$where .= " AND eid IN (";
$searchArr['eids'] = array_unique($searchArr['eids']);
foreach ($searchArr['eids'] as $eid) {
$qstring .= "&eids[]=$eid";
$where.= "'$eid',";
}
$where = rtrim($where, ",");
$where .= ")";
}
if(is_array($searchArr['programs'])) {
$where .= " AND program IN (";
$searchArr['programs'] = array_unique($searchArr['programs']);
foreach ($searchArr['programs'] as $program) {
$qstring .= "&programs[]=" . rawurlencode($program);
$where.= "'".prg2crc($program)."',";
}
$where = rtrim($where, ",");
$where .= ")";
}
$tail_where = $where;
//------------------------------------------------------------
// Run the search query to get results from Sphinx
//------------------------------------------------------------
if ($page == "Graph") {
$json_o = search_graph(json_encode($searchArr), $spx_max, "distributed", $spx_ip, $spx_port);
} else {
$json_o = search(json_encode($searchArr), $spx_max, "distributed", $spx_ip, $spx_port);
}
function search_graph($json_o, $spx_max, $index = "idx_logs idx_delta_logs", $spx_ip, $spx_port)
{
$basePath = dirname(__FILE__);
// require_once ($basePath . "/SPHINX.class.php");
// Grab the settings from the database if not as parameter
if ($spx_max == '') {
$spx_max = $_SESSION[SPX_MAX_MATCHES];
}
if ($spx_ip == '') {
$spx_ip = $_SESSION[SPX_SRV];
}
if ($spx_port == '') {
$spx_port = $_SESSION[SPX_PORT];
}
// let us try to invoke sphinxql here instead...
$scl = new mysqli(SPHINXHOST, '', '', '', SPHINXPORT);
if (mysqli_connect_errno()) {
return sprintf("Sphinxql error in connect: %d %s\n", mysqli_connect_errno(), mysqli_connect_error() . "<br>The Sphinx daemon may not be running.");
}
//$cl = new SphinxClient ();
//$cl->SetServer ( $spx_ip, $spx_port );
// Decode json object into an array:
$json_a = json_decode($json_o, true);
//die(print_r($json_a));
// Set All Defaults in case they aren't sent via the json object
$dupop = !empty($json_a['dupop']) ? $json_a['dupop'] : ">=";
$dupcount = !empty($json_a['dupcount']) ? $json_a['dupcount'] : 0;
$orderby = !empty($json_a['orderby']) ? $json_a['orderby'] : "id";
$order = !empty($json_a['order']) ? $json_a['order'] : "ASC";
$limit = !empty($json_a['limit']) ? $json_a['limit'] : $spx_max;
$show_suppressed = !empty($json_a['show_suppressed']) ? $json_a['show_suppressed'] : "all";
$q_type = !empty($json_a['q_type']) ? $json_a['q_type'] : "boolean";
$search_op = !empty($json_a['search_op']) ? $json_a['search_op'] : "|";
// loop through array to get the fields that the user wants to search on:
// Note: Only certain values need to be looped here for modification before presenting to sphinx.
// many of the items not looped below can be called directly using $json_a['name'];
foreach ($json_a as $key => $val) {
// echo "Key = $key, Val = $val\n";
switch ($key) {
// Strings
case 'msg_mask':
// $val = real_escape_string( $cl->EscapeString ($val);
$val = $scl->real_escape_string($val);
$val = EscapeSphinxQL($val);
$msg_mask .= $val . " {$search_op} ";
break;
case 'notes_mask':
foreach ($val as $subkey => $subval) {
// echo "SubKey = $subkey, SubVal = $subval\n";
// $subval = $cl->EscapeString ($subval);
$subval = mysql_real_escape_string($subval, $scl);
$notes_mask .= $subval . " {$search_op} ";
}
break;
/* case 'hosts':
foreach ($val as $subkey=>$subval) {
// echo "SubKey = $subkey, SubVal = $subval\n";
// $subval = $cl->EscapeString ($subval);
$subval = $scl->real_escape_string($subval);
$hosts .= $subval . " $search_op ";
}
break;
*/
/* case 'hosts':
foreach ($val as $subkey=>$subval) {
// echo "SubKey = $subkey, SubVal = $subval\n";
// $subval = $cl->EscapeString ($subval);
$subval = $scl->real_escape_string($subval);
$hosts .= $subval . " $search_op ";
}
break;
*/
case 'mnemonics':
foreach ($val as $subkey => $subval) {
// echo "SubKey = $subkey, SubVal = $subval\n";
if (!preg_match('/^\\d+$/', $subval)) {
$mnes[] .= mne2crc($subval);
} else {
$mnes[] .= $subval;
}
}
break;
case 'eids':
foreach ($val as $subkey => $subval) {
// echo "SubKey = $subkey, SubVal = $subval\n";
$eids[] .= $subval;
}
break;
case 'programs':
foreach ($val as $subkey => $subval) {
// echo "SubKey = $subkey, SubVal = $subval\n";
if (!preg_match('/^\\d+$/', $subval)) {
$prgs[] .= prg2crc($subval);
} else {
$prgs[] .= $subval;
}
}
break;
}
}
// die(print_r($json_a));
$msg_mask = rtrim($msg_mask, " {$search_op} ");
// $hosts = rtrim($hosts, " $search_op ");
$notes_mask = rtrim($notes_mask, " {$search_op} ");
// Add DB column to strings
if (!preg_match('/any|all|phrase/', $q_type)) {
if ($msg_mask) {
$msg_mask = "@MSG " . $msg_mask . " ";
}
/* if ($hosts) {
$hosts = "@HOST " . $hosts . " ";
}
*/
if ($notes_mask) {
$notes_mask = "@NOTES " . $notes_mask;
}
}
$sphinxfilters = array();
// SetFilter used on integer fields - takes an array
if ($json_a['severities']) {
// $cl->SetFilter( 'severity', $json_a['severities'] );
$sphinxfilters[] = "severity in (" . implode($json_a[severities], ',') . ")";
}
if ($json_a['facilities']) {
// $cl->SetFilter( 'facility', $json_a['facilities'] );
$sphinxfilters[] = "facility in (" . implode($json_a[facilities], ',') . ")";
}
if (is_array($eids)) {
// $cl->SetFilter( 'eid', $eids );
$sphinxfilters[] = "eid in (" . implode($eids, ',') . ")";
}
if ($json_a['mnemonics']) {
// $cl->SetFilter( 'mne', $mnes );
$sphinxfilters[] = "mne in (" . implode($mnes, ',') . ")";
}
if ($json_a['programs']) {
// $cl->SetFilter( 'program', $prgs );
$sphinxfilters[] = "program in (" . implode($prgs, ',') . ")";
}
// this is not supported by sphinxql proto - due to the old code.
// for now is only 'extended2' is the active, and the rest could be
// simulated (and actually do internally) by extended2.
// switch ($q_type) {
// case "any":
// $cl->SetMatchMode ( SPH_MATCH_ANY );
// break;
// case "all":
// $cl->SetMatchMode ( SPH_MATCH_ALL );
// break;
// case "phrase":
// $cl->SetMatchMode ( SPH_MATCH_PHRASE );
// break;
// case "boolean":
// $cl->SetMatchMode ( SPH_MATCH_BOOLEAN );
// break;
// case "extended":
// $cl->SetMatchMode ( SPH_MATCH_EXTENDED2 );
// break;
// }
// if ($orderby == "id") { $orderby = "@id"; }
if ($json_a['tail'] !== "off") {
$order = "DESC";
}
// Datetime filtering
$fo_checkbox = $json_a['fo_checkbox'];
$fo_date = $json_a['fo_date'];
$fo_time_start = $json_a['fo_time_start'];
$fo_time_end = $json_a['fo_time_end'];
$lo_checkbox = $json_a['lo_checkbox'];
$lo_date = $json_a['lo_date'];
$lo_time_start = $json_a['lo_time_start'];
$lo_time_end = $json_a['lo_time_end'];
if ($fo_checkbox == "on") {
if ($fo_date != '') {
list($start, $end) = explode(' to ', $fo_date);
if ($end == '') {
$end = "{$start}";
}
if ($start == $end and $fo_time_start > $fo_time_end) {
$endx = strtotime($end);
$endx = $endx + 24 * 3600;
$end = date('Y-m-d', mktime(0, 0, 0, date('m', $endx), date('d', $endx), date('Y', $endx)));
}
$start .= " {$fo_time_start}";
$end .= " {$fo_time_end}";
$fo_start = "{$start}";
$fo_end = "{$end}";
}
}
if ($lo_checkbox == "on") {
if ($lo_date != '') {
list($start, $end) = explode(' to ', $lo_date);
if ($end == '') {
$end = "{$start}";
}
if ($start == $end and $lo_time_start > $lo_time_end) {
$endx = strtotime($end);
$endx = $endx + 24 * 3600;
$end = date('Y-m-d', mktime(0, 0, 0, date('m', $endx), date('d', $endx), date('Y', $endx)));
}
$start .= " {$lo_time_start}";
$end .= " {$lo_time_end}";
$lo_start = "{$start}";
$lo_end = "{$end}";
}
}
if ($json_a['fo_checkbox'] == "on" and $fo_start and $fo_end) {
$sphinxfilters[] = "fo>=" . strtotime("{$fo_start}") . " AND fo<=" . strtotime("{$fo_end}");
}
if ($json_a['lo_checkbox'] == "on" and $lo_start and $lo_end) {
$sphinxfilters[] = "lo>=" . strtotime("{$lo_start}") . " AND lo<=" . strtotime("{$lo_end}");
}
// Duplicates filtering
$min = "0";
$max = "9999999999";
if ($dupop && $dupop !== 'undefined') {
switch ($dupop) {
case "gt":
$dupop = ">";
$min = $dupcount + 1;
break;
case "lt":
$dupop = "<";
$max = $dupcount - 1;
break;
case "eq":
$dupop = "=";
$min = $dupcount;
$max = $dupcount;
break;
case "gte":
$dupop = ">=";
$min = $dupcount;
break;
$min = $dupcount;
case "lte":
$dupop = "<=";
break;
}
}
// echo "$min - $max\n";
// $cl->SetFilterRange ( 'counter', intval($min), intval($max) );
$sphinxfilters[] = "counter>={$min} AND counter<={$max}";
$sphinxlimit = "LIMIT 0,{$limit}";
$sphinxoptions = "OPTION max_matches={$spx_max} ";
// $cl->setLimits(0,intval($limit), $spx_max);
$countfield = "";
if ($json_a['groupby']) {
$groupby = $json_a['groupby'];
switch ($groupby) {
case "mne":
$val = mne2crc('None');
$sphinxfilters[] = "mne!={$val}";
// $cl->SetFilter( 'mne', array($val), true );
break;
case "eid":
// $cl->SetFilter( 'eid', array(0), true );
$sphinxfilters[] = "eid!=0";
break;
}
// always use top n records count in charts
$sphinxgroupby = "GROUP BY " . $json_a['groupby'] . " ORDER BY scount desc";
$countfield = ", count(*) as count";
// $cl->setGroupBy($json_a['groupby'],SPH_GROUPBY_ATTR,"$orderby $order");
} else {
// $cl->SetSortMode ( SPH_SORT_EXTENDED , "$orderby $order" );
// always use top n records count in charts
$sphinxgroupby = "ORDER BY scount desc";
}
// make the querys
$counter = 0;
$hosts = "";
$ids = array();
// fetch the hosts
if (is_array($json_a['hosts'])) {
foreach ($json_a['hosts'] as $key => $h) {
if ($h !== '') {
// [[ticket:304]]
// #407 - make sure all hosts are crc32
if (!is_numeric($h)) {
$h = crc32($h);
}
$hosts = $hosts . $h . ",";
$counter = $counter + 1;
}
// split query in max 100 hosts
// cdukes - [[ticket:426]] - changed to 15000
if ($counter >= 15000) {
$hosts = rtrim($hosts, ",");
$shosts = $scl->real_escape_string($hosts);
$search_string = $msg_mask . $notes_mask;
if ($lo_start < date('Y-m-d') . " 00:00:00") {
$query = " AND MATCH ('@dummy dummy {$search_string}')";
} else {
if ($search_string) {
$query = " AND MATCH ('@dummy dummy {$search_string}')";
}
}
// Test for empty search and remove whitespaces
$search_string = preg_replace('/^\\s+$/', '', $search_string);
$search_string = preg_replace('/\\s+$/', '', $search_string);
// get the columns we are sorting
// speedup: when use use today only idx_last_24h is used
if ($lo_start < date('Y-m-d') . " 00:00:00") {
$sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from distributed where ";
} else {
$sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from idx_last_24h where ";
}
if (sizeof($sphinxfilters) > 0) {
$sphinxstatement .= implode($sphinxfilters, ' AND ');
}
$sphinxstatement .= " {$query} and host_crc in ({$hosts}) {$sphinxgroupby} {$sphinxlimit} {$sphinxoptions}";
action("GRAPH: Searching using sphinx " . $sphinxstatement);
$result = $scl->query($sphinxstatement);
if ($result) {
while (list($name, $value) = $result->fetch_row()) {
$ids[$name] += $value;
}
}
$counter = 0;
$hosts = "";
}
}
}
// catch the last few hosts
if ($hosts != "") {
$hosts = rtrim($hosts, ",");
$hosts = $scl->real_escape_string($hosts);
$search_string = $msg_mask . $notes_mask;
if ($lo_start < date('Y-m-d') . " 00:00:00") {
$query = " AND MATCH ('@dummy dummy {$search_string}')";
} else {
if ($search_string) {
$query = " AND MATCH ('@dummy dummy {$search_string}')";
}
}
// Test for empty search and remove whitespaces
$search_string = preg_replace('/^\\s+$/', '', $search_string);
$search_string = preg_replace('/\\s+$/', '', $search_string);
// get the columns we are sorting
// speedup: when use use today only idx_last_24h is used
if ($lo_start < date('Y-m-d') . " 00:00:00") {
$sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from distributed where ";
} else {
$sphinxstatement = "Select " . $json_a['groupby'] . ", sum(counter) as scount from idx_last_24h where ";
}
if (sizeof($sphinxfilters) > 0) {
$sphinxstatement .= implode($sphinxfilters, ' AND ');
}
$sphinxstatement .= " {$query} and host_crc in ({$hosts}) {$sphinxgroupby} {$sphinxlimit} {$sphinxoptions}";
action("GRAPH2: Searching using sphinx " . $sphinxstatement);
$result = $scl->query($sphinxstatement);
if ($result) {
while (list($name, $value) = $result->fetch_row()) {
$ids[$name] += $value;
}
}
}
// sort the results array
arsort($ids);
$keys = array_keys($ids);
$values = array_values($ids);
// limit to query to 100
if ($limit > count($values)) {
$limit = count($values);
}
for ($i = 0; $i < $limit; $i++) {
$found_ids[$i][$json_a['groupby']] = $keys[$i];
$found_ids[$i]['scount'] = $values[$i];
}
return json_encode($found_ids);
}