Upgrade from nest 0.11.0.0 to 5.5.0 running a query

Elastic Stack Elasticsearch
1

I'm upgrading an older service that uses 'alerts' as indices within elastic search and runs the queries inside against 'logs' that have also been stored by other services

Looking at the portion that actually retrieves the 'alert' and runs the query the syntax has changed, for example there is no such thing as Nest.connection or the Post method.

public IList<AlertResult> CheckAlert(Alert alert)
{
    var e = new Nest.Connection(new Nest.ConnectionSettings(_uri));
    var r = e.Post("logs*/_search" +, GetQuery(alert));

    JToken json = Newtonsoft.Json.Linq.JObject.Parse(r.Result.Result);

    List<String> resultValues = new List<String>();
    resultValues.AddRange(alertSource.ResultToken.Split('$'));
    JToken val = null;

    for (int i = 0; i < resultValues.Count; i++)
    {
        val = json.SelectToken(resultValues[i]);
    }
    var list = new List<AlertResult>();
    if (val != null && val.HasValues)
    {
        if (val.Type == JTokenType.Array)
        {
            foreach (var item in val)
            {
                var resultValue = item.SelectToken(alertSource.ValueToken);
		//dostuff
            }
        }
    return list;
}

in order to get the Jtoken from the query I've been attempting to use the elasticsearch low level client, but I don't really understand what's going on, and what I get back, is not parsing in the same way. Is there a better way ? can anyone help me understand a bit better?!

var e = new ElasticClient(new Nest.ConnectionSettings(_uri).DefaultIndex(index));
var t = e.LowLevel.Search<byte[]>("logs@2017-08-24-14", "logentries", GetQuery(alert););
var str = System.Text.Encoding.Default.GetString(t.Body);
JToken json = Newtonsoft.Json.Linq.JObject.Parse(str);

contents of query string stored within an alert

{
    "query": {
        "filtered": {
            "query": {
                "match": {
                    "logLevel": 3
                }
            },
            "filter": {
                "bool": {
                    "must_not": {
                        "term": {
                            "logText": "initialized"
                        }
                    },
                    "must": {

                        "range": {
                            "created": {
                                "from": "2017-09-01T10:39:59",
                                "to": "2017-09-01T10:40:59"
                            }
                        }
                    }
                }
            }
        }
    }
}
2

Please format the code in your question; I've helped you out this time, but please spend just a little bit of time formatting it in the future - it makes the question easier to read and engage with :slight_smile:

If you're upgrading from pre 1.x NEST to 5.x, I'd recommend having a read about the changes from one version to the next, as it'll help transition more smoothly:

Each contains a high level summary of the large changes from one version to the next, with links to breaking changes.

If you're looking to simply return a collection of JObject from the logs* indices and logentries types therein, and have a query represented as a JSON string, you can use the low level client exposed as a property on the high level client for this:

var settings = new ConnectionSettings(new Uri("http://localhost:9200"));
var client = new ElasticClient(settings);

var lowlevelResponse = client.LowLevel.Search<SearchResponse<JObject>>(
    "logs*",           // indices
    "logentries",      // types
    GetQuery(alert)    // your query, as JSON string / bytes / anonymous type
);

// this is a SearchResponse<JObject>, same type returned from high level client
var searchResponse = lowlevelResponse.Body;

// collection of JObjects
var jObjects = searchResponse.Documents;

The advantage of using the low level client on the high level client is that it can use the serializer based on JSON.Net that is part of the high level client, and low level calls can return high level responses, as demonstrated above.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.