本文整理汇总了Python中util.lookup_es_key函数的典型用法代码示例。如果您正苦于以下问题:Python lookup_es_key函数的具体用法?Python lookup_es_key怎么用?Python lookup_es_key使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了lookup_es_key函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: compare
def compare(self, event):
key = hashable(lookup_es_key(event, self.rules['query_key']))
values = []
elastalert_logger.debug(" Previous Values of compare keys " + str(self.occurrences))
for val in self.rules['compound_compare_key']:
lookup_value = lookup_es_key(event, val)
values.append(lookup_value)
elastalert_logger.debug(" Current Values of compare keys " + str(values))
changed = False
for val in values:
if not isinstance(val, bool) and not val and self.rules['ignore_null']:
return False
# If we have seen this key before, compare it to the new value
if key in self.occurrences:
for idx, previous_values in enumerate(self.occurrences[key]):
elastalert_logger.debug(" " + str(previous_values) + " " + str(values[idx]))
changed = previous_values != values[idx]
if changed:
break
if changed:
self.change_map[key] = (self.occurrences[key], values)
# If using timeframe, only return true if the time delta is < timeframe
if key in self.occurrence_time:
changed = event[self.rules['timestamp_field']] - self.occurrence_time[key] <= self.rules['timeframe']
# Update the current value and time
elastalert_logger.debug(" Setting current value of compare keys values " + str(values))
self.occurrences[key] = values
if 'timeframe' in self.rules:
self.occurrence_time[key] = event[self.rules['timestamp_field']]
elastalert_logger.debug("Final result of comparision between previous and current values " + str(changed))
return changed示例2: _add_custom_alert_text
def _add_custom_alert_text(self):
missing = '<MISSING VALUE>'
alert_text = unicode(self.rule.get('alert_text', ''))
if 'alert_text_args' in self.rule:
alert_text_args = self.rule.get('alert_text_args')
alert_text_values = [lookup_es_key(self.match, arg) for arg in alert_text_args]
# Support referencing other top-level rule properties
# This technically may not work if there is a top-level rule property with the same name
# as an es result key, since it would have been matched in the lookup_es_key call above
for i in xrange(len(alert_text_values)):
if alert_text_values[i] is None:
alert_value = self.rule.get(alert_text_args[i])
if alert_value:
alert_text_values[i] = alert_value
alert_text_values = [missing if val is None else val for val in alert_text_values]
alert_text = alert_text.format(*alert_text_values)
elif 'alert_text_kw' in self.rule:
kw = {}
for name, kw_name in self.rule.get('alert_text_kw').items():
val = lookup_es_key(self.match, name)
# Support referencing other top-level rule properties
# This technically may not work if there is a top-level rule property with the same name
# as an es result key, since it would have been matched in the lookup_es_key call above
if val is None:
val = self.rule.get(name)
kw[kw_name] = missing if val is None else val
alert_text = alert_text.format(**kw)
self.text += alert_text示例3: add_data
def add_data(self, data):
for document in data:
for field in self.fields:
value = ()
lookup_field = field
if type(field) == list:
# For composite keys, make the lookup based on all fields
# Make it a tuple since it can be hashed and used in dictionary lookups
lookup_field = tuple(field)
for sub_field in field:
lookup_result = lookup_es_key(document, sub_field)
if not lookup_result:
value = None
break
value += (lookup_result,)
else:
value = lookup_es_key(document, field)
if not value and self.rules.get('alert_on_missing_field'):
document['missing_field'] = lookup_field
self.add_match(copy.deepcopy(document))
elif value:
if value not in self.seen_values[lookup_field]:
document['new_field'] = lookup_field
self.add_match(copy.deepcopy(document))
self.seen_values[lookup_field].append(value)示例4: compare
def compare(self, event):
key = hashable(lookup_es_key(event, self.rules["query_key"]))
val = lookup_es_key(event, self.rules["compare_key"])
if not val and self.rules["ignore_null"]:
return False
changed = False
# If we have seen this key before, compare it to the new value
if key in self.occurrences:
changed = self.occurrences[key] != val
if changed:
self.change_map[key] = (self.occurrences[key], val)
# If using timeframe, only return true if the time delta is < timeframe
if key in self.occurrence_time:
changed = (
event[self.rules["timestamp_field"]] - self.occurrence_time[key] <= self.rules["timeframe"]
)
# Update the current value and time
self.occurrences[key] = val
if "timeframe" in self.rules:
self.occurrence_time[key] = event[self.rules["timestamp_field"]]
return changed示例5: alert
def alert(self, matches):
qk = self.rule.get('query_key', None)
for match in matches:
if qk in match:
elastalert_logger.info(
'Alert for %s, %s at %s:' % (self.rule['name'], match[qk], lookup_es_key(match, self.rule['timestamp_field'])))
else:
elastalert_logger.info('Alert for %s at %s:' % (self.rule['name'], lookup_es_key(match, self.rule['timestamp_field'])))
elastalert_logger.info(unicode(BasicMatchString(self.rule, match)))示例6: add_data
def add_data(self, data):
qk = self.rules.get('query_key')
for event in data:
if qk:
key = hashable(lookup_es_key(event, qk))
else:
# If no query_key, we use the key 'all' for all events
key = 'all'
self.cardinality_cache.setdefault(key, {})
self.first_event.setdefault(key, event[self.ts_field])
value = hashable(lookup_es_key(event, self.cardinality_field))
if value is not None:
# Store this timestamp as most recent occurence of the term
self.cardinality_cache[key][value] = event[self.ts_field]
self.check_for_match(key, event)示例7: _add_custom_alert_text
def _add_custom_alert_text(self):
missing = '<MISSING VALUE>'
alert_text = unicode(self.rule.get('alert_text', ''))
if 'alert_text_args' in self.rule:
alert_text_args = self.rule.get('alert_text_args')
alert_text_values = [lookup_es_key(self.match, arg) for arg in alert_text_args]
alert_text_values = [missing if val is None else val for val in alert_text_values]
alert_text = alert_text.format(*alert_text_values)
elif 'alert_text_kw' in self.rule:
kw = {}
for name, kw_name in self.rule.get('alert_text_kw').items():
val = lookup_es_key(self.match, name)
kw[kw_name] = missing if val is None else val
alert_text = alert_text.format(**kw)
self.text += alert_text示例8: get_aggregation_summary_text
def get_aggregation_summary_text(self, matches):
text = ''
if 'aggregation' in self.rule and 'summary_table_fields' in self.rule:
summary_table_fields = self.rule['summary_table_fields']
if not isinstance(summary_table_fields, list):
summary_table_fields = [summary_table_fields]
# Include a count aggregation so that we can see at a glance how many of each aggregation_key were encountered
summary_table_fields_with_count = summary_table_fields + ['count']
text += "Aggregation resulted in the following data for summary_table_fields ==> {0}:\n\n".format(summary_table_fields_with_count)
text_table = Texttable()
text_table.header(summary_table_fields_with_count)
match_aggregation = {}
# Maintain an aggregate count for each unique key encountered in the aggregation period
for match in matches:
key_tuple = tuple([unicode(lookup_es_key(match, key)) for key in summary_table_fields])
if key_tuple not in match_aggregation:
match_aggregation[key_tuple] = 1
else:
match_aggregation[key_tuple] = match_aggregation[key_tuple] + 1
for keys, count in match_aggregation.iteritems():
text_table.add_row([key for key in keys] + [count])
text += text_table.draw() + '\n\n'
return unicode(text)示例9: compare
def compare(self, event):
term = lookup_es_key(event, self.rules['compare_key'])
if term is None:
return not self.rules['ignore_null']
if term not in self.rules['whitelist']:
return True
return False示例10: garbage_collect
def garbage_collect(self, timestamp):
""" Remove all occurrence data that is beyond the timeframe away """
stale_keys = []
for key, window in self.occurrences.iteritems():
if timestamp - lookup_es_key(window.data[-1][0], self.ts_field) > self.rules['timeframe']:
stale_keys.append(key)
map(self.occurrences.pop, stale_keys)示例11: _add_custom_alert_text
def _add_custom_alert_text(self):
alert_text = unicode(self.rule.get("alert_text", ""))
if "alert_text_args" in self.rule:
alert_text_args = self.rule.get("alert_text_args")
alert_text_values = [lookup_es_key(self.match, arg) for arg in alert_text_args]
alert_text_values = ["<MISSING VALUE>" if val is None else val for val in alert_text_values]
alert_text = alert_text.format(*alert_text_values)
self.text += alert_text示例12: add_data
def add_data(self, data):
for event in data:
qk = self.rules.get("query_key", "all")
if qk != "all":
qk = hashable(lookup_es_key(event, qk))
if qk is None:
qk = "other"
self.handle_event(event, 1, qk)示例13: _add_custom_alert_text
def _add_custom_alert_text(self):
alert_text = unicode(self.rule.get('alert_text', ''))
if 'alert_text_args' in self.rule:
alert_text_args = self.rule.get('alert_text_args')
alert_text_values = [lookup_es_key(self.match, arg) for arg in alert_text_args]
alert_text_values = ['<MISSING VALUE>' if val is None else val for val in alert_text_values]
alert_text = alert_text.format(*alert_text_values)
self.text += alert_text示例14: get_match_str
def get_match_str(self, match):
lt = self.rules.get('use_local_time')
match_ts = lookup_es_key(match, self.ts_field)
starttime = pretty_ts(dt_to_ts(ts_to_dt(match_ts) - self.rules['timeframe']), lt)
message = 'At least %d(%d) events occurred between %s and %s\n\n' % (self.rules['num_events'],
match['count'],
starttime,
endtime)
return message示例15: add_match
def add_match(self, match):
# TODO this is not technically correct
# if the term changes multiple times before an alert is sent
# this data will be overwritten with the most recent change
change = self.change_map.get(hashable(lookup_es_key(match, self.rules["query_key"])))
extra = {}
if change:
extra = {"old_value": change[0], "new_value": change[1]}
super(ChangeRule, self).add_match(dict(match.items() + extra.items()))