RubyGems - logstash-filter-elasticsearchslowlog - Versions diffs - 0.1.0 - Mend

logstash-filter-elasticsearchslowlog 0.1.0

Files changed (12) hide show

checksums.yaml +7 -0
data/Gemfile +3 -0
data/LICENSE +11 -0
data/README.md +62 -0
data/lib/logstash/filters/elasticsearchslowlog.rb +170 -0
data/logstash-filter-elasticsearchslowlog.gemspec +26 -0
data/spec/filters/elasticsearchslowlog_spec.rb +68 -0
data/spec/filters/fixture_invalid.txt +3 -0
data/spec/filters/fixture_source_normalized.txt +18 -0
data/spec/filters/fixture_valid.txt +18 -0
data/spec/spec_helper.rb +2 -0
metadata +101 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: fb0e1037440cf9d6b2db6dc90728e4e627bac26f466ef83943c14a8851cc30a3
+  data.tar.gz: cc41cdd170f761773c804c0b2125a9bfe7cf24ab2a78f8bc45f8ea93454a85d7
+SHA512:
+  metadata.gz: 446ee3e16ee320630352c2205db4ebf43fdf1cd2f231b14a8d2a5a38ae8934ffdf2e0f22df9da06a5b6a3a84960cfc8ef0cb0ba50746a88f989aef42e2c59d78
+  data.tar.gz: f6dd7c9bce4342e5009e4e5b20d23698278376598df474292ca1999c4f32c5360db01b484c9122b4b4f17eb5ec96c101e586a1b68fc17fe7926bf8a50600e9bd

data/Gemfile ADDED Viewed

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE ADDED Viewed

@@ -0,0 +1,11 @@
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md ADDED Viewed

@@ -0,0 +1,62 @@
+# Elasticsearch Slowlog Logstash Plugin [![Build
+Status](https://travis-ci.org/ananthakumaran/logstash-filter-elasticsearchslowlog.svg?branch=master)](http://travis-ci.org/ananthakumaran/logstash-filter-elasticsearchslowlog)
+## Installation
+```
+logstash-plugin install logstash-filter-elasticsearchslowlog
+```
+## Sample Configuration
+```
+filter {
+  elasticsearchslowlog {
+  }
+  date {
+    match => ["local_timestamp", "ISO8601"]
+    timezone => "Asia/Jakarta"
+  }
+}
+```
+## What is it?
+Given a slowlog source message like
+```
+[2017-09-10T12:35:53,355][WARN ][index.search.slowlog.fetch] [GOgO9TD]
+[testindex-slowlogs][0] took[150.6micros], took_millis[0], types[],
+stats[], search_type[QUERY_THEN_FETCH], total_shards[5],
+source[{\"query\":{\"match\":{\"name\":{\"query\":\"Nariko\",\"operator\":\"OR\",\"prefix_length\":0,\"max_expansions\":50,\"fuzzy_transpositions\":true,\"lenient\":false,\"zero_terms_query\":\"NONE\",\"boost\":1.0}}},\"sort\":[{\"price\":{\"order\":\"desc\"}}]}]
+```
+the filter will parse and add the parsed fields to the event. In
+addition, it will also add `source_normalized` field, which is same as
+`source` except all the query params are replaced with `?`. This will
+help with grouping same queries with different params. A md5 hash of
+the normalized source is added as `source_id` field.
+```
+{
+                 "node" => "GOgO9TD",
+                "shard" => 0,
+               "source" => "{\"query\":{\"match\":{\"name\":{\"query\":\"Nariko\",\"operator\":\"OR\",\"prefix_length\":0,\"max_expansions\":50,\"fuzzy_transpositions\":true,\"lenient\":false,\"zero_terms_query\":\"NONE\",\"boost\":1.0}}},\"sort\":[{\"price\":{\"order\":\"desc\"}}]}",
+              "message" => "[2017-09-10T12:35:53,355][WARN ][index.search.slowlog.fetch] [GOgO9TD] [testindex-slowlogs][0] took[150.6micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{\"query\":{\"match\":{\"name\":{\"query\":\"Nariko\",\"operator\":\"OR\",\"prefix_length\":0,\"max_expansions\":50,\"fuzzy_transpositions\":true,\"lenient\":false,\"zero_terms_query\":\"NONE\",\"boost\":1.0}}},\"sort\":[{\"price\":{\"order\":\"desc\"}}]}]",
+                 "took" => "150.6micros",
+                "stats" => "",
+                "level" => "WARN",
+             "@version" => "1",
+                "index" => "testindex-slowlogs",
+      "local_timestamp" => "2017-09-10T12:35:53",
+           "@timestamp" => 2017-09-10T05:35:53.000Z,
+                 "host" => "Ananthas-MacBook-Pro.local",
+         "total_shards" => 5,
+    "source_normalized" => "{\"query\":{\"match\":{\"name\":{\"boost\":1.0,\"fuzzy_transpositions\":true,\"lenient\":false,\"max_expansions\":50,\"operator\":\"OR\",\"prefix_length\":0,\"query\":\"?\",\"zero_terms_query\":\"NONE\"}}},\"sort\":[{\"price\":{\"order\":\"desc\"}}]}",
+            "source_id" => "289972b28",
+                "types" => "",
+          "search_type" => "QUERY_THEN_FETCH",
+          "took_millis" => 0
+}
+```

data/lib/logstash/filters/elasticsearchslowlog.rb ADDED Viewed

@@ -0,0 +1,170 @@
+# frozen_string_literal: true
+require "logstash/filters/base"
+require "json"
+require "deepsort"
+class LogStash::Filters::Elasticsearchslowlog < LogStash::Filters::Base
+  #
+  # filter {
+  #   elasticsearchslowlog {
+  #   }
+  # }
+  #
+  config_name "elasticsearchslowlog"
+  # The field to perform filter
+  #
+  # Example, to use the @message field (default) :
+  # [source,ruby]
+  #     filter { elasticsearchslowlog { source => "message" } }
+  config :source, validate: :string, default: "message"
+  def register
+    # Add instance variables
+  end
+  SLOWLOG_REGEX = /^\s*\[(?<local_timestamp>[^,]+),\d+\]\s*\[(?<level>.+?)\s*\]\s*\[index.search.slowlog.(?:query|fetch)\]\s*\[(?<node>.+?)\]\s*\[(?<index>.+?)\]\s*\[(?<shard>.+?)\]\s*(?<key_values>.+)$/.freeze
+  def filter(event)
+    message = event.get(@source)
+    if message
+      if matches = message.match(SLOWLOG_REGEX)
+        captures = matches.names.zip(matches.captures).to_h
+        captures.each do |key, value|
+          next if key == 'key_values'
+          if ['shard'].include?(key)
+            value = value.to_i
+          end
+          event.set(key, value)
+        end
+        if captures['key_values']
+          key_values = parse_key_values(captures['key_values'])
+          key_values.each do |key, value|
+            if ['took_millis', 'total_shards'].include?(key)
+              value = value.to_i
+            end
+            event.set(key, value)
+          end
+          source = key_values['source']
+          if source
+            normalized = normalize_source(source)
+            if normalized
+              normalized = JSON.dump(normalized)
+              source_id = Digest::MD5.hexdigest(normalized)[0..8]
+              event.set('source_normalized', normalized)
+              event.set('source_id', source_id)
+            end
+          end
+        end
+      end
+    end
+    filter_matched(event)
+  end
+  private
+  def parse_key_values(kv)
+    state = :name
+    result = {}
+    name_start = 0
+    value_start = 0
+    open_brackets = 0
+    name = nil
+    pos = 0
+    while pos < kv.length
+      char = kv[pos]
+      case state
+      when :name
+        if char == '['
+          name = kv[name_start..pos - 1]
+          value_start = pos + 1
+          state = :value
+        end
+      when :value
+        if char == ']' && open_brackets.zero?
+          result[name] = kv[value_start..pos - 1]
+          pos += 2
+          state = :name
+          name_start = pos + 1
+        elsif char == ']'
+          open_brackets -= 1
+        elsif char == '['
+          open_brackets += 1
+        end
+      end
+      pos += 1
+    end
+    result
+  end
+  def normalize_source(source)
+    source = JSON.parse(source)
+    source.delete("from")
+    source.delete("size")
+    clean_params(source["query"])
+    clean_params(source["aggregations"])
+    source.deep_sort
+  rescue JSON::ParserError
+    nil
+  end
+  def clean_params(query)
+    if query.is_a?(Array)
+      query.each { |q| clean_params(q) }
+    elsif query.is_a?(Hash)
+      if query.key?('term')
+        delete_path(query, ['term', '*', 'value'])
+      elsif query.key?('terms')
+        delete_path(query, ['terms', '*'])
+      elsif query.key?('wildcard')
+        delete_path(query, ['wildcard', '*', 'wildcard'])
+      elsif query.key?('range')
+        delete_path(query, ['range', '*', 'from'])
+        delete_path(query, ['range', '*', 'to'])
+      elsif query.key?('match')
+        delete_path(query, ['match', '*', 'query'])
+      elsif query.key?('exists')
+        delete_path(query, ['exists', 'field'])
+      elsif query.key?('date_histogram')
+        delete_path(query, ['date_histogram', 'extended_bounds', 'max'])
+        delete_path(query, ['date_histogram', 'extended_bounds', 'min'])
+      elsif query.key?('prefix')
+        delete_path(query, ['prefix', '*', 'value'])
+      elsif query.key?('regexp')
+        delete_path(query, ['regexp', '*', 'value'])
+      elsif query.key?('fuzzy')
+        delete_path(query, ['fuzzy', '*', 'value'])
+      elsif query.key?('ids')
+        delete_path(query, ['ids', 'values'])
+      elsif query.key?('parent_id')
+        delete_path(query, ['parent_id', 'id'])
+      end
+      query.each { |_k, v| clean_params(v) }
+    end
+  end
+  def delete_path(object, path)
+    if !path.empty? && object
+      head, *tail = path
+      if !tail.empty? && head == "*"
+        if object.is_a?(Array)
+          object.each { |v| delete_path(v, tail) }
+        elsif object.is_a?(Hash)
+          object.each { |_k, v| delete_path(v, tail) }
+        end
+      elsif tail.empty? && head == "*"
+        if object.is_a?(Hash)
+          object.each { |k, _v| object[k] = "?" }
+        end
+      elsif !tail.empty? && object.is_a?(Hash)
+        delete_path(object[head], tail)
+      elsif tail.empty? && object.is_a?(Hash)
+        object[head] = "?"
+      end
+    end
+  end
+end

data/logstash-filter-elasticsearchslowlog.gemspec ADDED Viewed

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+Gem::Specification.new do |s|
+  s.name          = 'logstash-filter-elasticsearchslowlog'
+  s.version       = '0.1.0'
+  s.licenses      = ['Apache-2.0']
+  s.summary       = 'elasticsearch slowlog parser'
+  s.description   = 'elasticsearch slowlog parser'
+  s.homepage      = 'https://github.com/ananthakumaran/logstash-filter-elasticsearchslowlog'
+  s.authors       = ['Anantha Kumaran']
+  s.email         = 'ananthakumaran@gmail.com'
+  s.require_paths = ['lib']
+  # Files
+  s.files = Dir['lib/**/*', 'spec/**/*', 'vendor/**/*', '*.gemspec', '*.md', 'CONTRIBUTORS', 'Gemfile', 'LICENSE', 'NOTICE.TXT']
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
+  # Gem dependencies
+  s.add_runtime_dependency "deepsort", "~> 0.4"
+  s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
+  s.add_development_dependency 'logstash-devutils'
+end

data/spec/filters/elasticsearchslowlog_spec.rb ADDED Viewed

@@ -0,0 +1,68 @@
+# encoding: utf-8
+require_relative '../spec_helper'
+require "logstash/filters/elasticsearchslowlog"
+describe LogStash::Filters::Elasticsearchslowlog do
+  let(:config) do <<-CONFIG
+      filter {
+        elasticsearchslowlog {
+        }
+      }
+    CONFIG
+  end
+  describe "filter" do
+    sample("message" => "some text") do
+      expect(subject.get('message')).to eq('some text')
+    end
+    sample("message" => '[2019-05-07T15:27:34,422][TRACE ][index.search.slowlog.query] [elasticsearch-data7.mid.veritrans.co.id] [transactionsv3_2018-12][2] took[350.9ms], took_millis[350], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":20,"query":{"bool":{"filter":[{"terms":{"transaction.merchant_id":["abcd"],"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}],') do
+      expect(subject.get('local_timestamp')).to eq('2019-05-07T15:27:34')
+      expect(subject.get('level')).to eq('TRACE')
+      expect(subject.get('node')).to eq('elasticsearch-data7.mid.veritrans.co.id')
+      expect(subject.get('index')).to eq('transactionsv3_2018-12')
+      expect(subject.get('shard')).to eq(2)
+      expect(subject.get('took_millis')).to eq(350)
+      expect(subject.get('types')).to eq('transaction')
+      expect(subject.get('search_type')).to eq('QUERY_THEN_FETCH')
+      expect(subject.get('total_shards')).to eq(111)
+      expect(subject.get('source')).to eq('{"from":0,"size":20,"query":{"bool":{"filter":[{"terms":{"transaction.merchant_id":["abcd"],"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}')
+      expect(subject).to include('source_id')
+    end
+  end
+  messages = IO.read(File.join(__dir__, 'fixture_valid.txt')).split("\n")
+  source_normalized = IO.read(File.join(__dir__, 'fixture_source_normalized.txt')).split("\n")
+  messages.each_with_index do |message, i|
+    describe "fixtures_valid #{i}" do
+      sample('message' => message) do
+        expect(subject).to include('message')
+        expect(subject).to include('local_timestamp')
+        expect(subject).to include('level')
+        expect(subject).to include('node')
+        expect(subject).to include('index')
+        expect(subject).to include('shard')
+        expect(subject).to include('took_millis')
+        expect(subject).to include('types')
+        expect(subject).to include('search_type')
+        expect(subject).to include('total_shards')
+        expect(subject).to include('source')
+        expect(subject).to include('source_id')
+        unless subject.get('source_normalized') == source_normalized[i]
+          puts subject.get('source_normalized')
+        end
+        expect(subject.get('source_normalized')).to eq(source_normalized[i])
+      end
+    end
+  end
+  invalid_messages = IO.read(File.join(__dir__, 'fixture_invalid.txt')).split("\n")
+  invalid_messages.each_with_index do |message, i|
+    describe "fixtures_invalid #{i}" do
+      sample('message' => message) do
+        expect(subject).to include('message')
+      end
+    end
+  end
+end

data/spec/filters/fixture_invalid.txt ADDED Viewed

@@ -0,0 +1,3 @@
+[2019-05-07T17:40:31,563][INFO ][o.e.m.j.JvmGcMonitorService] [elasticsearch-data5.mid.veritrans.co.id] [gc][21591827] overhead, spent [286ms] collecting in the last [1s]
+[2019-05-07T14:24:33,982][WARN ][index.search.slowlog.query] [elasticsearch-data5.mid.veritrans.co.id] [transactionsv3_2018-10][2] took[1.1s], took_millis[1141], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":20,"query":{"bool":{"filter":[{"terms":{"transaction.merchant_id":["M105477"],"boost":1.0}},{"range":{"transaction.gross_amount":{"from":88372800,"to":null,"include_lower":true,"include_upper":true,"boost":1.0}}},{"range":{"transaction.gross_amount":{"from":null,"to":88372800,"include_lower":true,"include_upper":true,"boost":1.0}}},{"term":{"transaction.currency":{"value":"IDR","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_tim],
+[2017-09-10T12:35:53,352][WARN ][index.search.slowlog.query] [GOgO9TD] [testindex-slowlogs][1] took[197.6micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{"query":{"match":{"name":{"query":"Nariko","operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions":true,"lenient":false,"zero_terms_query":"NONE","boost":1.0}}},"sort":[{"price":{"order":"desc"}]}],

data/spec/filters/fixture_source_normalized.txt ADDED Viewed

@@ -0,0 +1,18 @@
+{"query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"wildcard":{"transaction.order_id.downcase":{"boost":1.0,"wildcard":"?"}}}]}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}
+{"query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"wildcard":{"transaction.order_id.downcase":{"boost":1.0,"wildcard":"?"}}}]}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}
+{"query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"terms":{"boost":"?","transaction.merchant_id":"?"}}]}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}
+{"query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"wildcard":{"transaction.order_id.downcase":{"boost":1.0,"wildcard":"?"}}}]}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}
+{"query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"wildcard":{"transaction.order_id.downcase":{"boost":1.0,"wildcard":"?"}}}]}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}
+{"query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"range":{"transaction.gross_amount":{"boost":1.0,"from":"?","include_lower":true,"include_upper":true,"to":"?"}}},{"range":{"transaction.gross_amount":{"boost":1.0,"from":"?","include_lower":true,"include_upper":true,"to":"?"}}},{"term":{"transaction.currency":{"boost":1.0,"value":"?"}}},{"terms":{"boost":"?","transaction.merchant_id":"?"}}]}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}
+{"sort":[{"transaction.transaction_time":{"order":"desc"}}]}
+{"query":{"match":{"name":{"boost":1.0,"fuzzy_transpositions":true,"lenient":false,"max_expansions":50,"operator":"OR","prefix_length":0,"query":"?","zero_terms_query":"NONE"}}},"sort":[{"price":{"order":"desc"}}]}
+{"query":{"match":{"name":{"boost":1.0,"fuzzy_transpositions":true,"lenient":false,"max_expansions":50,"operator":"OR","prefix_length":0,"query":"?","zero_terms_query":"NONE"}}},"sort":[{"price":{"order":"desc"}}]}
+{"query":{"match":{"name":{"boost":1.0,"fuzzy_transpositions":true,"lenient":false,"max_expansions":50,"operator":"OR","prefix_length":0,"query":"?","zero_terms_query":"NONE"}}},"sort":[{"price":{"order":"desc"}}]}
+{"query":{"match":{"name":{"boost":1.0,"fuzzy_transpositions":true,"lenient":false,"max_expansions":50,"operator":"OR","prefix_length":0,"query":"?","zero_terms_query":"NONE"}}},"sort":[{"price":{"order":"desc"}}]}
+{"query":{"match":{"name":{"boost":1.0,"fuzzy_transpositions":true,"lenient":false,"max_expansions":50,"operator":"OR","prefix_length":0,"query":"?","zero_terms_query":"NONE"}}},"sort":[{"price":{"order":"desc"}}]}
+{"query":{"match":{"name":{"boost":1.0,"fuzzy_transpositions":true,"lenient":false,"max_expansions":50,"operator":"OR","prefix_length":0,"query":"?","zero_terms_query":"NONE"}}},"sort":[{"price":{"order":"desc"}}]}
+{"aggregations":{"bank_transfers":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"filters":{"filters":{"bca":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"nested":{"boost":1.0,"ignore_unmapped":false,"path":"virtual_accounts","query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"term":{"virtual_accounts.bank":{"boost":1.0,"value":"?"}}}]}},"score_mode":"avg"}},{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}},{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}]}},"permata":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"nested":{"boost":1.0,"ignore_unmapped":false,"path":"virtual_accounts","query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"term":{"virtual_accounts.bank":{"boost":1.0,"value":"?"}}}]}},"score_mode":"avg"}},{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}},{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}]}}},"other_bucket":false,"other_bucket_key":"_other_"}},"by_merchant":{"aggregations":{"bank_transfer_payments":{"aggregations":{"bank_denied":{"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}},{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}],"must_not":[{"term":{"transaction.fraud_status":{"boost":1.0,"value":"?"}}}]}}},"canceled":{"filter":{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}},"settlement_amount":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"filter":{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}}},"filters":{"filters":{"bca":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"nested":{"boost":1.0,"ignore_unmapped":false,"path":"virtual_accounts","query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"term":{"virtual_accounts.bank":{"boost":1.0,"value":"?"}}}]}},"score_mode":"avg"}},{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}}]}},"permata":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"nested":{"boost":1.0,"ignore_unmapped":false,"path":"virtual_accounts","query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"term":{"virtual_accounts.bank":{"boost":1.0,"value":"?"}}}]}},"score_mode":"avg"}},{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}}]}}},"other_bucket":false,"other_bucket_key":"_other_"}},"credit_card_payments":{"aggregations":{"by_banks":{"aggregations":{"bank_denied":{"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}},{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}],"must_not":[{"term":{"transaction.fraud_status":{"boost":1.0,"value":"?"}}}]}}},"canceled":{"filter":{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}},"settlement_amount":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"filter":{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}}},"terms":{"field":"?","min_doc_count":"?","order":"?","shard_min_doc_count":"?","show_term_doc_count_error":"?","size":"?"}}},"filter":{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}}},"other_payments":{"aggregations":{"per_payment_type":{"aggregations":{"bank_denied":{"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}},{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}],"must_not":[{"term":{"transaction.fraud_status":{"boost":1.0,"value":"?"}}}]}}},"canceled":{"filter":{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}},"settlement_amount":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"filter":{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}}},"terms":{"field":"?","min_doc_count":"?","order":"?","shard_min_doc_count":"?","show_term_doc_count_error":"?","size":"?"}}},"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must_not":[{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}},{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}}]}}}},"terms":{"field":"?","min_doc_count":"?","order":"?","shard_min_doc_count":"?","show_term_doc_count_error":"?","size":"?"}},"credit_card_banks":{"aggregations":{"by_banks":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"terms":{"field":"?","min_doc_count":"?","order":"?","shard_min_doc_count":"?","show_term_doc_count_error":"?","size":"?"}}},"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}},{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}]}}},"other_payments":{"aggregations":{"by_payment_type":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"terms":{"field":"?","min_doc_count":"?","order":"?","shard_min_doc_count":"?","show_term_doc_count_error":"?","size":"?"}}},"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}],"must_not":[{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}},{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}}]}}},"transaction_deny_by_bank":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}},{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}],"must_not":[{"term":{"transaction.fraud_status":{"boost":1.0,"value":"?"}}}]}}},"transactions_by_status":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"terms":{"field":"?","min_doc_count":"?","order":"?","shard_min_doc_count":"?","show_term_doc_count_error":"?","size":"?"}},"transactions_cancel":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"filter":{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}},"transactions_challange":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"filter":{"term":{"transaction.fraud_status":{"boost":1.0,"value":"?"}}}},"transactions_deny_by_fds":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"filter":{"term":{"transaction.fraud_status":{"boost":1.0,"value":"?"}}}},"transactions_settlement":{"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}},"filter":{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}}},"query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"match_none":{"boost":1.0}}]}}}
+{"aggregations":{"brand":{"sum":{"field":"transaction.real_gross_amount"}},"by_merchant":{"aggregations":{"total":{"sum":{"field":"transaction.real_gross_amount"}}},"terms":{"field":"?","min_doc_count":"?","order":"?","shard_min_doc_count":"?","show_term_doc_count_error":"?","size":"?"}},"goresto":{"aggregations":{"total":{"sum":{"field":"transaction.real_gross_amount"}}},"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"term":{"source":{"boost":1.0,"value":"?"}}}]}}}},"query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"match":{"transaction.payment_type":{"boost":1.0,"fuzzy_transpositions":true,"lenient":false,"max_expansions":50,"operator":"OR","prefix_length":0,"query":"?","zero_terms_query":"NONE"}}},{"match_none":{"boost":1.0}},{"range":{"transaction.transaction_time":{"boost":1.0,"from":"?","include_lower":true,"include_upper":true,"to":"?"}}},{"term":{"transaction.merchant_id":{"boost":1.0,"value":"?"}}}]}},{"terms":{"boost":"?","transaction.merchant_id":"?"}}]}}}
+{"aggregations":{"current":{"aggregations":{"monitoring_failed":{"aggregations":{"per_half_hour":{"date_histogram":{"extended_bounds":{"max":"?","min":"?"},"field":"transaction.transaction_time","interval":"30m","keyed":true,"min_doc_count":0,"offset":0,"order":{"_key":"asc"},"time_zone":"+07:00"}}},"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must_not":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"should":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"should":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"terms":{"boost":"?","transaction.fraud_status":"?"}}]}},{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must_not":[{"exists":{"boost":1.0,"field":"?"}}]}}]}},{"terms":{"boost":"?","transaction.status":"?"}}]}},{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}]}}]}}},"monitoring_pending":{"aggregations":{"per_half_hour":{"date_histogram":{"extended_bounds":{"max":"?","min":"?"},"field":"transaction.transaction_time","interval":"30m","keyed":true,"min_doc_count":0,"offset":0,"order":{"_key":"asc"},"time_zone":"+07:00"}}},"filter":{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}},"monitoring_successfull":{"aggregations":{"per_half_hour":{"date_histogram":{"extended_bounds":{"max":"?","min":"?"},"field":"transaction.transaction_time","interval":"30m","keyed":true,"min_doc_count":0,"offset":0,"order":{"_key":"asc"},"time_zone":"+07:00"}}},"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"should":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"should":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"terms":{"boost":"?","transaction.fraud_status":"?"}}]}},{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must_not":[{"exists":{"boost":1.0,"field":"?"}}]}}]}},{"terms":{"boost":"?","transaction.status":"?"}}]}},{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}]}}}},"filter":{"range":{"transaction.transaction_time":{"boost":1.0,"from":"?","include_lower":false,"include_upper":true,"to":"?"}}}},"last_week":{"aggregations":{"monitoring_failed":{"aggregations":{"per_half_hour":{"date_histogram":{"extended_bounds":{"max":"?","min":"?"},"field":"transaction.transaction_time","interval":"30m","keyed":true,"min_doc_count":0,"offset":0,"order":{"_key":"asc"},"time_zone":"+07:00"}}},"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must_not":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"should":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"should":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"terms":{"boost":"?","transaction.fraud_status":"?"}}]}},{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must_not":[{"exists":{"boost":1.0,"field":"?"}}]}}]}},{"terms":{"boost":"?","transaction.status":"?"}}]}},{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}]}}]}}},"monitoring_successfull":{"aggregations":{"per_half_hour":{"date_histogram":{"extended_bounds":{"max":"?","min":"?"},"field":"transaction.transaction_time","interval":"30m","keyed":true,"min_doc_count":0,"offset":0,"order":{"_key":"asc"},"time_zone":"+07:00"}}},"filter":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"should":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"should":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"terms":{"boost":"?","transaction.fraud_status":"?"}}]}},{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must_not":[{"exists":{"boost":1.0,"field":"?"}}]}}]}},{"terms":{"boost":"?","transaction.status":"?"}}]}},{"term":{"transaction.status":{"boost":1.0,"value":"?"}}}]}}}},"filter":{"range":{"transaction.transaction_time":{"boost":1.0,"from":"?","include_lower":false,"include_upper":true,"to":"?"}}}}},"query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"must":[{"term":{"acquiring_bank":{"boost":1.0,"value":"?"}}},{"term":{"transaction.payment_type":{"boost":1.0,"value":"?"}}}]}}}
+{"query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"term":{"transaction.currency":{"boost":1.0,"value":"?"}}},{"terms":{"boost":"?","transaction.merchant_id":"?"}}],"must":[{"prefix":{"transaction.order_id.downcase":{"boost":1.0,"value":"?"}}}]}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}
+{"query":{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"filter":[{"bool":{"adjust_pure_negative":true,"boost":1.0,"disable_coord":false,"should":[{"terms":{"boost":"?","parent_transaction_id":"?"}},{"terms":{"boost":"?","transaction_id":"?"}}]}},{"type":{"boost":1.0,"value":"share"}}]}}}

data/spec/filters/fixture_valid.txt ADDED Viewed

@@ -0,0 +1,18 @@
+[2019-05-07T17:34:38,523][INFO ][index.search.slowlog.query] [elasticsearch-data4.mid.veritrans.co.id] [transactionsv3_2018-12][1] took[939.7ms], took_millis[939], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":30,"query":{"bool":{"filter":[{"wildcard":{"transaction.order_id.downcase":{"wildcard":"*300180072*","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}],
+[2019-05-07T17:06:33,105][DEBUG][index.search.slowlog.query] [elasticsearch-data6.mid.veritrans.co.id] [transactionsv3_2018-09][2] took[530.5ms], took_millis[530], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":30,"query":{"bool":{"filter":[{"wildcard":{"transaction.order_id.downcase":{"wildcard":"*8530184765519*","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}],
+[2019-05-07T14:56:57,175][TRACE][index.search.slowlog.query] [elasticsearch-data9.mid.veritrans.co.id] [transactionsv3_2018-12][0] took[330.2ms], took_millis[330], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":20,"query":{"bool":{"filter":[{"terms":{"transaction.merchant_id":["12345"],"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}],
+[2019-05-07T14:54:39,788][WARN ][index.search.slowlog.query] [elasticsearch-data9.mid.veritrans.co.id] [transactionsv3_2018-11][0] took[1.2s], took_millis[1292], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":30,"query":{"bool":{"filter":[{"wildcard":{"transaction.order_id.downcase":{"wildcard":"*TKP386647437*","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}],
+[2019-05-07T14:42:29,510][WARN ][index.search.slowlog.query] [elasticsearch-data8.mid.veritrans.co.id] [transactionsv3_2018-09][1] took[1s], took_millis[1028], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":30,"query":{"bool":{"filter":[{"wildcard":{"transaction.order_id.downcase":{"wildcard":"*BL1912T1NOKHINV*","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}],
+[2019-05-07T14:24:33,982][WARN ][index.search.slowlog.query] [elasticsearch-data5.mid.veritrans.co.id] [transactionsv3_2018-10][2] took[1.1s], took_millis[1141], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":20,"query":{"bool":{"filter":[{"terms":{"transaction.merchant_id":["12345"],"boost":1.0}},{"range":{"transaction.gross_amount":{"from":88372800,"to":null,"include_lower":true,"include_upper":true,"boost":1.0}}},{"range":{"transaction.gross_amount":{"from":null,"to":88372800,"include_lower":true,"include_upper":true,"boost":1.0}}},{"term":{"transaction.currency":{"value":"IDR","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}],
+[2019-05-07T11:51:19,568][WARN ][index.search.slowlog.query] [elasticsearch-data8.mid.veritrans.co.id] [transactionsv3_2018-10][0] took[1s], took_millis[1097], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":30,"sort":[{"transaction.transaction_time":{"order":"desc"}}]}],
+[2017-09-10T12:35:53,352][WARN ][index.search.slowlog.query] [GOgO9TD] [testindex-slowlogs][1] took[197.6micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{"query":{"match":{"name":{"query":"Nariko","operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions":true,"lenient":false,"zero_terms_query":"NONE","boost":1.0}}},"sort":[{"price":{"order":"desc"}}]}],
+[2017-09-10T12:35:53,352][WARN ][index.search.slowlog.query] [GOgO9TD] [testindex-slowlogs][3] took[279.3micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{"query":{"match":{"name":{"query":"Nariko","operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions":true,"lenient":false,"zero_terms_query":"NONE","boost":1.0}}},"sort":[{"price":{"order":"desc"}}]}],
+[2017-09-10T12:35:53,352][WARN ][index.search.slowlog.query] [GOgO9TD] [testindex-slowlogs][2] took[1ms], took_millis[1], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{"query":{"match":{"name":{"query":"Nariko","operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions":true,"lenient":false,"zero_terms_query":"NONE","boost":1.0}}},"sort":[{"price":{"order":"desc"}}]}],
+[2017-09-10T12:35:53,352][WARN ][index.search.slowlog.query] [GOgO9TD] [testindex-slowlogs][4] took[370.8micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{"query":{"match":{"name":{"query":"Nariko","operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions":true,"lenient":false,"zero_terms_query":"NONE","boost":1.0}}},"sort":[{"price":{"order":"desc"}}]}],
+[2017-09-10T12:35:53,355][WARN ][index.search.slowlog.fetch] [GOgO9TD] [testindex-slowlogs][0] took[150.6micros], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{"query":{"match":{"name":{"query":"Nariko","operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions":true,"lenient":false,"zero_terms_query":"NONE","boost":1.0}}},"sort":[{"price":{"order":"desc"}}]}]
+[2018-05-21T12:35:53,352][DEBUG ][index.search.slowlog.query] [DwOfjJF] [blogpost-slowlogs][4] took[1s], took_millis[0], types[], stats[], search_type[QUERY_THEN_FETCH], total_shards[5], source[{"query":{"match":{"name":{"query":"hello world", "operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions" :true,"lenient":false,"zero_terms_query": "NONE","boost":1.0}}},"sort":[{"price": {"order":"desc"}}]}],
+[2019-05-07T23:30:00,581][TRACE][index.search.slowlog.query] [elasticsearch-data9.mid.veritrans.co.id] [transactionsv3_2018-11][0] took[419ms], took_millis[419], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"size":0,"query":{"bool":{"must":[{"match_none":{"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"transactions_settlement":{"filter":{"term":{"transaction.status":{"value":"settlement","boost":1.0}}},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}},"transactions_deny_by_fds":{"filter":{"term":{"transaction.fraud_status":{"value":"deny","boost":1.0}}},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}},"transactions_challange":{"filter":{"term":{"transaction.fraud_status":{"value":"challenge","boost":1.0}}},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}},"transactions_cancel":{"filter":{"term":{"transaction.status":{"value":"cancel","boost":1.0}}},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}},"transactions_by_status":{"terms":{"field":"transaction.status","size":10,"min_doc_count":1,"shard_min_doc_count":0,"show_term_doc_count_error":false,"order":[{"_count":"desc"},{"_term":"asc"}]},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}},"transaction_deny_by_bank":{"filter":{"bool":{"must":[{"term":{"transaction.payment_type":{"value":"credit_card","boost":1.0}}},{"term":{"transaction.status":{"value":"deny","boost":1.0}}}],"must_not":[{"term":{"transaction.fraud_status":{"value":"deny","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}},"other_payments":{"filter":{"bool":{"must":[{"term":{"transaction.status":{"value":"settlement","boost":1.0}}}],"must_not":[{"term":{"transaction.payment_type":{"value":"bank_transfer","boost":1.0}}},{"term":{"transaction.payment_type":{"value":"credit_card","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"by_payment_type":{"terms":{"field":"transaction.payment_type","size":10,"min_doc_count":1,"shard_min_doc_count":0,"show_term_doc_count_error":false,"order":[{"_count":"desc"},{"_term":"asc"}]},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}}}},"credit_card_banks":{"filter":{"bool":{"must":[{"term":{"transaction.payment_type":{"value":"credit_card","boost":1.0}}},{"term":{"transaction.status":{"value":"settlement","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"by_banks":{"terms":{"field":"acquiring_bank","size":10,"min_doc_count":1,"shard_min_doc_count":0,"show_term_doc_count_error":false,"order":[{"_count":"desc"},{"_term":"asc"}]},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}}}},"by_merchant":{"terms":{"field":"transaction.merchant_id","size":10,"min_doc_count":1,"shard_min_doc_count":0,"show_term_doc_count_error":false,"order":[{"_count":"desc"},{"_term":"asc"}]},"aggregations":{"other_payments":{"filter":{"bool":{"must_not":[{"term":{"transaction.payment_type":{"value":"bank_transfer","boost":1.0}}},{"term":{"transaction.payment_type":{"value":"credit_card","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"per_payment_type":{"terms":{"field":"transaction.payment_type","size":10,"min_doc_count":1,"shard_min_doc_count":0,"show_term_doc_count_error":false,"order":[{"_count":"desc"},{"_term":"asc"}]},"aggregations":{"settlement_amount":{"filter":{"term":{"transaction.status":{"value":"settlement","boost":1.0}}},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}},"canceled":{"filter":{"term":{"transaction.status":{"value":"cancel","boost":1.0}}}},"bank_denied":{"filter":{"bool":{"must":[{"term":{"transaction.payment_type":{"value":"credit_card","boost":1.0}}},{"term":{"transaction.status":{"value":"deny","boost":1.0}}}],"must_not":[{"term":{"transaction.fraud_status":{"value":"deny","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}}}}}},"credit_card_payments":{"filter":{"term":{"transaction.payment_type":{"value":"credit_card","boost":1.0}}},"aggregations":{"by_banks":{"terms":{"field":"acquiring_bank","size":10,"min_doc_count":1,"shard_min_doc_count":0,"show_term_doc_count_error":false,"order":[{"_count":"desc"},{"_term":"asc"}]},"aggregations":{"settlement_amount":{"filter":{"term":{"transaction.status":{"value":"settlement","boost":1.0}}},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}},"canceled":{"filter":{"term":{"transaction.status":{"value":"cancel","boost":1.0}}}},"bank_denied":{"filter":{"bool":{"must":[{"term":{"transaction.payment_type":{"value":"credit_card","boost":1.0}}},{"term":{"transaction.status":{"value":"deny","boost":1.0}}}],"must_not":[{"term":{"transaction.fraud_status":{"value":"deny","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}}}}}},"bank_transfer_payments":{"filters":{"filters":{"bca":{"bool":{"must":[{"term":{"transaction.payment_type":{"value":"bank_transfer","boost":1.0}}},{"nested":{"query":{"bool":{"must":[{"term":{"virtual_accounts.bank":{"value":"bca","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"path":"virtual_accounts","ignore_unmapped":false,"score_mode":"avg","boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"permata":{"bool":{"must":[{"term":{"transaction.payment_type":{"value":"bank_transfer","boost":1.0}}},{"nested":{"query":{"bool":{"must":[{"term":{"virtual_accounts.bank":{"value":"permata","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"path":"virtual_accounts","ignore_unmapped":false,"score_mode":"avg","boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}},"other_bucket":false,"other_bucket_key":"_other_"},"aggregations":{"settlement_amount":{"filter":{"term":{"transaction.status":{"value":"settlement","boost":1.0}}},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}},"canceled":{"filter":{"term":{"transaction.status":{"value":"cancel","boost":1.0}}}},"bank_denied":{"filter":{"bool":{"must":[{"term":{"transaction.payment_type":{"value":"credit_card","boost":1.0}}},{"term":{"transaction.status":{"value":"deny","boost":1.0}}}],"must_not":[{"term":{"transaction.fraud_status":{"value":"deny","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}}}}}},"bank_transfers":{"filters":{"filters":{"bca":{"bool":{"must":[{"term":{"transaction.payment_type":{"value":"bank_transfer","boost":1.0}}},{"term":{"transaction.status":{"value":"settlement","boost":1.0}}},{"nested":{"query":{"bool":{"must":[{"term":{"virtual_accounts.bank":{"value":"bca","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"path":"virtual_accounts","ignore_unmapped":false,"score_mode":"avg","boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"permata":{"bool":{"must":[{"term":{"transaction.payment_type":{"value":"bank_transfer","boost":1.0}}},{"term":{"transaction.status":{"value":"settlement","boost":1.0}}},{"nested":{"query":{"bool":{"must":[{"term":{"virtual_accounts.bank":{"value":"permata","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"path":"virtual_accounts","ignore_unmapped":false,"score_mode":"avg","boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}},"other_bucket":false,"other_bucket_key":"_other_"},"aggregations":{"transaction_gross_amount":{"sum":{"field":"transaction.gross_amount"}}}}}}],
+[2019-05-07T23:20:48,995][TRACE][index.search.slowlog.query] [elasticsearch-data6.mid.veritrans.co.id] [transactionsv3_2018-07][1] took[248.3ms], took_millis[248], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"size":0,"query":{"bool":{"filter":[{"terms":{"transaction.merchant_id":["12345"],"boost":1.0}},{"bool":{"filter":[{"match_none":{"boost":1.0}},{"range":{"transaction.transaction_time":{"from":null,"to":null,"include_lower":true,"include_upper":true,"boost":1.0}}},{"match":{"transaction.payment_type":{"query":"gopay","operator":"OR","prefix_length":0,"max_expansions":50,"fuzzy_transpositions":true,"lenient":false,"zero_terms_query":"NONE","boost":1.0}}},{"term":{"transaction.merchant_id":{"value":"12345","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"brand":{"sum":{"field":"transaction.real_gross_amount"}},"by_merchant":{"terms":{"field":"transaction.metadata.merchant_cross_reference_id.keyword","size":50,"min_doc_count":1,"shard_min_doc_count":0,"show_term_doc_count_error":false,"order":[{"total.value":"desc"},{"_term":"asc"}]},"aggregations":{"total":{"sum":{"field":"transaction.real_gross_amount"}}}},"goresto":{"filter":{"bool":{"filter":[{"term":{"source":{"value":"goresto_online","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"total":{"sum":{"field":"transaction.real_gross_amount"}}}}}}],
+[2019-05-07T16:14:28,385][WARN ][index.search.slowlog.query] [elasticsearch-data4.mid.veritrans.co.id] [transactionsv3_2018-08][0] took[1.1s], took_millis[1108], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"size":0,"query":{"bool":{"must":[{"term":{"transaction.payment_type":{"value":"CREDIT_CARD","boost":1.0}}},{"term":{"acquiring_bank":{"value":"MANDIRI","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"current":{"filter":{"range":{"transaction.transaction_time":{"from":"2019-05-07T04:00:00+07:00","to":"2019-05-07T16:30:00+07:00","include_lower":false,"include_upper":true,"boost":1.0}}},"aggregations":{"monitoring_successfull":{"filter":{"bool":{"should":[{"bool":{"filter":[{"terms":{"transaction.status":["CAPTURE","AUTHORIZE"],"boost":1.0}},{"bool":{"should":[{"bool":{"must":[{"terms":{"transaction.fraud_status":["accept","noscore",""],"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},{"bool":{"must_not":[{"exists":{"field":"transaction.fraud_status","boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},{"term":{"transaction.status":{"value":"SETTLEMENT","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"per_half_hour":{"date_histogram":{"field":"transaction.transaction_time","time_zone":"+07:00","interval":"30m","offset":0,"order":{"_key":"asc"},"keyed":true,"min_doc_count":0,"extended_bounds":{"min":"2019-05-07T04:00:00+07:00","max":"2019-05-07T16:30:00+07:00"}}}}},"monitoring_failed":{"filter":{"bool":{"must_not":[{"bool":{"should":[{"bool":{"filter":[{"terms":{"transaction.status":["CAPTURE","AUTHORIZE","PENDING"],"boost":1.0}},{"bool":{"should":[{"bool":{"must":[{"terms":{"transaction.fraud_status":["accept","noscore",""],"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},{"bool":{"must_not":[{"exists":{"field":"transaction.fraud_status","boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},{"term":{"transaction.status":{"value":"SETTLEMENT","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"per_half_hour":{"date_histogram":{"field":"transaction.transaction_time","time_zone":"+07:00","interval":"30m","offset":0,"order":{"_key":"asc"},"keyed":true,"min_doc_count":0,"extended_bounds":{"min":"2019-05-07T04:00:00+07:00","max":"2019-05-07T16:30:00+07:00"}}}}},"monitoring_pending":{"filter":{"term":{"transaction.status":{"value":"PENDING","boost":1.0}}},"aggregations":{"per_half_hour":{"date_histogram":{"field":"transaction.transaction_time","time_zone":"+07:00","interval":"30m","offset":0,"order":{"_key":"asc"},"keyed":true,"min_doc_count":0,"extended_bounds":{"min":"2019-05-07T04:00:00+07:00","max":"2019-05-07T16:30:00+07:00"}}}}}}},"last_week":{"filter":{"range":{"transaction.transaction_time":{"from":"2019-04-30T04:00:00+07:00","to":"2019-04-30T16:30:00+07:00","include_lower":false,"include_upper":true,"boost":1.0}}},"aggregations":{"monitoring_successfull":{"filter":{"bool":{"should":[{"bool":{"filter":[{"terms":{"transaction.status":["CAPTURE","AUTHORIZE"],"boost":1.0}},{"bool":{"should":[{"bool":{"must":[{"terms":{"transaction.fraud_status":["accept","noscore",""],"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},{"bool":{"must_not":[{"exists":{"field":"transaction.fraud_status","boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},{"term":{"transaction.status":{"value":"SETTLEMENT","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"per_half_hour":{"date_histogram":{"field":"transaction.transaction_time","time_zone":"+07:00","interval":"30m","offset":0,"order":{"_key":"asc"},"keyed":true,"min_doc_count":0,"extended_bounds":{"min":"2019-04-30T04:00:00+07:00","max":"2019-04-30T16:30:00+07:00"}}}}},"monitoring_failed":{"filter":{"bool":{"must_not":[{"bool":{"should":[{"bool":{"filter":[{"terms":{"transaction.status":["CAPTURE","AUTHORIZE","PENDING"],"boost":1.0}},{"bool":{"should":[{"bool":{"must":[{"terms":{"transaction.fraud_status":["accept","noscore",""],"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},{"bool":{"must_not":[{"exists":{"field":"transaction.fraud_status","boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},{"term":{"transaction.status":{"value":"SETTLEMENT","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"per_half_hour":{"date_histogram":{"field":"transaction.transaction_time","time_zone":"+07:00","interval":"30m","offset":0,"order":{"_key":"asc"},"keyed":true,"min_doc_count":0,"extended_bounds":{"min":"2019-04-30T04:00:00+07:00","max":"2019-04-30T16:30:00+07:00"}}}}}}}}}],
+[2019-05-06T10:11:57,783][TRACE][index.search.slowlog.query] [elasticsearch-data5.mid.veritrans.co.id] [transactionsv3_2018-09][2] took[316.7ms], took_millis[316], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":20,"query":{"bool":{"must":[{"prefix":{"transaction.order_id.downcase":{"value":"AID20213791","boost":1.0}}}],"filter":[{"terms":{"transaction.merchant_id":["12345"],"boost":1.0}},{"term":{"transaction.currency":{"value":"IDR","boost":1.0}}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}],
+[2019-05-06T17:40:30,973][TRACE][index.search.slowlog.query] [elasticsearch-data9.mid.veritrans.co.id] [transactionsv3_2018-11][0] took[214.9ms], took_millis[214], types[share], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":415,"query":{"bool":{"filter":[{"type":{"value":"share","boost":1.0}},{"bool":{"should":[{"terms":{"parent_transaction_id":["32a6c513-a848-4530-c574-aa7584c47af0","cbfb0218-bfe0-4e4e-ce5c-d988de10ac39","6ccc8df6-25b7-44ef-c48a-e05fa8632cd5","3142071a-e540-460b-c6e8-f37500ba0ae0","09c53f42-8caa-4994-c99f-33bf35760135","d3da48cb-9af9-432d-c3e8-d7d8fd9f36a6","f840fdd4-b2fc-4b60-cb0f-48719d9cfe4b","850522b7-747c-43e4-c34d-0c9ab93de19c","3e635b21-61fc-429c-c29d-655a4c633009","cde1e3a4-7d01-497f-c926-8654d9b45f51","f7a06a88-6c17-43f2-c329-0d40d402c7b9","b09e0b6c-f689-4165-c171-9750da61007c","50053453-84ec-4176-c1a7-4fc73a4655b0","4944e14e-5bb8-4633-c676-0c3dd0f5abed","53746f4b-3c7e-45b9-c5d0-94352beac2c0","7c084339-542d-4b30-cb26-5d667eee8dbc","ef4856f4-3903-411b-c1b6-47c928d8d7ba","66c8b590-ae5d-4b21-cbda-59e4520cb449","9b23cfa3-ab92-484e-c878-fd059ab87297","1649d661-1ce2-4d5c-cd01-a4db7415cc01","1ad7bb85-6cd9-447a-c49f-d0aad1da6454","0cfa280e-8303-49e5-c946-925c1d50878b","5334415b-afbd-45c7-c54c-d5c6fa81292c","176baaf4-2545-415f-c155-d4d3385767a9","9d5ab724-b417-4bae-cbfc-b93af830eeb9","39e512c6-a6e6-4913-c9b1-f6f37dbb71ab","05e35002-a480-4394-c355-903b01ec0b18","e92e1073-730f-4dee-cdda-cb0b4842f4ac","f4968be5-9acd-4b9f-cbc6-318512cb64ff","7511b3d1-31bb-4c1e-cc02-1eef530f30dd","bafd37dd-7ccc-460a-c665-dc10bce256f8","4612f4d2-abdd-474b-c7ca-a4d95b9029e2","e9ea41a2-2b8e-4435-c4fc-00608bbaef8c","6231965a-08c8-4821-c8bf-134d82bc9cbb","cfdf55f0-5450-4979-c983-fc70bbe8ce30","2c429c6a-d970-4a01-cace-88bc0d595b51","0a3e50c0-bd45-4350-c321-527e6682bf27","612e9193-73ac-4bb4-cbe9-428d2bde2597","6fd51680-e7b3-4ced-cc18-81232d4bac1c","b3334813-276d-4048-c0a6-ebcf3d038030","edbc432a-c610-435c-c305-fc0c9a5a900b","87dcf4a9-2ebb-4841-c833-29672ea9f341","b11a2798-2c9f-453f-c569-3ba90c5621ee","dfe7aec3-ab49-4db8-cd8b-f78542ce441f","5dfa0a10-89cb-40af-c0ed-b203a7e8c27d","8565611c-5f59-4fd6-cf5b-c53084854dc3","3fca2e47-a712-4f86-cf20-8ff4cb5f967e","ac24616d-32e9-474a-c7cb-1c97051544fb","c65b7741-c4e3-4483-c43f-c6182878dd5e","0e22dea6-6d68-43e7-c319-e35325f0c30b","c0dffd26-fe36-4483-c421-c814e0b366c7","d4b39da3-350c-4647-c6b5-c2d5dbc56451","22c78e39-da6e-4c15-ccf0-ed8b178384c4","2a36ac1a-de69-436a-c36b-df6f7c0bfb21","2ad0668e-cdb3-48a6-c865-d67d6407d362","ad23025a-e6bd-4086-c031-12b098c4c923","c9a29c4d-4501-4949-c973-af92a8ea327e","f1298640-3d73-495b-c940-b8656b5ef539","8965b8e8-ec0b-49fd-c9cf-16d0dd3f511d","283636e7-9beb-4767-c7a8-19563734245f","0a97019a-3489-4018-c0f0-bf2515848e1a","93e49bde-af2b-44c0-c4cd-a24772c89c2f","5a9f9bc7-88b2-4909-c98e-6e5495085dc9","dd7496d3-338f-43de-c3e1-47eee6f8c499","2917505a-a4a1-4a87-caae-55f185cd4a05","e28af173-e259-4309-c33d-105cfb1bf62b","8a61b431-aa40-4c3b-cce1-87d6614f4db1","8f2b5b03-2b81-494a-c994-069deea898da","30e3950e-632d-482e-c802-bb9775b7c82a","70676aca-d44f-4756-c75e-8401c36ecab0","ebdc9f87-8ab8-4814-c8bf-39852dd2cf6d","18021b5f-dc91-4624-c6e4-bf145ca618e0","1e7025e0-6522-4c5e-cced-db71c3611dd6","583f0603-a827-49db-c94d-10a522b48b2e","2df3cd08-1a64-4dda-cdae-5e787076c114","21afcabf-e622-415c-c15e-d2ec5f39657c","af5001c0-5e6c-4d02-cd4a-d0b3f926b3ba","6c3e1350-c30f-464f-c636-7532cb07214c","25a79fa2-d8f5-4487-c415-edb71c315c4c","edec2b61-2c44-46ca-c6c1-e571046620a2","fe2fc4f8-1084-4017-c0c4-ab7016f7c97d","4118abad-68eb-469d-c6b9-53e514fe3d68","b52e2169-caa4-41eb-c13f-2cfe5550749f"],"boost":1.0}},{"terms":{"transaction_id":["32a6c513-a848-4530-c574-aa7584c47af0","cbfb0218-bfe0-4e4e-ce5c-d988de10ac39","6ccc8df6-25b7-44ef-c48a-e05fa8632cd5","3142071a-e540-460b-c6e8-f37500ba0ae0","09c53f42-8caa-4994-c99f-33bf35760135","d3da48cb-9af9-432d-c3e8-d7d8fd9f36a6","f840fdd4-b2fc-4b60-cb0f-48719d9cfe4b","850522b7-747c-43e4-c34d-0c9ab93de19c","3e635b21-61fc-429c-c29d-655a4c633009","cde1e3a4-7d01-497f-c926-8654d9b45f51","f7a06a88-6c17-43f2-c329-0d40d402c7b9","b09e0b6c-f689-4165-c171-9750da61007c","50053453-84ec-4176-c1a7-4fc73a4655b0","4944e14e-5bb8-4633-c676-0c3dd0f5abed","53746f4b-3c7e-45b9-c5d0-94352beac2c0","7c084339-542d-4b30-cb26-5d667eee8dbc","ef4856f4-3903-411b-c1b6-47c928d8d7ba","66c8b590-ae5d-4b21-cbda-59e4520cb449","9b23cfa3-ab92-484e-c878-fd059ab87297","1649d661-1ce2-4d5c-cd01-a4db7415cc01","1ad7bb85-6cd9-447a-c49f-d0aad1da6454","0cfa280e-8303-49e5-c946-925c1d50878b","5334415b-afbd-45c7-c54c-d5c6fa81292c","176baaf4-2545-415f-c155-d4d3385767a9","9d5ab724-b417-4bae-cbfc-b93af830eeb9","39e512c6-a6e6-4913-c9b1-f6f37dbb71ab","05e35002-a480-4394-c355-903b01ec0b18","e92e1073-730f-4dee-cdda-cb0b4842f4ac","f4968be5-9acd-4b9f-cbc6-318512cb64ff","7511b3d1-31bb-4c1e-cc02-1eef530f30dd","bafd37dd-7ccc-460a-c665-dc10bce256f8","4612f4d2-abdd-474b-c7ca-a4d95b9029e2","e9ea41a2-2b8e-4435-c4fc-00608bbaef8c","6231965a-08c8-4821-c8bf-134d82bc9cbb","cfdf55f0-5450-4979-c983-fc70bbe8ce30","2c429c6a-d970-4a01-cace-88bc0d595b51","0a3e50c0-bd45-4350-c321-527e6682bf27","612e9193-73ac-4bb4-cbe9-428d2bde2597","6fd51680-e7b3-4ced-cc18-81232d4bac1c","b3334813-276d-4048-c0a6-ebcf3d038030","edbc432a-c610-435c-c305-fc0c9a5a900b","87dcf4a9-2ebb-4841-c833-29672ea9f341","b11a2798-2c9f-453f-c569-3ba90c5621ee","dfe7aec3-ab49-4db8-cd8b-f78542ce441f","5dfa0a10-89cb-40af-c0ed-b203a7e8c27d","8565611c-5f59-4fd6-cf5b-c53084854dc3","3fca2e47-a712-4f86-cf20-8ff4cb5f967e","ac24616d-32e9-474a-c7cb-1c97051544fb","c65b7741-c4e3-4483-c43f-c6182878dd5e","0e22dea6-6d68-43e7-c319-e35325f0c30b","c0dffd26-fe36-4483-c421-c814e0b366c7","d4b39da3-350c-4647-c6b5-c2d5dbc56451","22c78e39-da6e-4c15-ccf0-ed8b178384c4","2a36ac1a-de69-436a-c36b-df6f7c0bfb21","2ad0668e-cdb3-48a6-c865-d67d6407d362","ad23025a-e6bd-4086-c031-12b098c4c923","c9a29c4d-4501-4949-c973-af92a8ea327e","f1298640-3d73-495b-c940-b8656b5ef539","8965b8e8-ec0b-49fd-c9cf-16d0dd3f511d","283636e7-9beb-4767-c7a8-19563734245f","0a97019a-3489-4018-c0f0-bf2515848e1a","93e49bde-af2b-44c0-c4cd-a24772c89c2f","5a9f9bc7-88b2-4909-c98e-6e5495085dc9","dd7496d3-338f-43de-c3e1-47eee6f8c499","2917505a-a4a1-4a87-caae-55f185cd4a05","e28af173-e259-4309-c33d-105cfb1bf62b","8a61b431-aa40-4c3b-cce1-87d6614f4db1","8f2b5b03-2b81-494a-c994-069deea898da","30e3950e-632d-482e-c802-bb9775b7c82a","70676aca-d44f-4756-c75e-8401c36ecab0","ebdc9f87-8ab8-4814-c8bf-39852dd2cf6d","18021b5f-dc91-4624-c6e4-bf145ca618e0","1e7025e0-6522-4c5e-cced-db71c3611dd6","583f0603-a827-49db-c94d-10a522b48b2e","2df3cd08-1a64-4dda-cdae-5e787076c114","21afcabf-e622-415c-c15e-d2ec5f39657c","af5001c0-5e6c-4d02-cd4a-d0b3f926b3ba","6c3e1350-c30f-464f-c636-7532cb07214c","25a79fa2-d8f5-4487-c415-edb71c315c4c","edec2b61-2c44-46ca-c6c1-e571046620a2","fe2fc4f8-1084-4017-c0c4-ab7016f7c97d","4118abad-68eb-469d-c6b9-53e514fe3d68","b52e2169-caa4-41eb-c13f-2cfe5550749f"],"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}}}],

data/spec/spec_helper.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ # encoding: utf-8
2	+ require "logstash/devutils/rspec/spec_helper"

metadata ADDED Viewed

@@ -0,0 +1,101 @@
+--- !ruby/object:Gem::Specification
+name: logstash-filter-elasticsearchslowlog
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Anantha Kumaran
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2019-05-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+  name: deepsort
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.4'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  name: logstash-core-plugin-api
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-devutils
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: elasticsearch slowlog parser
+email: ananthakumaran@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- LICENSE
+- README.md
+- lib/logstash/filters/elasticsearchslowlog.rb
+- logstash-filter-elasticsearchslowlog.gemspec
+- spec/filters/elasticsearchslowlog_spec.rb
+- spec/filters/fixture_invalid.txt
+- spec/filters/fixture_source_normalized.txt
+- spec/filters/fixture_valid.txt
+- spec/spec_helper.rb
+homepage: https://github.com/ananthakumaran/logstash-filter-elasticsearchslowlog
+licenses:
+- Apache-2.0
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: filter
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key:
+specification_version: 4
+summary: elasticsearch slowlog parser
+test_files:
+- spec/filters/elasticsearchslowlog_spec.rb
+- spec/filters/fixture_invalid.txt
+- spec/filters/fixture_source_normalized.txt
+- spec/filters/fixture_valid.txt
+- spec/spec_helper.rb