = " AND " + qfilter context['query_filter'] = re.sub('"', '\\"', query_filter) data = templ.render(context) es_url = get_es_url(from_date) req = urllib2.Request(es_url, data) try: out = urllib2.urlopen(req) except: return None data = out.read() # returned data is JSON data = json.loads(data) # total number of results try: if settings.ELASTICSEARCH_2X: data = data['aggregations']['table']['buckets'] else: data = data['facets']['table']['terms'] except: rules = ExtendedRuleTable([]) tables.RequestConfig(request).configure(rules) return rules rules = [] if data != None: for elt in data: try: if settings.ELASTICSEARCH_2X: sid = elt['key'] else: sid = elt['term'] rule = Rule.objects.get(sid=sid) except: print "Can not find rule with sid " + str(sid) continue if settings.ELASTICSEARCH_2X: rule.hits = elt['doc_count'] else: rule.hits = elt['count'] rules.append(rule) rules = ExtendedRuleTable(rules) tables.RequestConfig(request).configure(rules) else: rules = ExtendedRuleTable([]) tables.RequestConfig(request).configure(rules) return rules
def es_get_rules_stats(request, hostname, count=20, from_date=0, qfilter=None): data = render_template(TOP_QUERY, { 'appliance_hostname': hostname, 'count': count, 'from_date': from_date, 'field': 'alert.signature_id' }, qfilter=qfilter) es_url = get_es_url(from_date) headers = {'content-type': 'application/json'} req = urllib2.Request(es_url, data, headers=headers) try: out = urllib2.urlopen(req, timeout=TIMEOUT) except: return None data = out.read() # returned data is JSON data = json.loads(data) # total number of results try: if settings.ELASTICSEARCH_VERSION >= 2: data = data['aggregations']['table']['buckets'] else: data = data['facets']['table']['terms'] except: rules = ExtendedRuleTable([]) tables.RequestConfig(request).configure(rules) return rules rules = [] if data != None: for elt in data: try: if settings.ELASTICSEARCH_VERSION >= 2: sid = elt['key'] else: sid = elt['term'] rule = Rule.objects.get(sid=sid) except: print "Can not find rule with sid " + str(sid) continue if settings.ELASTICSEARCH_VERSION >= 2: rule.hits = elt['doc_count'] else: rule.hits = elt['count'] rules.append(rule) rules = ExtendedRuleTable(rules) tables.RequestConfig(request).configure(rules) else: rules = ExtendedRuleTable([]) tables.RequestConfig(request).configure(rules) return rules
def es_get_rules_stats(request, hostname, count=20, from_date=0 , qfilter = None): templ = Template(ALERT_ID_QUERY) context = Context({'appliance_hostname': hostname, 'alerts_number': count, 'from_date': from_date}) if qfilter != None: query_filter = " AND " + qfilter context['query_filter'] = re.sub('"','\\"', query_filter) data = templ.render(context) es_url = get_es_url(from_date) req = urllib2.Request(es_url, data) try: out = urllib2.urlopen(req) except: return None data = out.read() # returned data is JSON data = json.loads(data) # total number of results try: if settings.ELASTICSEARCH_2X: data = data['aggregations']['alert']['buckets'] else: data = data['facets']['table']['terms'] except: rules = ExtendedRuleTable([]) tables.RequestConfig(request).configure(rules) return rules rules = [] if data != None: for elt in data: try: if settings.ELASTICSEARCH_2X: sid=elt['key'] else: sid=elt['term'] rule = Rule.objects.get(sid=sid) except: print "Can not find rule with sid " + str(sid) continue if settings.ELASTICSEARCH_2X: rule.hits = elt['doc_count'] else: rule.hits = elt['count'] rules.append(rule) rules = ExtendedRuleTable(rules) tables.RequestConfig(request).configure(rules) else: rules = ExtendedRuleTable([]) tables.RequestConfig(request).configure(rules) return rules