Complex Dsl Queries based on client side parameters


(Ankit Agarwal) #1

The logs are of this format:

17/03/15-06:29:30 31609 453749 545959 1 4 http://www.somesite.com/index.html - 0
{timestamp} {process_id} {child_id} {device_id} {blocked_id} {filter_id} {url} {log_message}

I have an external ruby client which can query on the following fields:

  • TimeStamp (Start Date to End Date)
    Child Id
    Device Id
    Blocked Id

The possible combination of parameters passed to query the ES can be:

Search for:
Child Id alone
Child Id + Device Id
Child Id + Device Id + Blocked Id
Device Id alone
Device Id + Blocked Id
Start Date to End Date
Start Date to End Date + Blocked Id
Start Date to End Date + Child Id
Start Date to End Date + Child Id + Blocked Id
Start Date to End Date + Device Id
Start Date to End Date + Device Id + Blocked Id
Start Date to End Date + Device Id + Child Id
Start Date to End Date + Device Id + Child Id + Blocked

Since I do not know what all parameters will be sent from the client side, I have to handle all the possibilities using if-else conditions. Each If condition checks for the presence of a parameter and forms the DSL Query accordingly.
I am forming too many conditional statements and forming dsl queries for each. I tried a lot to implement combination queries, range and filter queries. But some or the other condition is violated.

Need help in forming DSL query such that I can cover all possible parameters that the client can send with fewer conditions as possible.
I know there must be a way to do this. please comment if I am not clear with my question.

Thanks in advance.

I was trying these type of condition and queries:

if params['child_id'].
q = { match: { child_id: params['child_id'] }}
if params['device_id']
q = { match: { device_id: params['device_id'] }}
if params['child_id'] and params['device_id']
q = { bool: {
must: [
{ match: { child_id: params['child_id'] }},
{ match: { device_id: params['device_id'] }}
]
}
}
end
if params['start_time'] and params['end_time']
start_time = Time.parse(params['start_time']).iso8601
end_time = Time.parse(params['end_time']).iso8601
q = {
filtered: {
filter: {
range: {
"@timestamp" => {
"gt" => start_time,
"lte" => end_time
}
}
}
}
}
end
end
if !params['child_id'] and !params['device_id'] and !params['start'] and !params['end']
q = {match_all: {} }
end

NOTE: Many other conditions to check the incoming parameters and Queries are not shown. These are just for reference.


(system) #2