def search(self, parms): device_controller = DeviceController(self.db, self.logger) if "location" in parms.keys(): list_location_ip = device_controller.get_device_list_by_locationid( parms["location"]) if "device" in parms.keys(): list_device_ip = device_controller.get_device_list_by_hostname( parms["device"]) #Doing intersection between device search and device in location search_ip = list(set(list_location_ip) & set(list_device_ip)) print search_ip query_search = [] if search_ip: query_search.append(Query.terms('host', search_ip)) if parms["time"]: time_from = parms["time"]["from"].split(" ")[0] time_to = parms["time"]["to"].split(" ")[0] query_search.append( Query.range('@timestamp', gte=time_from, lte=time_to)) if parms["severityLevel"]: query_search.append( Query.terms('severity', parms["severityLevel"])) if parms["keywordMessage"]: message_search = [] message_search.append(parms["keywordMessage"]) query_search.append(Query.terms('message', message_search)) index = "syslog*" es = Elasticsearch(["http://192.168.100.249:9200"]) q = ElasticQuery(es=es, index=index, doc_type='doc') # q.query(Query.match_all()) q.size(1000) q.query(Query.bool(must=query_search)) #q.query(Aggregate.terms(must=query_search)) print q.json(indent=4) query_result = self.format_results(q.get()) return query_result #No index to query else: return []