$where .= " AND eid IN ("; $searchArr['eids'] = array_unique($searchArr['eids']); foreach ($searchArr['eids'] as $eid) { $qstring .= "&eids[]=$eid"; $where.= "'$eid',"; } $where = rtrim($where, ","); $where .= ")"; } if(is_array($searchArr['programs'])) { $where .= " AND program IN ("; $searchArr['programs'] = array_unique($searchArr['programs']); foreach ($searchArr['programs'] as $program) { $qstring .= "&programs[]=" . rawurlencode($program); $where.= "'".prg2crc($program)."',"; } $where = rtrim($where, ","); $where .= ")"; } $tail_where = $where; //------------------------------------------------------------ // Run the search query to get results from Sphinx //------------------------------------------------------------ if ($page == "Graph") { $json_o = search_graph(json_encode($searchArr), $spx_max, "distributed", $spx_ip, $spx_port); } else { $json_o = search(json_encode($searchArr), $spx_max, "distributed", $spx_ip, $spx_port); }
function search_graph($json_o, $spx_max, $index = "idx_logs idx_delta_logs", $spx_ip, $spx_port) { $basePath = dirname(__FILE__); // require_once ($basePath . "/SPHINX.class.php"); // Grab the settings from the database if not as parameter if ($spx_max == '') { $spx_max = $_SESSION[SPX_MAX_MATCHES]; } if ($spx_ip == '') { $spx_ip = $_SESSION[SPX_SRV]; } if ($spx_port == '') { $spx_port = $_SESSION[SPX_PORT]; } // let us try to invoke sphinxql here instead... $scl = new mysqli(SPHINXHOST, '', '', '', SPHINXPORT); if (mysqli_connect_errno()) { return sprintf("Sphinxql error in connect: %d %s\n", mysqli_connect_errno(), mysqli_connect_error() . "<br>The Sphinx daemon may not be running."); } //$cl = new SphinxClient (); //$cl->SetServer ( $spx_ip, $spx_port ); // Decode json object into an array: $json_a = json_decode($json_o, true); //die(print_r($json_a)); // Set All Defaults in case they aren't sent via the json object $dupop = !empty($json_a['dupop']) ? $json_a['dupop'] : ">="; $dupcount = !empty($json_a['dupcount']) ? $json_a['dupcount'] : 0; $orderby = !empty($json_a['orderby']) ? $json_a['orderby'] : "id"; $order = !empty($json_a['order']) ? $json_a['order'] : "ASC"; $limit = !empty($json_a['limit']) ? $json_a['limit'] : $spx_max; $show_suppressed = !empty($json_a['show_suppressed']) ? $json_a['show_suppressed'] : "all"; $q_type = !empty($json_a['q_type']) ? $json_a['q_type'] : "boolean"; $search_op = !empty($json_a['search_op']) ? $json_a['search_op'] : "|"; // loop through array to get the fields that the user wants to search on: // Note: Only certain values need to be looped here for modification before presenting to sphinx. // many of the items not looped below can be called directly using $json_a['name']; foreach ($json_a as $key => $val) { // echo "Key = $key, Val = $val\n"; switch ($key) { // Strings case 'msg_mask': // $val = real_escape_string( $cl->EscapeString ($val); $val = $scl->real_escape_string($val); $val = EscapeSphinxQL($val); $msg_mask .= $val . " {$search_op} "; break; case 'notes_mask': foreach ($val as $subkey => $subval) { // echo "SubKey = $subkey, SubVal = $subval\n"; // $subval = $cl->EscapeString ($subval); $subval = mysql_real_escape_string($subval, $scl); $notes_mask .= $subval . " {$search_op} "; } break; /* case 'hosts': foreach ($val as $subkey=>$subval) { // echo "SubKey = $subkey, SubVal = $subval\n"; // $subval = $cl->EscapeString ($subval); $subval = $scl->real_escape_string($subval); $hosts .= $subval . " $search_op "; } break; */ /* case 'hosts': foreach ($val as $subkey=>$subval) { // echo "SubKey = $subkey, SubVal = $subval\n"; // $subval = $cl->EscapeString ($subval); $subval = $scl->real_escape_string($subval); $hosts .= $subval . " $search_op "; } break; */ case 'mnemonics': foreach ($val as $subkey => $subval) { // echo "SubKey = $subkey, SubVal = $subval\n"; if (!preg_match('/^\\d+$/', $subval)) { $mnes[] .= mne2crc($subval); } else { $mnes[] .= $subval; } } break; case 'eids': foreach ($val as $subkey => $subval) { // echo "SubKey = $subkey, SubVal = $subval\n"; $eids[] .= $subval; } break; case 'programs': foreach ($val as $subkey => $subval) { // echo "SubKey = $subkey, SubVal = $subval\n"; if (!preg_match('/^\\d+$/', $subval)) { $prgs[] .= prg2crc($subval); } else { $prgs[] .= $subval; } } break; } } // die(print_r($json_a)); $msg_mask = rtrim($msg_mask, " {$search_op} "); // $hosts = rtrim($hosts, " $search_op "); $notes_mask = rtrim($notes_mask, " {$search_op} "); // Add DB column to strings if (!preg_match('/any|all|phrase/', $q_type)) { if ($msg_mask) { $msg_mask = "@MSG " . $msg_mask . " "; } /* if ($hosts) { $hosts = "@HOST " . $hosts . " "; } */ if ($notes_mask) { $notes_mask = "@NOTES " . $notes_mask; } } $sphinxfilters = array(); // SetFilter used on integer fields - takes an array if ($json_a['severities']) { // $cl->SetFilter( 'severity', $json_a['severities'] ); $sphinxfilters[] = "severity in (" . implode($json_a[severities], ',') . ")"; } if ($json_a['facilities']) { // $cl->SetFilter( 'facility', $json_a['facilities'] ); $sphinxfilters[] = "facility in (" . implode($json_a[facilities], ',') . ")"; } if (is_array($eids)) { // $cl->SetFilter( 'eid', $eids ); $sphinxfilters[] = "eid in (" . implode($eids, ',') . ")"; } if ($json_a['mnemonics']) { // $cl->SetFilter( 'mne', $mnes ); $sphinxfilters[] = "mne in (" . implode($mnes, ',') . ")"; } if ($json_a['programs']) { // $cl->SetFilter( 'program', $prgs ); $sphinxfilters[] = "program in (" . implode($prgs, ',') . ")"; } // this is not supported by sphinxql proto - due to the old code. // for now is only 'extended2' is the active, and the rest could be // simulated (and actually do internally) by extended2. // switch ($q_type) { // case "any": // $cl->SetMatchMode ( SPH_MATCH_ANY ); // break; // case "all": // $cl->SetMatchMode ( SPH_MATCH_ALL ); // break; // case "phrase": // $cl->SetMatchMode ( SPH_MATCH_PHRASE ); // break; // case "boolean": // $cl->SetMatchMode ( SPH_MATCH_BOOLEAN ); // break; // case "extended": // $cl->SetMatchMode ( SPH_MATCH_EXTENDED2 ); // break; // } // if ($orderby == "id") { $orderby = "@id"; } if ($json_a['tail'] !== "off") { $order = "DESC"; } // Datetime filtering $fo_checkbox = $json_a['fo_checkbox']; $fo_date = $json_a['fo_date']; $fo_time_start = $json_a['fo_time_start']; $fo_time_end = $json_a['fo_time_end']; $lo_checkbox = $json_a['lo_checkbox']; $lo_date = $json_a['lo_date']; $lo_time_start = $json_a['lo_time_start']; $lo_time_end = $json_a['lo_time_end']; if ($fo_checkbox == "on") { if ($fo_date != '') { list($start, $end) = explode(' to ', $fo_date); if ($end == '') { $end = "{$start}"; } if ($start == $end and $fo_time_start > $fo_time_end) { $endx = strtotime($end); $endx = $endx + 24 * 3600; $end = date('Y-m-d', mktime(0, 0, 0, date('m', $endx), date('d', $endx), date('Y', $endx))); } $start .= " {$fo_time_start}"; $end .= " {$fo_time_end}"; $fo_start = "{$start}"; $fo_end = "{$end}"; } } if ($lo_checkbox == "on") { if ($lo_date != '') { list($start, $end) = explode(' to ', $lo_date); if ($end == '') { $end = "{$start}"; } if ($start == $end and $lo_time_start > $lo_time_end) { $endx = strtotime($end); $endx = $endx + 24 * 3600; $end = date('Y-m-d', mktime(0, 0, 0, date('m', $endx), date('d', $endx), date('Y', $endx))); } $start .= " {$lo_time_start}"; $end .= " {$lo_time_end}"; $lo_start = "{$start}"; $lo_end = "{$end}"; } } if ($json_a['fo_checkbox'] == "on" and $fo_start and $fo_end) { $sphinxfilters[] = "fo>=" . strtotime("{$fo_start}") . " AND fo<=" . strtotime("{$fo_end}"); } if ($json_a['lo_checkbox'] == "on" and $lo_start and $lo_end) { $sphinxfilters[] = "lo>=" . strtotime("{$lo_start}") . " AND lo<=" . strtotime("{$lo_end}"); } // Duplicates filtering $min = "0"; $max = "9999999999"; if ($dupop && $dupop !== 'undefined') { switch ($dupop) { case "gt": $dupop = ">"; $min = $dupcount + 1; break; case "lt": $dupop = "<"; $max = $dupcount - 1; break; case "eq": $dupop = "="; $min = $dupcount; $max = $dupcount; break; case "gte": $dupop = ">="; $min = $dupcount; break; $min = $dupcount; case "lte": $dupop = "<="; break; } } // echo "$min - $max\n"; // $cl->SetFilterRange ( 'counter', intval($min), intval($max) ); $sphinxfilters[] = "counter>={$min} AND counter<={$max}"; $sphinxlimit = "LIMIT 0,{$limit}"; $sphinxoptions = "OPTION max_matches={$spx_max} "; // $cl->setLimits(0,intval($limit), $spx_max); $countfield = ""; if ($json_a['groupby']) { $groupby = $json_a['groupby']; switch ($groupby) { case "mne": $val = mne2crc('None'); $sphinxfilters[] = "mne!={$val}"; // $cl->SetFilter( 'mne', array($val), true ); break; case "eid": // $cl->SetFilter( 'eid', array(0), true ); $sphinxfilters[] = "eid!=0"; break; } // always use top n records count in charts $sphinxgroupby = "GROUP BY " . $json_a['groupby'] . " ORDER BY scount desc"; $countfield = ", count(*) as count"; // $cl->setGroupBy($json_a['groupby'],SPH_GROUPBY_ATTR,"$orderby $order"); } else { // $cl->SetSortMode ( SPH_SORT_EXTENDED , "$orderby $order" ); // always use top n records count in charts $sphinxgroupby = "ORDER BY scount desc"; } // make the querys $counter = 0; $hosts = ""; $ids = array(); // fetch the hosts if (is_array($json_a['hosts'])) { foreach ($json_a['hosts'] as $key => $h) { if ($h !== '') { // [[ticket:304]] // #407 - make sure all hosts are crc32 if (!is_numeric($h)) { $h = crc32($h); } $hosts = $hosts . $h . ","; $counter = $counter + 1; } // split query in max 100 hosts // cdukes - [[ticket:426]] - changed to 15000 if ($counter >= 15000) { $hosts = rtrim($hosts, ","); $shosts = $scl->real_escape_string($hosts); $search_string = $msg_mask . $notes_mask; if ($lo_start < date('Y-m-d') . " 00:00:00") { $query = " AND MATCH ('@dummy dummy {$search_string}')"; } else { if ($search_string) { $query = " AND MATCH ('@dummy dummy {$search_string}')"; } } // Test for empty search and remove whitespaces $search_string = preg_replace('/^\\s+$/', '', $search_string); $search_string = preg_replace('/\\s+$/', '', $search_string); // get the columns we are sorting // speedup: when use use today only idx_last_24h is used if ($lo_start < date('Y-m-d') . " 00:00:00") { $sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from distributed where "; } else { $sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from idx_last_24h where "; } if (sizeof($sphinxfilters) > 0) { $sphinxstatement .= implode($sphinxfilters, ' AND '); } $sphinxstatement .= " {$query} and host_crc in ({$hosts}) {$sphinxgroupby} {$sphinxlimit} {$sphinxoptions}"; action("GRAPH: Searching using sphinx " . $sphinxstatement); $result = $scl->query($sphinxstatement); if ($result) { while (list($name, $value) = $result->fetch_row()) { $ids[$name] += $value; } } $counter = 0; $hosts = ""; } } } // catch the last few hosts if ($hosts != "") { $hosts = rtrim($hosts, ","); $hosts = $scl->real_escape_string($hosts); $search_string = $msg_mask . $notes_mask; if ($lo_start < date('Y-m-d') . " 00:00:00") { $query = " AND MATCH ('@dummy dummy {$search_string}')"; } else { if ($search_string) { $query = " AND MATCH ('@dummy dummy {$search_string}')"; } } // Test for empty search and remove whitespaces $search_string = preg_replace('/^\\s+$/', '', $search_string); $search_string = preg_replace('/\\s+$/', '', $search_string); // get the columns we are sorting // speedup: when use use today only idx_last_24h is used if ($lo_start < date('Y-m-d') . " 00:00:00") { $sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from distributed where "; } else { $sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from idx_last_24h where "; } if (sizeof($sphinxfilters) > 0) { $sphinxstatement .= implode($sphinxfilters, ' AND '); } $sphinxstatement .= " {$query} and host_crc in ({$hosts}) {$sphinxgroupby} {$sphinxlimit} {$sphinxoptions}"; action("GRAPH2: Searching using sphinx " . $sphinxstatement); $result = $scl->query($sphinxstatement); if ($result) { while (list($name, $value) = $result->fetch_row()) { $ids[$name] += $value; } } } // sort the results array arsort($ids); $keys = array_keys($ids); $values = array_values($ids); // limit to query to 100 if ($limit > count($values)) { $limit = count($values); } for ($i = 0; $i < $limit; $i++) { $found_ids[$i][$json_a['groupby']] = $keys[$i]; $found_ids[$i]['scount'] = $values[$i]; } return json_encode($found_ids); }